News
-
"Emotet Tops Malware Charts in December After Reboot"Check Point researchers recently found that the Emotet Trojan bounced back from fifth place on the malware charts in November to now back at the top. The Emotet Trojan accounts for 7% of malware infections globally after a spam campaign targeted… -
"FBI Warns of Egregor Attacks on Businesses Worldwide"The FBI is warning companies in the private sector of an increase of attacks using the Egregor ransomware. The malware has already compromised more than 150 organizations. Egregor is spread through phishing emails with malicious attachments,… -
"Malspam Campaign Spoofs Email Chains to Install IcedID Info-Stealer"The Unit 42 threat research team at Palo Alto Networks shared details about a new phishing campaign operated by the cybercriminal group TA551, also known as Shathak. TA551 is well known for its distribution of malware, such as Ursnif, Valak, and IcedID,…
-
"Credit Card Data of 10,000 American Express Accounts Posted on Darknet Forum for Free"The threat intelligence analyst Bank Security has brought attention to the leakage of data belonging to over 10,000 American Express Mexico-based credit cardholders by a threat actor on an underground hacking forum. The same threat actor also claimed to… -
"Vulnerabilities in Fortinet WAF Can Expose Corporate Networks to Attacks"Fortinet has released advisories about potentially serious vulnerabilities found in its FortiWeb Web Application Firewall (WAF). According to Andrey Medov, the lead security researcher at Positive Technologies who discovered the vulnerabilities, the… -
"Hackers Target Cryptocurrency Users With New ElectroRAT Malware"The security firm Intezer Labs discovered a malware operation in which cybercriminals have created fake cryptocurrency apps containing a new malware strain called ElectroRAT, written in the open-source programming language Go. The campaign was found in…
-
"PayPal Users Targeted in New SMS Phishing Campaign"A new SMS-based phishing campaign is going around that attempts to steal PayPal user's account credentials and other sensitive information, according to researchers BleepingComputer. The SMS text message impersonates the popular payment processor… -
"Google Warns of Critical Android Remote Code Execution Bug"Google's Android security update was recently released and addressed 43 bugs overall affecting Android handsets, including Samsung phones. One critical-severity flaw fixed with this security update was CVE-2021-0316. This flaw was a… -
Pub Crawl #45Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers.
-
"NSA Releases Guidance on Obsolete Encryption Tools"The National Security Agency (NSA) released guidance for the Department of Defense, other U.S. federal government agencies, and supporting contractors on the replacement of obsolete Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols…
-
SoS Musings #44 - Industrial Robots and CybersecuritySoS Musings #44 - Industrial Robots and Cybersecurity
-