News
-
"New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims"At least since July 2022, a never-before-seen malware has been targeting business-grade routers to eavesdrop on victims in Latin America, Europe, and North America. The campaign, dubbed Hiatus by Lumen Black Lotus Labs, distributes two malicious binaries…
-
"Zero Trust in Zero Trust"In May of 2021, President Biden issued an executive order launching a government-wide initiative to strengthen its cybersecurity practices. The mandate required agencies to implement zero trust architectures and a cloud-based infrastructure by 2024 in…
-
"Researchers Discover 'Kill Switch' in Starlink Terminals"In December 2022, Starlink shipped software that patched a "kill switch" in its user terminals. A team of Oxford University academics and a researcher from Switzerland's Federal Office for Defense Procurement discovered the kill switch. The researchers…
-
"GAO: State Should Fully Evaluate International Partners' Capacity to Combat Cybercrime"Globally, cybercrime, including online identity theft, credit card fraud, and ransomware attacks, is increasing in number and scale. More than 840,000 cybercrime complaints were received by the FBI in 2021, with losses estimated to have reached $6.9…
-
"Four Years Later: The Impacts of Ghidra's Public Release"The National Security Agency (NSA) released Ghidra at the 2019 RSA Conference four years ago. Ghidra is a framework for software reverse engineering developed by Computer and Analytic Sciences Research. With hundreds of thousands of downloads and…
-
"Unkillable UEFI Malware Bypassing Secure Boot Enabled by Unpatchable Windows Flaw"Researchers at the security company ESET have reported the discovery of the first known case of real-world malware that can take over a computer's boot process even when Secure Boot and other advanced defenses are active and running on fully updated…
-
"557 CVEs Added to CISA’s Known Exploited Vulnerabilities Catalog in 2022"There are nearly 900 vulnerabilities in the Known Exploited Vulnerabilities (KEV) catalog maintained by the US Cybersecurity and Infrastructure Security Agency (CISA). According to researchers at VulnCheck, of the 900 vulnerabilities, 557 CVEs were…
-
"Cybercrime Marketplace Leaks Over 2.1 Million Payment Cards"Notorious carding marketplace BidenCash recently released information on more than 2.1 million credit and debit cards. Carding marketplaces also referred to as card shops, are cybercrime websites that facilitate the trading and unauthorized use of…
-
"Crooks 'Jackpot' ATMs in Latin America with New FiXS Malware"In a series of attacks across Mexico, cybercriminals have been withdrawing cash on demand through the use of FiXS, an advanced ATM malware. According to a report released by researchers at Metabase Q, the attacks employ similar methods as earlier ATM…
-
"BetterHelp Shared Users’ Sensitive Health Data, FTC Says"The online counseling service BetterHelp has recently agreed to return $7.8 million to customers to settle with the Federal Trade Commission for sharing health data it had promised to keep private, including information about mental health challenges…
-
"Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs"German industrial automation solutions provider Wago has recently released patches for several of its programmable logic controllers (PLCs) to address four vulnerabilities, including ones that can be exploited to take full control of the targeted device…
-
"Hatch Bank Becomes the Second Data Breach Victim after GoAnywhere MFT Hack"Hatch Bank, a Financial Technology (FinTech) banking platform, revealed that it faced a data breach caused by the attack on the Fortra GoAnywhere MFT file-sharing platform when the data of almost 140,000 customers was stolen. Hatch Bank discovered that…