According to the National Security Agency (NSA), Russian state-backed hackers gained access to protection by exploiting a vulnerability contained by VMware Access and VMware Identity Manager products. The exploitation of this flaw allowed attackers to…

The FBI is warning that fraudsters are increasingly exploiting the auto-forwarding feature in compromised email accounts to help conduct business email compromise scams to trick employees into sending them money under the guise of legitimate payments to…

The U.S. Homeland Security Department's Cybersecurity & Infrastructure Security Agency (CISA) released an alert highlighting a new IBM X-Force report on the increase in phishing and spear-phishing attacks against organizations in the COVID-19 vaccine…

A new obfuscation-as-a-service platform has been discovered by researchers from GoSecure, Trend Micro, and the Stratosphere Laboratory. The fully automated service platform, developed by hackers, protects mobile malware Android Packet Kits (APKs) from…

A ransomware attack against TransLink, the public transportation agency for Vancouver, Canada, occurred on December 1st.  Vancouver residents could not use their Compass metro cards or pay for new tickets via the agency's Compass ticketing kiosks.…

A team of researchers from the security firms AdvIntel and Eclypsium has announced that a new component of the TrickBot trojan now gives hackers the ability to plant a backdoor in a computer's Unified Extensible Firmware Interface (UEFI). Planting…

IBM security researchers detected a phishing campaign aimed at collecting vital information about the World Health Organization's efforts surrounding the distribution of the COVID-19 vaccine to developing countries. The threat actors behind the campaign…

Researchers have found a previously undocumented backdoor, and document stealer, which is being used by the Russian-speaking Turla advanced persistent threat espionage group.  The researchers are calling the malware "Crutch."  The malware can…

According to a recent Cisco report,  a proactive technology refresh and a well-integrated technology stack are two security practices most likely than others to help organizations create a security culture, manage top risk, prevent security…

Researchers at the University of Maryland, Baltimore County (UMBC) and the University of Michigan-Dearborn worked together to develop a technique for detecting breaches in the security of vehicular communications networks. The Controller Area Network (…

Researchers at Prevasio scanned all four million images hosted at Docker Hub, the world’s most popular repository service for Linux-based containers. They found that over half of the publicly available Docker Hub container images contain at least one…

Meet the HoTSoS 2021 Team: Program Committee Members The HoTSoS Symposium is growing every year, and with it, we have decided to expand our Program Committee this year. For the next few weeks we will be creating news items introducing different Chairs…