Armorblox researchers disclosed a phishing scam targeting a major North American online brokerage company where a victim started off on a legitimate Zoom and then ended up getting their Microsoft credentials stolen after landing on a fake Microsoft…

The Vultur Trojan steals bank credentials and tries to gain more permissions to do additional damage. A malicious two-factor authentication (2FA) app has been removed from Google Play after being available for over two weeks. While it was available, it…

Researchers at the South Korean Gwangju Institute of Science and Technology (GIST) have developed a new way to improve digital security, which involves using silk as a security key. In a paper titled, "Revisiting silk: a lens-free optical physical…

New research from managed detection and response (MDR) provider Expel found that most ransomware attacks in 2021 were self-installed.  The finding was included in the company’s inaugural annual report called  Great eXpeltations.  …

The FBI this week issued a private industry notification to warn organizations about the malicious activities conducted by an Iranian cyber company named Emennet Pasargad.   FBI noted that in addition to its election-focused operation, Emennet…

The authors of BotenaGo have uploaded the malware's source code to GitHub for other criminals to use as is or develop new variants. In November 2021, cybersecurity researchers at AT&T Alien Labs first discovered BotenaGo, which leverages more than 30…

Security researchers have released details of Mac malware called DazzleSpy, which is capable of performing malicious activities such as key-logging, accessing the microphone, and taking screenshots. The malware was used in a watering hole attack against…

The Linux version of the LockBit ransomware has been discovered targeting VMware ESXi virtual machines. Virtual machines are increasingly being used to conserve computer resources, consolidate servers, and facilitate backups, resulting in ransomware…

On Wednesday, the White House released its federal zero trust strategy, requiring agencies to meet certain cybersecurity standards and objectives by the end of fiscal year 2024.  The strategy builds upon the executive order signed by President Joe…

Security researchers at NortonLifeLock have found that online trackers can capture up to 80% of users' browsing histories, with the practice far more pervasive than previously realized. The researchers analyzed online advertising trackers from October to…

​Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers.

Qualys researchers warn of a 12-year-old memory-corruption bug in Polkit's pkexec tool, which impacts every major Linux distribution. According to the researchers, the exploitation of the vulnerability, tracked as CVE-2021-4034, allows any unprivileged…