Cisco Talos discovered a new variant of the Astaroth Trojan family that applies evasion checks and anti-analysis processes through the use of YouTube channels as its command-and-control (C&C) infrastructure. The new Astaroth attack campaign primarily…

Security researchers at Hold Security discovered that threat actors are coming up with new features for the sophisticated banking trojan that targets Google Android devices and apps called Anubis Malware.  The security researchers discovered a…

The Intelligence and National Security published a new study conducted by a multi-disciplinary team of researchers at the University of New South Wales that brings further attention to the importance of developing training programs and enforcing stricter…

Findings from a global survey recently released by Crowdstrike show that cybersecurity officials and business decision-makers are overconfident about their security during the COVID-19 pandemic. CrowdStrike's Work Security Index, based on a survey of…

Hackers from a group called Shiny Hunters have claimed to have stolen 500 GB of data from Microsoft's GitHub account.  The information stolen does not seem to include any sensitive or critical information.  The hacking group planned to sell the…

Research has shown that millions of Windows or Linux computers manufactured before 2019 are vulnerable to physical attacks through the exploitation of the Intel Thunderbolt port, which is a popular multipurpose connector. Researcher at the Eindhoven…

Group-IB's Computer Emergency Response Team (CERT-GIB) observed a significant growth in the number of phishing attacks launched last year. CERT-GIB blocked 5,939 more phishing web resources in 2019 than in 2018. According to the response team, there has…

Recently there were assault attempts on control and control systems of wastewater treatment plants, pumping stations, and sewers, according to Israel's National Cyber directorate.  In the US alone, there are an estimated 70,000 water utilities.…

Trustwave's Global OT/IoT security research team discovered security flaws in two Schneider Electric industrial control systems (ICS) products. Trustwave analysts demonstrated the possibility of malicious actors exploiting the vulnerabilities found in…

Wordfence's Threat Intelligence team has reported attempts by threat actors to exploit two security vulnerabilities in the Elementor Pro and Ultimate Addons for Elementor WordPress plugins. The abuse of these vulnerabilities can allow attackers to…

GoDaddy recently discovered a data breach that affected about 28,000 of its customers' web hosting accounts.  The company believes that no data was altered or stolen.  The security incident occurred in October 2019 but was not discovered until…

FireEye's Mandiant Security Validation team's 2020 Mandiant Security Effectiveness Report reveals that only a small percentage of attacks trigger security alerts, and more than 50% of successful intrusions go undetected by security solutions. The report…