'Earth Longzhi,' a previously unknown Chinese Advanced Persistent Threat (APT) hacking group, targets organizations in East Asia, Southeast Asia, and Ukraine. The threat actors have been active since at least 2020, planting persistent backdoors on…

Citrix and VMware products have critical authentication-bypass vulnerabilities, threatening devices running remote workspaces with a complete takeover, the vendors have warned. Citrix's CVE-2022-27510 critical bug, with a CVSS vulnerability-severity…

A malicious package found on the Python Package Index (PyPI) was discovered using a steganographic trick to conceal malicious code within image files. According to researchers at Check Point, the package in question, named "apicolor," was uploaded to the…

The Industrial Internet of Things (IIoT) is increasingly gaining popularity due to its ability to create communication networks between various components of an industry and usher in the new Industry 4.0 revolution. IIoT, powered by wireless 5G…

Sensors collect and share large amounts of data to help decision-makers in an increasingly connected and smart world. Through these sensors, people receive ever-increasing amounts of data in ways that can be difficult to decipher. A group of researchers…

The winners of the 2022 Bring Down Counterfeiting Public Policy Hackathon, held November 5 at the Homeland Security Investigations Innovation Lab in Arlington, were announced by George Mason University's Terrorism, Transnational Crime and Corruption…

Security researchers Dtex conducted a study on the top insider risk trends for 2022 and discovered that twelve percent of all employees take sensitive intellectual property (IP) with them when they leave an organization. Some of the IP taken from…

The 'Justice Blade' threat actor group published leaked data from Smart Link BPO Solutions, an outsourcing Information Technology (IT) vendor that works with major enterprises and government agencies in Saudi Arabia and other Gulf Cooperation Council (…

According to guidance recently released by the National Security Agency (NSA) and the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), software suppliers have unique responsibilities to maintain the efficient…

A cyberattack over the weekend is causing county offices across the state of Arkansas to go offline or temporarily close.  Each affected county is using the company Apprentice Information Systems (AIS) for its online servers.  The Rodgers based…

The US Department of Health and Human Services' Cybersecurity Coordination Center (HC3) issued a warning about the threat posed by Iranian nation-state actors to the healthcare sector. In June 2021, the FBI foiled an Iranian-backed cyberattack on Boston…

Security researchers at the threat response unit (TRU) at eSentire have found that between the end of February and mid-July 2022, 81 victim organizations were listed on the BlackByte and Black Basta data leak sites.  Of those, 41% were based in…