Russia’s FIN7 is peddling its EDR-nerfing malware to ransomware gangs Major vendors' products scuppered by novel techniques Research18 Jul 2024 | 5
Iran's MuddyWater phishes Israeli orgs with custom BugSleep backdoor India, Turkey, also being targeted by campaign that relies on corporate email compromise Malware Month17 Jul 2024 | 11
Cyber-crime super-crew Scattered Spider falls in love with RansomHub and Qilin Extortionists left hanging after rivals crawled into the woodwork Malware Month16 Jul 2024 |
I spy another mSpy breach: Millions more stalkerware buyers exposed Infosec in brief Also: Velops routers love plaintext; everything is a dark pattern; Internet Explorer rises from the grave, and more Security15 Jul 2024 | 8
Three words to send a chill down your spine: Snowflake. Intrusion. Alert Kettle And can AI save us from the scourge of malware? In theory, why not, but in practice ... Color us skeptical CSO13 Jul 2024 | 7
IcedID henchman gets nine years in clanger for abusing malware to drain bank accounts The slippery Ukrainian national must also pay a hefty $74 million on top of the jail time Malware Month12 Jul 2024 | 7
China's APT41 crew adds a stealthy malware loader and fresh backdoor to its toolbox Meet DodgeBox, son of StealthVector Malware Month12 Jul 2024 |
Malware that is 'not ransomware' wormed its way through Fujitsu Japan's systems IT giant says data exfiltration was extremely difficult to detect Malware Month10 Jul 2024 | 8
ViperSoftX variant spotted abusing .NET runtime to disguise data theft Freeware AutoIt also used to hide entire PowerShell environments in scripts Malware Month10 Jul 2024 | 3
Houthi rebels are operating their own GuardZoo spyware Interview Fairly 'low budget', unsophisticated malware, say researchers, but it can collect the same data as Pegasus Malware Month09 Jul 2024 |
Avast secretly gave DoNex ransomware decryptors to victims before crims vanished Updated Good riddance to another pesky tribe of miscreants Malware Month08 Jul 2024 | 12
Not-so-OpenAI allegedly never bothered to report 2023 data breach security in brief Also: F1 authority breached; Prudential victim count skyrockets; a new ransomware actor appears; and more Security08 Jul 2024 | 5
Europol nukes nearly 600 IP addresses in Cobalt Strike crackdown Private sector helped out with week-long operation – but didn't touch China Malware Month04 Jul 2024 | 7
Baddies hijack Korean ERP vendor's update systems to spew malware Notorious 'Andariel' crew takes a bite of HotCroissant backdoor for fresh attack Malware Month02 Jul 2024 |
Microsoft tells yet more customers their emails have been stolen Infosec in brief Plus: US auto dealers still offline; Conti coders sanction; Rabbit R1 hardcoded API keys; and more Security01 Jul 2024 | 24
Korean telco allegedly infected its P2P users with malware KT may have had an entire team dedicated to infecting its own customers Security27 Jun 2024 | 8
Cybercrooks get cozy with BoxedApp to dodge detection Some of the biggest names in the game are hopping on the trend Research04 Jun 2024 | 2
New Nork-ish cyberespionage outfit uncovered after three years Sector-agnostic group is after your data, wherever you are Cyber-crime31 May 2024 |
Euro cops disrupt malware droppers, seize thousands of domains Operation Endgame just beginning: 'Stay tuned,' says Europol Malware Month30 May 2024 |
Suspected supply chain attack backdoors courtroom recording software An open and shut case, but the perps remain at large – whoever they are Cyber-crime24 May 2024 | 2
Germany points finger at Fancy Bear for widespread 2023 hacks, DDoS attacks Infosec in brief Also: Microsoft promises to git gud on cybersecurity; unqualified attackers are targeting your water systems, and more Security06 May 2024 | 18
Discord dismantles Spy.pet site that snooped on millions of users Updated - Infosec in brief ALSO: Infostealer spotted hiding in CDN cache, antivirus update hijacked to deliver virus, and some critical vulns Security29 Apr 2024 | 3
US House approves FISA renewal – warrantless surveillance and all Infosec in brief PLUS: Chinese chipmaker Nexperia attacked; A Microsoft-signed backdoor; CISA starts scanning your malware; and more Security15 Apr 2024 | 12
Head of Israeli cyber spy unit exposed ... by his own privacy mistake Infosec in brief Plus: Another local government hobbled by ransomware; Huge rise in infostealing malware; and critical vulns Security08 Apr 2024 | 19
Microsoft confirms memory leak in March Windows Server security update Infosec in brief ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns Security25 Mar 2024 | 11
It's 2024 and North Korea's Kimsuky gang is exploiting Windows Help files New infostealer may indicate a shift in tactics – and maybe targets too, beyond Asia Research21 Mar 2024 | 5
ChatGPT side-channel attack has easy fix: Token obfuscation Infosec in brief Also: Roblox-themed infostealer on the prowl, telco insider pleads guilty to swapping SIMs, and some crit vulns Security18 Mar 2024 | 2
Chinese PC-maker Acemagic customized its own machines to get infected with malware Tried to speed boot times, maybe by messing with 'Windows source code', ended up building a viral on-ramp Security29 Feb 2024 | 24
That home router botnet the Feds took down? Moscow's probably going to try again Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs Security28 Feb 2024 | 37
Zeus, IcedID malware kingpin faces 40 years in slammer Nearly a decade on the FBI’s Cyber Most Wanted List after getting banks to empty vics' accounts Cyber-crime16 Feb 2024 | 1
Cybercriminals are stealing iOS users' face scans to break into mobile banking accounts Deepfake-enabled attacks against Android and iPhone users are netting criminals serious cash Research15 Feb 2024 | 30
