New research has shown that hackers have been aggressively and successfully targeting universities engaged in COVID-19 research.  The most recent victim is the University of California, San Francisco.  UCSF has been conducting important virus…

Researchers from BlackBerry and KPMG have reported a newly discovered form of Java-based ransomware, called Tycoon. The new Tycoon ransomware strain is deployed as a Trojanized Java Runtime Environment (JRE). It is compiled into a Java image file (JIMAGE…

The IT services giant Conduent recently faced a ransomware attack that impacted its European operations. Conduent provides services, including human resources and payments infrastructure for most Fortune 100 companies and more than 500 governments.…

The Senate Commerce Committee has approved the Cybersecurity Competitions to Yield Better Efforts to Research the Latest Exceptionally Advanced Programs, or Cyber LEAP Act of 2020, which aims to set up cybersecurity competitions across the US that will…

Researchers at WordFence have found that a million different WordPress sites have received malicious requests designed to shake loose their wp-config.php files over the past month.  The researchers believe that these attacks were orchestrated using…

According to new data from the mobile technology company Upstream, the number of malicious Android Apps detected in the first quarter of 2020 doubles the number discovered last year during the same period. The company's Secure-D platform identified more…

A study conducted by Beazley Breach Response (BBR), found that over 70 percent of ransomware attacks reported by the company's customers in 2018 targeted small-to-medium-sized businesses (SMBs). Researchers believe that SMBs are at a higher risk of being…

Human-operated ransomware continues to grow more intense. In addition to worrying about system disruption, file encryption, and exposure, one may now have to decide whether to pay the demanded ransom or face having their stolen files sold in an online…

The proposed Internet of Things Cybersecurity Improvement Act of 2019 would require connected devices sold to the federal government to meet certain cybersecurity requirements. The Cyberspace Solarium Commission released a new white paper, calling for…

Researchers at a security pen-testing company called Citadelo found that VMware’s VMware Cloud Director has a security flaw that could be exploited to compromise multiple customer accounts using the same cloud infrastructure.  The vulnerability was…

Amtrak, the national rail service for the US, has suffered a data breach.   A third party got unauthorized access to some Amtrak Guest Rewards accounts on the evening of April 16.  Researchers discovered that the adversary used compromised…

ForAllSecure, a Carnegie Mellon University startup, developed a tool called Mayhem that examines software to find security flaws. The U.S. Air Force, Navy, and Army, as well as the internet infrastructure company Cloudflare uses Mayhem as a part of their…