News
  • "Hive Ransomware Has Made $100m to Date"
    According to a new joint advisory released by the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS), the Hive ransomware variant has made its operators and affiliates around $100…
  • "Instagram Impersonators Target Thousands, Slipping by Microsoft's Cybersecurity"
    Cybercriminals used a sophisticated phishing campaign impersonating Instagram to target students at national educational institutions in the US. They used a valid domain to steal credentials, bypassing both Microsoft 365 and Exchange email protections.…
  • "PCI SSC Publishes New Standard for Mobile Payment Acceptance Solutions"
    The PCI Security Standards Council (PCI SSC) has released a new standard to help in the evolution of mobile payment acceptance solutions. PCI Mobile Payments on COTS (MPoC) expands on the existing PCI Software-based PIN Entry on COTS (SPoC) and PCI…
  • "Elastic Report: Nearly 33% Of Cyberattacks in the Cloud Leverage Credential Access"
    According to the 2022 Elastic Global Threat Report, almost 33 percent of cloud attacks use credential access, suggesting that users often overestimate the security of their cloud environments and, as a result, fail to configure and protect them…
  • "Phishing Kit Impersonates Well-Known Brands to Target US Shoppers"
    Since mid-September, a sophisticated phishing kit has been targeting North Americans with lures themed around holidays such as Labor Day and Halloween. The kit employs a variety of evasion detection techniques as well as several mechanisms to keep non-…
  • "LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities"
    LodaRAT malware has resurfaced with new variants being used in tandem with other sophisticated malware, such as RedLine Stealer and Neshta. According to Cisco Talos researcher Chris Neal, the ease of access to LodaRAT's source code makes it an appealing…
  • "Study Uncovers New Threat to Security and Privacy of Bluetooth Devices"
    Bluetooth-enabled mobile devices have been found to be vulnerable to a flaw that could allow attackers to track a user's location. The study centers on Bluetooth Low Energy (BLE), a type of Bluetooth that uses less energy than Bluetooth Classic, an…
  • "QBot Phishing Abuses Windows Control Panel EXE to Infect Devices"
    Phishing emails distributing the QBot malware are infecting computers by exploiting a Dynamic-Link Library (DLL) hijacking flaw in the Windows 10 Control Panel, most likely to avoid detection by security software. DLL hijacking is a common attack…
  • "As SaaS App Usage Soars, Consolidation and Security Concerns Drive Change"
    BetterCloud, a cloud service management company, discovered that organizations are increasingly using Software-as-a-Service (SaaS) apps, but the industry is changing due to consolidation and app security concerns. The company's 10th annual State of…
  • "Meta Reportedly Disciplined or Fired More Than Two Dozen Workers For Taking Over Facebook User Accounts"
    Meta Platforms reportedly recently fired or disciplined more than two dozen employees and contractors who allegedly compromised and took control of Facebook user accounts.  Bribery was involved in some cases.  Users who were locked out of their…
  • "Detecting and Defending Against DLL Sideloading Attacks"
    Dynamic-Link Library (DLL) sideloading, also known as DLL hijacking, often gets overlooked. However, because of their widespread nature and ease of exploit development, these flaws are valuable for digital adversaries. Many Windows services are currently…
  • "Zeus Botnet Suspected Leader Arrested in Geneva"
    Swiss authorities have recently arrested a Ukrainian national wanted by the Federal Bureau of Investigation (FBI) for 12 years for connections with a cyber-criminal group that stole millions of dollars from bank accounts using malware called Zeus.  …