Researchers at Mandiant have observed a threefold growth in USB malware attacks. In a blog post, Mandiant describes two espionage campaigns, the first of which involves malware called SOGU. The company identifies SOGU malware as one of the most prevalent…

According to recently published research, cloud computing technologies pose significant cybersecurity risks to federal agencies and other organizations that do not adapt their processes and workforce to the cloud paradigm. In its report, the Cyber…

The source code for the BlackLotus UEFI bootkit has recently been shared publicly on GitHub, albeit with several modifications compared to the original malware.  The bootkit is designed specifically for Windows and emerged on hacker forums in…

Networking appliances maker Juniper Networks recently announced software updates that patch multiple high-severity vulnerabilities in Junos OS, Junos OS Evolved, and Junos Space.  The company published 17 advisories detailing roughly a dozen Junos…

The All-In-One Security (AIOS) WordPress plugin was recently found to be logging plaintext passwords from login attempts.  Installed on over one million WordPress sites, the security and firewall plugin was designed to prevent cyberattacks such as…

Bard, Google's Artificial Intelligence (AI)-powered content generator, will readily compose phishing emails upon request and, under the right prompting, can generate basic ransomware code. Researchers at Check Point note that this places Bard behind its…

As the inaugural cohort of the Catalyst Fellowship program at Rogers Cybersecure Catalyst, six researchers and cybersecurity experts from Toronto Metropolitan University (TMU) and the private sector are bridging the divide between academia and industry…

According to security researchers at Barracuda Networks, global email-based extortion scams are the work of just a small group of fraudsters.  The researchers teamed up with Columbia University to analyze over 300,000 extortion emails tracked by the…

The threat of cyberattacks against K-12 school districts has sparked concerns among staff and brought further attention to the need to increase technological resources. These are the findings of a recent study published in the Journal of Cybersecurity…

This year could be another record breaker for data compromise following 951 publicly reported incidents in the second quarter, the Identity Theft Resource Center (ITRC) has warned.  The ITRC has been tracking publicly reported data breaches and…

PyLoose, a new fileless malware, has been targeting cloud workloads to use their computational resources in order to mine Monero cryptocurrency. PyLoose is a Python script with a precompiled, base64-encoded XMRig miner, an abused open source tool that…

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), two security vulnerabilities affecting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models could be exploited for Remote Code Execution (RCE) and…