Researchers warn two critical bugs impacting multiple QNAP firmware versions are under active attack. [...]

Enlarge (credit: Getty Images ) Tens of thousands of US-based organizations are running Microsoft Exchange servers that have been backdoored by threat actors who are stealing administrator passwords and exploiting critical vulnerabilities in the email and calendaring application, it was widely reported. Microsoft issued emergency patches on Tuesday, but they …

Enlarge (credit: Przemyslaw Klos / EyeEm / Getty Images ) A new type of supply chain attack unveiled last month is targeting more and more companies, with new rounds this week taking aim at Microsoft, Amazon, Slack, Lyft, Zillow, and an unknown number of others. In weeks past, Apple, Microsoft, Tesla, and …

Website admins should patch all plugins, WordPress itself and back-end servers as soon as possible. [...]

A new variant of the Gafgyt botnet - that's actively targeting vulnerable D-Link and Internet of Things devices - is the first variant of the malware to rely on Tor communications, researchers say. [...]

The Russian-speaking RTM threat group is targeting organizations in an ongoing campaign that leverages a well-known banking trojan, brand new ransomware strain and extortion tactics. [...]

Full dumps of email boxes, lateral movement and backdoors characterize sophisticated attacks by a Chinese APT - while more incidents spread like wildfire. [...]

Emails spreading the ObliqueRAT malware now make use of steganography, disguising their payloads on compromised websites. [...]

The Ryuk scourge has a new trick in its arsenal: Self-replication via SMB shares and port scanning. [...]

This is weird : Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving …

A snapshot of the 2020 mobile threat landscape reveals major shifts toward adware and threats to online banks. [...]

Gootloader has expanded its payloads beyond the Gootkit malware family, using Google SEO poisoning to gain traction. [...]

COVID-19 impacted volumes for the year, but the U.S. moved into third place on the list of countries most infected by stalkerware. [...]

From TrickBot to Ryuk, more malware cybercriminal groups are putting their heads together when attacking businesses. [...]

Vietnam joins the ranks of governments using spyware to crack down on human-rights defenders. [...]

The malicious extension, FriarFox, snoops in on both Firefox and Gmail-related data. [...]

Quickbooks malware targets tax data for attackers to sell and use in phishing scams. [...]

The hotly anticipated GeForce RTX 3060, a ray-tracing-friendly, advanced gaming graphics chip, will also throttle Ethereum mining. [...]

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time. The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender …

A major Finnish IT provider has been hit with a ransomware attack that has forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures. Norwegian business journal E24 reported the attack on Espoo, Finland-based TietoEVRY on Tuesday, claiming to …

Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files. From a ZDNet article : Today, developers at small or large companies use package managers to download and import libraries that are then assembled …

Enlarge (credit: Jayson Photography / Getty Images ) A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, which are still trying to understand precisely what it does and what purpose its self-destruct capability serves. Once an hour, infected Macs check a …

A second malware that targets Macs with Apple's in-house M1 chip is infecting machines worldwide -- but it's unclear why. [...]

However, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation. [...]

Latest Apple Platform Security update folds iOS, macOS and hardware into security 2021 roadmap. [...]