Security news that informs and inspires

All Articles

2376 articles:

Law Enforcement Update Kills Emotet on Infected Devices

An uninstall process, pushed out to infected devices as part of the takedown of Emotet by law enforcement, has been triggered to kill the malware.

Emotet, Malware, Cybercrime, Botnet

Supply Chain Attack Hits Passwordstate Password Manager

An attacker was able to compromise the update mechanism for the Click Studios Passwordstate password manager and insert a malicious DLL that harvested victims' usernames and passwords.

Supply Chain

Majority of U.S. Government Agencies Have Launched VDPs

On the heels of a September mandate from CISA, 90 percent of cabinet-level agencies have now published a vulnerability-disclosure policy (VDP).

Government, Government Agencies, Vulnerability Disclosure, Vulnerability Management

Researchers Find New Chunk of SolarWinds Attackers’ Infrastructure

Researchers from RiskIQ have identified 18 additional C2 servers used by the APT29 attackers in their operation against SolarWinds and its customers.

Solarwinds

Prometei Botnet Tracks Down Vulnerable Exchange Servers

Yet another cryptocurrency mining malware family is attempting to compromise the Microsoft Exchange ProxyLogon flaws.

Malware, Microsoft, Cryptocurrency Malware, Botnet

CISA Finds New Attacker Using Supernova Malware on SolarWinds Orion

CISA investigated an enterprise intrusion in which the attacker had legitimate credentials for the Pulse Secure VPN and then deployed the Supernova malware on a SolarWinds Orion instance.

Solarwinds, CISA

ToxicEye Malware Leverages Telegram For C2

Researchers have uncovered a new RAT that contains data exfiltration capabilities and relies on Telegram for command-and-control (C2) communications.

Malware, Remote Access Trojan

The Hacker Movie Awards

It's Oscars season, so to celebrate the good, the bad, and the terrible in hacker movies, Zoe Lindsey, Pete Baker, and Dennis Fisher convene to hand out some fake awards for fake hacking.

Hacker Movies

New Bill Would Bar Federal Agencies From Buying Data

The Fourth Amendment Is Not For Sale Act targets loopholes in the law that permit data brokers to sell American’s private data to government agencies without a court order.

Government, Privacy, Data Privacy, Government Agencies

Chinese Attackers Target Pulse Secure Flaw in Government and Enterprise Networks

A new China-aligned threat group known as UNC2630 is using a zero day in Pulse Connect Secure VPN to breach government agencies and enterprises.

Vpn, Apt, China

Lazarus APT Cloaks Payloads With BMP Image Files

The Lazarus threat group is hiding its payloads in bitmap image (BMP) files, as seen in spear-phishing attacks targeting victims in South Korea.

Apt, Malware, Lazarus, Threat Actors

Decipher Podcast: Steve Ragan

Steve Ragan, security researcher with Akamai, joins Lindsey O’Donnell-Welch to discuss the evolution of phishing kits over the past year, and how attacks on the identity and trust model will change as employees start to go back into the office.

Podcast

China’s Big Data Boom Spurs a Flourishing Underground Economy

As part of a prosperous Chinese-language underground economy, cybercriminals are illegally monetizing big data by selling it to scammers, threat groups or even marketers.

Cybercrime, Big Data, China

More Malware Targets M1-Based Macs

A recent variant of the XCSSET malware has the capability to infect ARM M1-based Macs in addition to x86-based machines.

Macos, Apple

New Bill Would Curb the Export of Americans’ Data

The newly-proposed U.S. draft bill would introduce a license requirement for foreign companies to trade U.S. citizens’ personal information.

Data Privacy, Government, Regulation