A popular blogging platform called Ghost has recently discovered that adversaries gained access to its IT infrastructure and installed cryptocurrency-mining malware on it.  The intrusion occurred in the early hours of May 3rd and affected Ghost(Pro…

Recent reports show that the frequency and sophistication of data breaches are continuing to grow. Studies show that data breaches compromise an average of more than 3.8 million records every day. New research from the University of Notre Dame suggests…

Two recently disclosed critical vulnerabilities in the popular SaltStack infrastructure automation software are now being exploited by attackers to take over servers. SaltStack is a widely-used open-source Python-based framework used by IT, network, and…

Coveware's Q1 ransomware market report has revealed that the average ransomware payment has increased to $111,605 in Q1 2020, which is a 33% increase from Q4 of 2019. According to the report, 14% of ransomware attacks in Q1 2020 targeted organizations…

Researchers from IBM X-Force found that adversaries are sending fake emails designed to look like notifications from the Labor Department concerning changes to the Family and Medical Leave act, in an attempt to spread TrickBot malware.  The messages…

Oracle has recently released its April 2020 Critical Patch update, which fixed 405 flaws, including 286 that were remotely exploitable across nearly two dozen product lines. One major vulnerability named CVE-2020-2883 affected Oracle's WebLogic server,…

According to a study conducted by researchers at the U.S. Department of Energy's Pacific Northwest National Laboratory (PNNL), software vulnerabilities are more likely to be discussed on social media sites such as GitHub, Twitter, and Reddit before they…

According to the Healthcare Information Sharing and Analysis Center (H-ISAC), healthcare organizations have observed a 30% increase in coronavirus-themed phishing websites. Still, they have not seen as many successful security breaches. Although there…

One of the 13 projects chosen by the Department of Homeland Security to be a part of the National Counterterrorism Innovation, Technology, and Education (NCITE) Center is a John Jay College of Criminal Justice project. The project will study…

Researchers have discovered that Apple's iOS Mail app has two severe security vulnerabilities. The security flaws allow adversaries to remotely compromise a device by sending an email that will consume high amounts of the device's memory. The…

Security researchers at Cybereason Inc. discovered a new form of Android mobile malware, called "EventBot," which is described to be a mobile banking Trojan and infostealer. EventBot malware steals user data from financial applications such as banking,…

Researchers from Barracuda Networks, have discovered that adversaries are starting to use legitimate reCaptcha walls to disguise malicious content from email security systems.  reCAPTCHA walls are usually used to verify human users before allowing…