North Korea's Lazarus Group upgrades its main malware LightningCan evades infosec tools in new and interesting ways Cybersecurity Month04 Oct 2023 | 3
T-Mobile US exposes some customer data – but don't call it a breach Infosec in brief PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Security25 Sep 2023 | 9
Meatbag mishaps more menacing than malware? CISOs think so Company boards, on the other hand, aren't letting cybersecurity disturb their sleep as much Research06 Sep 2023 | 6
Malware loader lowdown: The big 3 responsible for 80% of attacks so far this year Top of the list to trip sensors CSO28 Aug 2023 | 6
Maker of Chrome extension with 300,000+ users tells of constant pressure to sell out Interview Anyone with sizable audience in this surveillance economy is invited to stuff their add-ons with tracking and ads Security11 Aug 2023 | 25
Undiplomatic Chinese threat actor attacks embassies and foreign affairs departments Sneaky HTML smuggling signals MustangPanda shift towards Europe, Checkpoint charges Security04 Jul 2023 | 7
Ex-FBI employee jailed for taking classified material home Infosec in brief Also: a PII harvest at Dole's server farm, military members mailed mystery smartwatches, and this week's critical vulns CSO26 Jun 2023 | 55
To kill BlackLotus malware, patching is a good start, but... ...that alone 'could provide a false sense of security,' NSA warns in this handy free guide for orgs CSO22 Jun 2023 | 4
Over 100,000 compromised ChatGPT accounts found for sale on dark web UPDATED Cybercrooks hoping users have whispered employer secrets to chatbot Cyber-crime20 Jun 2023 | 26
Data leak at major law firm sets Australia's government and elites scrambling BlackCat attack sparks injunction preventing coverage of purloined docs Security20 Jun 2023 | 24
Hijacked S3 buckets used in attacks on npm packages Cybercrooks use abandoned AWS storage tool to deliver malware Storage19 Jun 2023 | 7
Microsoft: Russia sent its B team to wipe Ukrainian hard drives WhisperGate-spreading Cadet Blizzard painted as haphazard but dangerous crew Research16 Jun 2023 | 10
Last of the Gozi 3 sentenced over Windows info-stealing malware ops Banking trojan still going strong as feds put bulletproof hosting point man behind bars Cyber-crime13 Jun 2023 |
Google puts $1M behind its promise to detect cryptomining malware If the chocolate factory's scans don't stop the miners, customers don't foot the bill Security08 Jun 2023 | 4
Qbot malware adapts to live another day … and another … Operators stay ahead of defenders with new access methods and C2 infrastructure Research05 Jun 2023 | 3
Australian cyber-op attacked ISIL with the terrifying power of Rickrolling Commanders in the field persuaded to give up, let their guard down, run around and desert their posts Security05 Jun 2023 | 10
Meet TeamT5, the Taiwanese infosec outfit taking on Beijing and defeating its smears Living in the eye of the geopolitical storm is not easy, but is good for business Security05 Jun 2023 | 2
This malicious PyPI package mixed source and compiled code to dodge detection Oh cool, something else to scan for Security02 Jun 2023 | 11
Ukraine war blurs lines between cyber-crims and state-sponsored attackers This RomCom is no laughing matter Cyber-crime01 Jun 2023 | 5
Spotted: Suspected Russian malware designed to disrupt Euro, Asia energy grids Updated For simulation or for real, we don't like the vibes from this CosmicEnergy Research25 May 2023 | 8
This legit Android app turned into mic-snooping malware – and Google missed it File-stealing nasty in my Play store? Preposterous!!1 Cyber-crime24 May 2023 | 19
Google settles location tracking lawsuit for only $39.9M in brief Also, more OEM Android malware, Google's bug reports (mostly) ditch CVEs, and this week's critical vulns Security22 May 2023 | 7
Ransomware-as-a-service groups rain money on their affiliates Qilin gang crims can earn up to 85 percent of extortion cash, or jail Cyber-crime17 May 2023 | 4
No more macros? No problem, say miscreants, we'll adapt Microsoft blocking 'net scripts sparked 'monumental shift' in attacks CSO15 May 2023 | 10
Millions of mobile phones come pre-infected with malware, say researchers Black Hat Asia The threat is coming from inside the supply chain Cyber-crime11 May 2023 | 50
EU proposes spyware Tech Lab to keep Big Brother governments in check Potential roles for IT pros and lawyers, European city location included Security09 May 2023 | 7
Russia's APT28 targets Ukraine government with bogus Windows updates Nasty emails designed to infect systems with info-stealing malware Cyber-crime02 May 2023 | 4
How fiends abuse an out-of-date Microsoft Windows driver to infect victims It's like those TV movies where a spy cuts a wire and the whole building's security goes out Research24 Apr 2023 | 16
Microsoft, Fortra are this fed up with cyber-gangs abusing Cobalt Strike Oh, sure, let's play a game of legal and technical whack-a-mole Cyber-crime10 Apr 2023 | 8
April brings tulips, taxes ... and phisherfolk scammers Tactical#Octopus: Don't let users click on that zip file Research03 Apr 2023 | 6
