The inception bar: a new mobil web phishing method
Wordpress plugins are constantly under attacks
Docker Hub got hacked
Beapy is the new EternalBlue
Microsoft drop password expiration from Windows 10
TA505 target banks with LOLbins and ServHelper
Someone has been quietly pilfering Ethereum (ETH) cryptocurrency worth millions of dollars without anyone noticing or, apparently, caring.
DNS over HTTPS (DoH), backed by Google, Mozilla and Cloudflare, is about to make web surveillance a lot more difficult.
Part One, Part Two and Part Three of CARBANAK Week are behind us. In this final blog post, we dive into one of the more interesting tools that is part of the CARBANAK toolset. The CARBANAK authors wrote their own video player and we happened to come across an interesting video capture from CARBANAK of a network operator...
by Marco Dela Vega, Jeanne Jocson and Mark Manahan Over the years, Emotet, the banking malware discovered by Trend Micro in 2014, has continued to be a prevalent and costly threat. The United States government estimates that an Emotet incident takes an organization US $1 million to remediate.
Ever-changing Qbot trojan has been spotted in a fresh campaign with a new “context aware” delivery technique.
From a G7 meeting of interior ministers in Paris this month, an "outcome document": Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when it is removed or hosted on IT servers located abroad...
Researchers detect a new drive-by download attack in which Google Sites' file cabinet template is a delivery vehicle for malware.
What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.
The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware.
The information includes data on all rehab treatments and procedures, linked with patients' names and other info.
China-based app maker ignored repeated warnings by researchers that its password database - stored in plain text - was accessible to anyone online.
For the last month, an unknown individual or group has been sharing data and hacking tools belonging to Iranian hacker group APT34.
At the patent's heart is the technique through which PayPal claims it can detect ... Cryptostalker would stop the file writing process and alert the system owner. ... The patent's author is former PayPal Chief Technology of CyberSecurity
WannaCry hero Hutchins now officially a convicted cybercriminal
An ongoing campaign, active since 2017, has been stealing credentials via global DNS hijacking attacks.
The Israel offices of US cyber-security firm Verint have been hit by ... Infrastructure] services," read a warning message that was displayed earlier today .
A new powerful rootkit-enabled spyware operation has been discovered wherein hackers are distributing multifunctional malware disguised as cracked software or trojanized app posing as legitimate software like video players, drivers and even anti-virus products. While the rootkit malware—dubbed Scranos—which was first discovered late last year
Facebook admits “supply chain data leak” in new Oculus headsets
The Apache Software Foundation (ASF) has released new versions of its Tomcat application server to address an important security vulnerability that could allow a remote attacker to execute malicious code and take control of an affected server.
