Facebook is creating a loyalty program as part of its bug-bounty offering, hoping to incentivize researchers to find vulnerabilities in its platform.  Facebook bounty hunters will be placed into tiers by analyzing their score, signal, and the number…

The Cybersecurity Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that advanced persistent threat actors (APTs) are now leveraging Microsoft’s severe privilege-escalation flaw, dubbed “Zerologon,” to target…

The Agari Cyber Intelligence Division (ACID) published the results of a study on the operations of Business Email Compromise (BEC) attacks. These results give insight into the global footprint of BEC activity. Researchers looked at information on 9,000…

The Government Accountability Office (GAO) calls on federal regulators to increase efforts toward strengthening the security of airliners' computer systems against hackers. The agency pointed out that the Federal Aviation Administration (FAA) has not…

Vulnerability chaining is a tactic in which multiple bugs are used to compromise a network or application. According to a joint statement released by CISA and the FBI, hackers have recently applied this tactic by exploiting a combination of Windows and…

The COVID-19 crisis has sped up the adoption of cloud technologies, further emphasizing the importance of strengthening cloud security. Although more businesses are adopting cloud technologies to protect their data and networks, their processes are weak…

A coalition of tech companies headed by Microsoft has struck a serious blow against the adversaries behind the Trickbot botnet.  The researchers disrupted Trickbot through a court order they obtained and the technical action they executed in…

Several agencies with the U.S. Department of Defense (DoD) are building a  zero-trust architecture. This architecture secures IT systems by treating all users as potential threats. All users must be authenticated, and their access must be authorized…

Microsoft has identified a new strain of Android ransomware known as AndroidOS/MalLocker.B. According to Microsoft researchers, the authors of this malware have been continuously been updating it. The new variant applies various methods to circumvent the…

Two security researchers from SecNiche Security Labs were able to access the command and control (C&C) panels of Internet of Things (IoT) botnets, including Mana, Vivid, 911-Net, Purge Net, Goon, Kawaii, 0xSec. The compromise of IoT botnets' C&C…

The PCI Security Standards Council (PCI SSC) and the ATM Industry Association (ATMIA) have started to warn financial institutions of ATM cash-out attacks.   Adversaries usually insert malware via phishing or social engineering methods into a…

Sarah Freeman is senior industrial control systems cybersecurity analyst at Idaho National Laboratory (INL) who looks at the different aspects of cyberthreats facing critical infrastructure. Attacks against pipelines, transportation networks, and other…