Douglas McKee, director of vulnerability research at Trellix, struggled to extract passwords from a medical patient-monitor device that he was probing for vulnerabilities. The GPU password-cracking tool he had used to lift the layers of credentials…

Cybercriminals are scamming each other and using arbitration to settle disputes about the scams. Sophos experts investigated two Russian-language cybercrime forums with Access-as-a-Service (AaaS) listings, as well as an English-language cybercrime forum…

An unusual data exfiltration method uses a previously unknown covert channel to leak sensitive data from air-gapped systems. According to Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center at Ben Gurion University of the Negev…

In supply chain attacks affecting organizations in Israel, Hong Kong, and South Africa, the Iranian Agrius Advanced Persistent Threat (APT) hacking group is employing a new 'Fantasy' data wiper. The campaign began in February and reached its peak in…

A large blindspot in front of an approaching autonomous vehicle's LiDAR system can be created by shining expertly timed lasers. This attack can hide moving pedestrians and other obstacles. A group of researchers from the University of Florida, the…

Satellites and the space-based services they provide are critical to modern society, as they support telecommunications, the Global Positioning System (GPS), and accessible Internet connections for millions of people worldwide. In space, security is a…

The US is engaged in a quiet but potentially devastating intelligence, cyber, and information war, with China, Russia, Iran, and North Korea posing the greatest threats to national security. That was the topic of a webinar hosted by Arizona State…

Searching the Internet can expose information that a user would prefer to keep private. For example, when someone searches for medical symptoms online, they may be disclosing their health conditions to Google, an online medical database such as WebMD,…

Cybersecurity solutions provider Fortinet recently announced patches for multiple vulnerabilities across its products, including a high-severity authentication bypass impacting FortiOS and FortiProxy.  Tracked as CVE-2022-35843 (CVSS score of 7.7),…

Over half (54 percent) of those who participated in Immuta's third annual State of Data Engineering Survey say one of their biggest challenges is securing data with appropriate access rights. While nearly 60 percent believe their organizations should…

Zerobot is a new Go-based botnet that has been observed in the wild spreading by exploiting nearly two dozen security flaws in Internet of Things (IoT) devices and other software. According to Fortinet FortiGuard Labs researcher Cara Lin, the botnet…

The cybersecurity firm Trellix has released its annual threat predictions report for 2023. Trellix Advanced Research Center forecasts an increase in geopolitically motivated attacks across Asia and Europe, as well as hacktivism driven by tensions between…