North Korea running malware-laden gambling websites as-a-service $5k a month for the site. $3k for tech support. Infection with malware and funding a despot? Priceless Cyber-crime15 Feb 2024 | 3
Bumblebee malware wakes from hibernation, forgets what year it is, attacks with macros Trying to break in with malicious Word documents? How very 2015 of you Cyber-crime14 Feb 2024 | 5
Raspberry Robin devs are buying exploits for faster attacks One of most important malware loaders to cybercrims who are jumping on vulnerabilities faster than ever Research08 Feb 2024 | 2
Chinese Coathanger malware hung out to dry by Dutch defense department Attack happened in 2023 using a bespoke backdoor, confirming year-old suspicions CSO06 Feb 2024 | 12
Interpol's latest cybercrime intervention dismantles ransomware, banking malware servers Efforts part of internationally coordinated operations carried out in recent months Cyber-crime02 Feb 2024 | 2
So, are we going to talk about how GitHub is an absolute boon for malware, or nah? Microsoft says it's doing its best to crack down on crims Research12 Jan 2024 | 23
Google password resets not enough to stop these info-stealing malware strains Updated Now every miscreant is jumping on Big G's OAuth account security hole Research02 Jan 2024 | 12
Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials Research highlights how major attacks like those exploiting Booking.com are executed Cyber-crime20 Dec 2023 | 20
Qakbot's backbot: FBI-led takedown keeps crims at bay for just 3 months Experts say malware strain make take years to die off completely Cyber-crime19 Dec 2023 | 2
NKabuse backdoor harnesses blockchain brawn to hit several architectures Novel malware adapts delivers DDoS attacks and provides RAT functionality Research15 Dec 2023 | 3
Memory-safe languages so hot right now, agrees Lazarus Group as it slings DLang malware Latest offensive cyber group to switch to atypical programming for payloads Research11 Dec 2023 | 10
CISA details twin attacks on federal servers via unpatched ColdFusion flaw Tardy IT admins likely to get a chilly reception over the lack of updates Security05 Dec 2023 | 2
US readies prison cell for another Russian Trickbot developer Hunt continues for the other elusive high-ranking members Cyber-crime01 Dec 2023 | 2
North Korea makes finding a gig even harder by attacking candidates and employers That GitHub repo an interviewer wants you to work on could be malware Cyber-crime23 Nov 2023 | 6
Novel backdoor persists even after critical Confluence vulnerability is patched Got a Confluence server? Listen up. Malware said to have wide-ranging capabilities Cyber-crime14 Nov 2023 | 1
MOVEit cybercriminals unearth fresh zero-day to exploit on-prem SysAid hosts Second novel zero-day exploited by Lace Tempest this year offers notable demonstration of skill, especially for a ransomware affiliate Cyber-crime09 Nov 2023 |
Fresh find shines new light on North Korea’s latest macOS malware Months of work reveals how this tricky malware family targets... the financial services sector Research07 Nov 2023 | 4
Mozi botnet murder mystery: China or criminal operators behind the kill switch? Middle Kingdom or self-immolation - there are a couple of theories Security01 Nov 2023 | 3
Cybercrooks amp up attacks via macro-enabled XLL files Neither Excel nor PowerPoint safe as baddies continue to find ways around protections Research01 Nov 2023 | 6
Paying for WinRAR in all the wrong ways - Russia and China hitting ancient app Incidentally, Windows 11 has native rar support now Cybersecurity Month18 Oct 2023 | 22
Malware crooks find an in with fake browser updates, in case real ones weren't bad enough Researchers say ransomware could be on the horizon if success continues Cybersecurity Month18 Oct 2023 | 2
BLOODALCHEMY provides backdoor to southeast Asian nations' secrets Sophisticated malware devs believed to be behind latest addition to toolset of China-aligned attackers Research16 Oct 2023 | 1
GoldDigger Android trojan targets Vietnamese banking apps, code contains hints of wider targets More malware scum using acessibility features to steal personal info Security06 Oct 2023 |
North Korea's Lazarus Group upgrades its main malware LightningCan evades infosec tools in new and interesting ways Cybersecurity Month04 Oct 2023 | 3
T-Mobile US exposes some customer data – but don't call it a breach Infosec in brief PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Security25 Sep 2023 | 7
Meatbag mishaps more menacing than malware? CISOs think so Company boards, on the other hand, aren't letting cybersecurity disturb their sleep as much Research06 Sep 2023 | 6
Malware loader lowdown: The big 3 responsible for 80% of attacks so far this year Top of the list to trip sensors CSO28 Aug 2023 | 6
Maker of Chrome extension with 300,000+ users tells of constant pressure to sell out Interview Anyone with sizable audience in this surveillance economy is invited to stuff their add-ons with tracking and ads Security11 Aug 2023 | 25
Undiplomatic Chinese threat actor attacks embassies and foreign affairs departments Sneaky HTML smuggling signals MustangPanda shift towards Europe, Checkpoint charges Security04 Jul 2023 | 7
Ex-FBI employee jailed for taking classified material home Infosec in brief Also: a PII harvest at Dole's server farm, military members mailed mystery smartwatches, and this week's critical vulns CSO26 Jun 2023 | 55
To kill BlackLotus malware, patching is a good start, but... ...that alone 'could provide a false sense of security,' NSA warns in this handy free guide for orgs CSO22 Jun 2023 | 4