Regner Sabillon, a doctoral student at the Open University of Catalonia (UOC), has published a book titled "Cyber Security Auditing, Assurance, and Awareness Through CSAM and CATRAM," which has been praised by the US website BookAuthority as the best new…

Last month, Google's Threat Analysis Group revealed an ongoing campaign, targeting security researchers. It was revealed that the North Korean state-sponsored hacking group known as the Lazarus Group is behind the campaign. According to Google, the…

Ganesh Pai, the CEO of the security analytics company Uptycs, has outlined the different ways in which MITRE ATT&CK can help organizations improve their security. MITRE ATT&CK is an objective, third-party standard that security leaders and…

Researchers at Malwarebytes have discovered that a popular barcode scanner app on Google Play was transformed into malware by adversaries.  Lavabird Ltd.'s Barcode Scanner was an Android app available on Google's official app repository for years.…

Zero-day attacks on vulnerable computer networks and cyber-infrastructure can significantly overwhelm traditional defenses, leading to billions of dollars in damage and weeks of manual work to recover systems after they have been infiltrated. A team of…

A new report released by Barracuda Networks researchers shares findings from two months of attack data analysis. The findings reveal that cybercriminals have grown more reliant on the use of automated tools to perform their attacks. According to the…

Researchers at security firm Netscout have found that DDoS-for-hire services have found a way to abuse Plex Media servers to bounce junk traffic and amplify distributed denial of service (DDoS) attacks.  The security researchers scanned the internet…

Spotify is being affected by another credential-stuffing cyberattack, just three months after the last one.  A researcher named Bob Diachenko on Thursday uncovered a malicious #Spotify logger database, with 100K+ account details (leaked elsewhere…

Instagram, TikTok, and Twitter have taken action against the hacker community called OGUsers, in which members buy and sell stolen social media accounts. Hackers affiliated with OGUsers were allegedly behind the attack faced by Twitter last year that…

Sophos researchers have reported the continued refinement of the Trojan called Agent Tesla. New evidence suggests that Agent Tesla is now capable of disabling endpoint protection. Agent Tesla emerged in 2014, spreading through spam emails with…

Researchers at the cybersecurity firm Qualys discovered a bug in the Sudo utility that affects Apple's macOS Big Sur operating system and multiple Cisco products. Administrators can use the Sudo utility to delegate root-level admin authority to specific…

Researchers at Armorblox have discovered a savvy phishing campaign that manages to evade native Microsoft security defenses and is bent on stealing Microsoft login credentials.  The phishing campaign is using Google Firebase to bypass email security…