-
"Strike Force: Why Ransomware Groups Feel the Need for Speed"The faster cryptocurrency-locking malware can encrypt a victim's files and delete the originals, the less likely the attack will be detected and stopped. Furthermore, the less time it takes to carry out an attack, the more victims a malicious actor can…
-
"Three Iranian Nationals Charged with Engaging in Computer Intrusions and Ransomware-Style Extortion Against US Critical Infrastructure Providers"The US has charged three Iranian nationals with allegedly orchestrating a scheme to hack into multiple US victims' computer networks. In order to access and steal data and information from victims' computer systems, the defendants' hacking campaign took…
-
"CISA Directs Critical Infrastructure Organizations to Prepare for Post-Quantum Cryptography"The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) published guidelines that critical infrastructure organizations should follow to transition smoothly to post-quantum cryptography standards. These standards…
-
"Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs"In a September Patch Tuesday update, Microsoft addressed a pair of zero-day vulnerabilities, including a Local Privilege-Escalation (LPE) flaw that is being actively exploited in the wild. Furthermore, Microsoft revealed three separate critical…
-
"Organizations Falling Short in Addressing Security Risks"
Ninety percent of IT security leaders believe their organizations are failing to address cybersecurity risks. According to research conducted by Foundry, this perception stems from various issues, including convincing all or parts of their organization…
-
"WordPress Plugin Vulnerability Leaves Sites Open to Total Takeover"
The security firm WordFence warns of an actively exploited flaw in a widely used WordPress plugin that could leave websites completely vulnerable to hackers. WPGateway is a paid plugin that allows WordPress users to manage their websites from a single…
-
"Hackers Now Use 'Sock Puppets' for More Realistic Phishing Attacks"An Iranian-aligned hacking group is using a new phishing technique involving multiple personas and email accounts to trick targets into thinking an email conversation is genuine. The attackers send an email to the targets while CCing another email…
-
"Attackers Mount Magento Supply Chain Attack by Compromising FishPig Extensions"
FishPig, a UK-based company that creates extensions for the popular Magento open-source e-commerce platform, has announced that malware was injected into its paid software offerings after its distribution server was compromised. According to Sansec…
-
"SparklingGoblin APT Hackers Using New Linux Variant of SideWalk Backdoor"
In February 2021, a Linux variant of a backdoor called SideWalk was used to target a Hong Kong university, demonstrating the implant's cross-platform capabilities. The malware was detected in the university's network by ESET researchers, which attributed…
-
"Marquette Computer Science Professor Receives NSF Funding for Confidential Computing Solutions"Dr. Keke Chen, Northwestern Mutual Data Science Institute Associate Professor of Computer Science at Marquette University's Klingler College of Arts and Sciences, has been awarded a $600,000 National Science Foundation (NSF) grant to explore confidential…
-
"FBI Warns of Vulnerabilities in Medical Devices Following Several CISA Alerts"The FBI warns of hundreds of vulnerabilities in widely used medical devices that could enable cyberattacks. The FBI's Internet Crime Complaint Center (IC3) identified an increasing number of vulnerabilities posed by unpatched medical devices running on…
-
"Ransomware Makes Use of Intermittent Encryption to Bypass Detection Algorithms"
SentinelOne has released a report on intermittent encryption, a new method used by a few ransomware groups. Intermittent encryption encrypts every x bytes in files rather than encrypting selected complete files. As a result, intermittent encryption…
News