An Israeli university is being blackmailed by hackers. However, they aren't just after money but are looking to send a political message — and maybe something more.
Event organizers should be exercising various cyberattack scenarios to ensure they have the proper checks and balances in place to respond accordingly and maintain resilience.
Google has mounted a massive takedown, but Dragonbridge's extensive capabilities for generating and distributing vast amounts of largely spammy content calls into question the motivation behind the group.
The group has been operating for over a year, promoting their tools in hacking forums, stealing credit card information, and using typosquatting techniques to target open source software flaws.
The SolarMarker group is exploiting a vulnerable WordPress-run website to encourage victims to download fake Chrome browser updates, part of a new tactic in its watering-hole attacks.
The release augments the company's Kubernetes management platform with free, user-friendly insight on security postures, along with cost monitoring and observability.
Opswat says its new tool uses neural networks to protect critical environments through AI-assisted asset discovery, network visibility, and risk management.
A sweeping effort to prevent a raft of targeted cybercrime groups from posting ransomware victims' data publicly is hampering their operations, causing outages.
Penetration testing not only serves to triage and validate other defect discovery activities, it informs risk management activities, such as threat modeling and secure design.
The operators of the emerging cross-platform ransomware BianLian increased their command and control infrastructure this month, indicating an acceleration in their operational pace.
The phishing campaign deploying a ScanBox reconnaissance framework has targeted the Australian government and companies maintaining wind turbines in the South China Sea.
The cybercriminal crew has used 15 malware families to target travel and hospitality companies globally, constantly changing tactics over the course of its four-year history.
Four serious security issues on the popular appliance could be exploited by hackers with any level of access within the host network, Bitdefender researchers say.
As the market for initial access brokers matures, services like Genesis — which offers elite access to compromised systems and slick, professional services — are raising the bar in the underground economy.
A global network of inauthentic news sites present themselves as independent news outlets, offering content favoring China's government and articles critical of the US.
Phishing operators are taking advantage of security bugs in the Amex and Snapchat websites (the latter is unpatched) to steer victims to phishing pages looking to harvest Google and Microsoft logins.
Attackers are turning to stolen credentials and posing as trusted applications to socially engineer victims, according to Google study of malware submitted to VirusTotal.
By dynamically mirroring an organization’s login page, threat actors are propagating legitimate-looking phishing attacks that encourage victims to offer up access to the corporate crown jewels.
Two previously unknown critical vulnerabilities within FileWave’s multiplatform MDM system could grant malicious actors access to the platform's most privileged user account.
The ever-evolving threat from phishing is growing more sophisticated as attackers design high-pressure situations and leverage ever-more-convincing social engineering tactics to increase their success rates.
The cyber campaign, aimed at siphoning funds, uses an improved version of the malware, which can adjust infection paths based on recognized antivirus software.
The LAPSUS$ group emerged with a big splash at the end of 2021, targeting companies, including Okta, with a "reckless and disruptive" approach to hacking.
Major supply chain attacks have had a significant impact on software security awareness and decision-making, with more investment planned for monitoring attack surfaces.
Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing.
Businesses receive an invoice via email with a credit card charge and are asked to call a fake number and hand over personal information to receive a refund.
Cybersecurity insurance costs are rising, and insurers are likely to demand more direct access to organizational metrics and measures to make more accurate risk assessments.
Improper implementations of authentication APIs at a global crypto wallet service provider could have resulted in the loss of account control — and millions of dollars — from personal and business accounts.
The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.
An unauthenticated remote code execution vulnerability found in Zoho’s compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows.
The malware has been in circulation since 2020, with sophisticated, advanced malicious actors taking advantage of the vulnerabilities in SOHO routers as the work-from-home population expands rapidly.
Multiple cybercrime groups have been spotted selling stolen credentials and other sensitive personal information pilfered from travel-related websites.
The Japanese-language Panchan botnet has been discovered stealing SSH keys from Linux servers across Asia, Europe, and North America, with a focus on telecom and education providers.
The malware is using spreadsheets, documents, and other types of Microsoft Office attachments in a new and improved version that is often able to bypass email gateway-security scanners.
The new ransomware strain Black Basta is now actively targeting VMware ESXi servers in an ongoing campaign, encrypting files inside a targeted volumes folder.
Login
FreshRSS