A new variant of the credential-stealing Zaraza malware has been collecting web browser login credentials from Google Chrome, Microsoft Edge, Opera, and Brave. Researchers warn that the threat actors behind the malware are using Telegram servers as their…

The latest individual CyberForce Program competition led by Argonne National Laboratory, a US Department of Energy (DOE) national laboratory, challenged college-aged students to solve anomalies in a seven-hour cyber sprint. Cameron Whitehead of the…

The COVID-19 pandemic increased the use of Internet of Things (IoT) devices for telehealth purposes. However, using smart speakers to share sensitive personal health information for telehealth purposes may pose a cybersecurity and privacy risk, which the…

Cybersecurity researchers at ESET have discovered that the RedLine information stealer’s operations have recently been disrupted after the takedown of GitHub repositories used by the malware’s control panels.  A piece of commodity malware active…

Researchers have discovered a new QBot malware campaign using compromised business communications to trick victims into installing the malware. Since April 4, 2023, the most recent activity has primarily targeted users in Germany, Argentina, Italy,…

A year ago, Apple introduced a new feature called Lockdown Mode for iPhone users who feared being targeted by sophisticated spyware, such as journalists and human rights activists. Researchers have now discovered evidence that Lockdown Mode helped thwart…

Security researchers at Proofpoint have warned of a 12-fold increase in reporting of so-called "conversational scams" like pig butchering last year, making them the fastest growing threat to mobile users in 2022.  The researchers stated that such…

The National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA) have collaborated to publish a joint Cybersecurity Advisory (CSA) report on the tactics,…

Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS), and Email-as-a-Service (EaaS) have unique security considerations. The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (…

Samsung has prohibited some uses of ChatGPT, while Ford and Volkswagen have shut down their self-driving car company, and a letter calling for a halt to the training of more powerful Artificial Intelligence (AI) systems has received over 25,000…

MuddyWater, an Iranian threat actor, continues its time-tested practice of using legitimate remote administration tools to seize control of targeted systems. While the nation-state group previously used ScreenConnect, RemoteUtilities, and Syncro, a new…

Active Directory (AD) remains the predominant source of Identity and Access Management (IAM) in the enterprise, making it the target of numerous attacks. There are multiple attack techniques and attack vectors that hackers use to target AD. Different…