AlienFox malware caught in the cloud hen house Malicious toolkit targets misconfigured hosts in AWS and Office 365 Security30 Mar 2023 |
So you want to integrate OpenAI's bot. Here's how that worked for software security scanner Socket Exclusive Hint: Hundreds of malicious npm and PyPI packages spotted Devops30 Mar 2023 | 23
Do you use comms software from 3CX? What to do next after biz hit in supply chain attack Miscreants hit downstream customers with infostealers Cyber-crime30 Mar 2023 | 25
Another year, another North Korean malware-spreading, crypto-stealing gang named Mandiant identifies 'moderately sophisticated' but 'prolific' APT43 as global menace Spotlight on RSA30 Mar 2023 | 2
Malware disguised as Tor browser steals $400k in cryptocash Beware of third party downloads Security30 Mar 2023 |
Unknown actors deploy malware to steal data in occupied regions of Ukraine If this is Kyiv's work, Russia can Crimea river Security22 Mar 2023 | 25
BianLian ransomware crew goes 100% extortion after free decryptor lands No good deed goes unpunished, or something like that Cyber-crime19 Mar 2023 | 7
Refreshed from its holiday, Emotet has gone phishing Notorious botnet starts spamming again after a three-month pause Research09 Mar 2023 | 2
Alert: Crims hijack these DrayTek routers to attack biz Workaround: Throw away kit? Hope there's a patch? Security08 Mar 2023 | 4
Frankenstein malware stitched together from code of others disguised as PyPI package Crime-as-a-service vendors mix and match components as needed by client Research03 Mar 2023 | 3
It's official: BlackLotus malware can bypass Secure Boot on Windows machines The myth 'is now a reality' Security01 Mar 2023 | 44
PlugX RAT masquerades as legit Windows debugger to slip past security DLL side-loading does the trick, again Security01 Mar 2023 | 3
Microsoft grows automated assault disruption to cover BEC, ransomware campaigns There’s no HumOR in cyberattacks Security24 Feb 2023 | 9
Suspected Russian NLBrute malware boss extradited to US Dariy Pankov accused of infiltrating systems, selling tool and passwords to other miscreants Cyber-crime23 Feb 2023 | 9
Cry Havoc and let slip dogs of war ... there's an upgraded malware server in town ThreatLabz finds free alternative to Cobalt Strike and other tools used in the wild Security17 Feb 2023 | 2
LockBit's Royal Mail ransom deadline flies by. No data released in brief Also: Russian wiper malware authors turn to data theft, plus this week's critical vulns Cyber-crime13 Feb 2023 | 9
Have we learned anything from SolarWinds supply chain attacks? From frameworks to new federal offices, it's time to get busy Security05 Feb 2023 | 26
Microsoft swears it's not coming for your data with scan for old Office versions Don't mind us, we'll just have a quick look for unsupported installs and then disappear, we pwoooomise Software03 Feb 2023 | 77
Fast-evolving Prilex POS malware can block contactless payments ... forcing users to insert their cards into less-secure PIN systems Research03 Feb 2023 | 16
Malvertising attacks are distributing .NET malware loaders The campaign illustrates another option for miscreants who had relied on Microsoft macros Research02 Feb 2023 | 7
Gootloader malware updated with PowerShell, sneaky JavaScript Perhaps a good time to check for unwelcome visitors Cyber-crime30 Jan 2023 | 5
Microsoft closes another door to attackers by blocking Excel XLL files from the internet More of them used by baddies since Redmond blocked VBA macros Research25 Jan 2023 | 6
Microsoft took its macros and went home, so miscreants turned to Windows LNK files Adapt or die Research23 Jan 2023 | 6
Been hit by BianLian ransomware? Here's your get-out-of-jail-free card Avast issues a free decryptor so victims can get their data back Security18 Jan 2023 | 3
Microsoft applies coat of Rust to Azure Sphere IoT platform The hope? To grease the security skids for internet-connected devices – and they need all the help they can get Edge + IoT13 Jan 2023 | 9
Dridex malware pops back up and turns its attention to macOS Malware testers spot attempt to attack Macs. But (try not to weep for the bad guys) there are still compatibility issues with MS exe files Research06 Jan 2023 | 6
Zerobot malware now shooting for Apache systems Upgraded threat, time to patch Security22 Dec 2022 | 11
Godfather malware makes banking apps an offer they can’t refuse No horse heads in beds...that we know of Security22 Dec 2022 | 7
Cisco’s Talos security bods predict new wave of Excel Hell Criminals have noticed that spreadsheet's XLL files add custom functionality - including malware Security21 Dec 2022 | 16
IT security teams, business execs still not on same page In brief Also: Guri the air-gap guru strikes again, while pro-Ukraine hackers set up a proxy network in Russia Security12 Dec 2022 | 6
Legit Android apps poisoned by sticky 'Zombinder' malware Sure, go ahead and load APKs instead of using an app store. You won't enjoy the results Research09 Dec 2022 | 25
Want to detect Cobalt Strike on the network? Look to process memory Security analysts have tools to spot hard-to-find threat, Unit 42 says Security06 Dec 2022 |