Avast researchers observed the recently discovered espionage group Worok abusing Dropbox API to exfiltrate data via a backdoor hidden in seemingly harmless image files. The experts began their investigation from an ESET analysis of attacks on…

As 2021 set a record for the number of vulnerabilities published and threat actors improved their ability to weaponize vulnerabilities, timely and improved prioritization and remediation of vulnerabilities should be a goal for all organizations. The US…

'Fangxiao' is a malicious for-profit organization that has established a massive network of more than 42,000 web domains that impersonate well-known brands in order to redirect users to sites promoting adware apps, dating sites, or 'free' giveaways. The…

As part of an ongoing campaign that began in March 2022, a suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies in Asian countries. Symantec linked the attacks to an adversarial group…

A dangerous new malware loader called BatLoader, with features for determining whether it is on a business system or a personal computer, has begun rapidly infecting systems worldwide. VMware Carbon Black researchers are tracking the threat, finding that…

A security vulnerability in messenger services has been discovered by an international research team led by Dr. Theodor Schnitzler of TU Dortmund University. They discovered that measuring the time it takes for a message to be delivered makes it possible…

OpenText Security Solutions surveyed 1,332 security and Information Technology (IT) professionals in the US, the UK, and Australia, finding that small and medium-sized businesses (SMBs) are concerned that geopolitical tensions will worsen ransomware…

Internet of Things (IoT) devices pose unprecedented levels of risk for exploitation. According to security experts, anything connected to the Internet is potentially hackable. Therefore, securing connected devices is a challenge that electronics…

Human error was responsible for 82 percent of cybersecurity breaches in the last year. For example, the Colonial Pipeline ransomware attack that brought down the largest fuel pipeline in the US and caused shortages resulted from a compromised password…

In less than two months, Australia experienced two of the largest personal data breaches in its history, the first involving Optus and the second involving Medibank. In both cases, the hackers attempted and failed to extort a ransom in exchange for not…

As cryptography and biometrics became more widely available, the flaws in the password authentication method became more apparent. Weak and easy-to-guess passwords are common, as the UK's National Cyber Security Center (NCSC) discovered that one in every…

According to a new cybersecurity advisory by the Cybersecurity and Infrastructure Security Agency (CISA), security teams running unpatched, internet-connected Zimbra Collaboration Suites (ZCS) should go ahead and assume compromise and take immediate…