Encrypted & Fileless Malware Sees Big Growth
An analysis of second-quarter malware trends shows that threats are becoming stealthier. [...]
An analysis of second-quarter malware trends shows that threats are becoming stealthier. [...]
A former medical records tech stole PII that was then used to fraudulently claim DoD and VA benefits, particularly targeting disabled veterans. [...]
Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA. [...]
Experts say the detection delay of 17 months is a colossal security blunder by the retailer. [...]
The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipients. [...]
First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks. [...]
This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild. [...]
RFID gun tags leave the military exposed to tracking, sniffing and spoofing attacks, experts say. [...]
Jason Kent, hacker-in-residence at Cequence Security, discusses how to track user-agent connections to mobile and desktop APIs, to spot malicious activity. [...]
Access to heart monitors disabled by the attack allegedly kept staff from spotting blood & oxygen deprivation that led to the baby's death. [...]
The group uses millions of password combos at the rate of nearly 2,700 login attempts per minute with new techniques that push the ATO envelope. [...]
Researchers have demonstrated that someone could use a stolen, locked iPhone to pay for thousands of dollars of goods or services, no authentication needed. [...]
Move over REvil, Ragnar Locker, BlackMatter, Conti et al: Three lesser-known gangs account for the vast majority of ransomware attacks in the U.S. and globally. [...]
Certificate misconfigurations of the EAP protocol in Eduroam (and likely other networks globally) threaten Android and Windows users. [...]
The NSA and CISA issued recommendations on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks. [...]
Apple's personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS. [...]
The mobile malware has fleeced hundreds of millions of dollars from victims globally, using sophisticated techniques. [...]
The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software. [...]
Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks. [...]
A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others. [...]
Dave Stewart, Approov CEO, lays out six best practices for orgs to avoid costly account takeovers. [...]
The BloodyStealer trojan helps cyberattackers go after in-game goods and credits. [...]
A 'nearly impossible to analyze' version of the malware sports a bootkit and 'steal-everything' capabilities. [...]
UPDATE: Indicators of compromise are now available. The unredacted RCE exploit released on Monday allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service. [...]
Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence. [...]