The CTO of CTERA, Aron Brand, discusses how the ILOVEYOU virus ushered in the era of social engineering in the digital world. The digital world experienced a cyberattack in 2000 that altered the approach to cybersecurity. The ILOVEYOU worm, also known as…

Researchers have developed a Quantum Key Distribution (QKD) system based on integrated photonics that is capable of transmitting secure keys at unprecedented speeds. The proof-of-principle experiments are a significant step toward implementing this…

Dark Frost is a new botnet launching Distributed Denial-of-Service (DDoS) attacks against the gaming industry. According to a new technical analysis by Akamai security researcher Allen West, the Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and…

Security researchers at Cisco Talos and the Citizen Lab conducted a technical analysis of the commercial Android spyware named "Predator" and its loader called "Alien," detailing its data-theft capabilities and other operations. Predator is a commercial…

Attackers are using encrypted restricted-permission messages (.rpmsg) attached to phishing emails in order to steal Microsoft 365 account credentials. According to researchers from Trustwave, the campaigns are low-volume, targeted, and use trusted cloud…

The North Korea-backed threat actor Lazarus Group has made changes to its ongoing espionage campaign by exploiting known vulnerabilities in unpatched Windows IIS Web servers to launch its reconnaissance malware. AhnLab Security Response Center (ASEC)…

Researchers at Carnegie Mellon University's (CMU) Software Engineering Institute (SEI) have published a blog post explaining the concept of adversarial Machine Learning (ML) as well as examining the motivations of adversaries and what researchers are…

Researchers have discovered new malware for Industrial Control Systems (ICS), dubbed "CosmicEnergy," which could be used to disrupt critical infrastructure systems and electric grids. CosmicEnergy was discovered by researchers at Mandiant, who compared…

Sophisticated threat groups are increasingly compromising Managed Service Providers (MSPs) and launching supply chain attacks against their small and medium-sized downstream customers. The analysis of data from more than 200,000 small and medium-sized…

In 2022, the cybersecurity firm Group-IB identified nearly 3,700 different phishing kits, a 25 percent increase from 2021. A phishing kit is a collection of tools used to execute widespread phishing campaigns. Typically, threat actors manage stolen data…

Delaware's transportation department, which controls more than 90% of roads in a state with the lowest average elevation in the country, is tasked with implementing evacuation plans during high water, which is a bureaucratic nightmare considering how…

A critical Application Programming Interface (API) vulnerability in the Expo open source framework enabled the harvesting of auth credentials via the Open Authorization (OAuth) protocol. According to researchers at Salt Labs, the vulnerability, while…