Online Security

An “aggressive” financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware …

A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind the operation to harvest and exfiltrate …

Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research. The findings come from an …

The Metropolitan Police Department (MPD) of the District of Columbia has become the latest high-profile government agency to fall victim to a ransomware attack. The Babuk Locker gang claimed in …

Researchers from the University of Minnesota apologized to the maintainers of Linux Kernel Project on Saturday for intentionally including vulnerabilities in the project’s code, which led to the school being …

A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users’ machines that have Homebrew installed. The …

Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a software supply chain attack. The Adelaide-based firm said a …

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. “Prometei exploits the recently disclosed Microsoft Exchange …

The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so …

Today there are plenty of cybersecurity tools on the market. It is now more important than ever that the tools you decide to use work well together. If they don’t, …

For most organizations today, endpoint protection is the primary security concern. This is not unreasonable – endpoints tend to be the weakest points in an environment – but it also …

A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple’s new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET …

People talk about the cybersecurity job market like it’s a monolith, but there are a number of different roles within cybersecurity, depending not only on your skill level and experience …

A high-level manager and systems administrator associated with the FIN7 threat actor has been sentenced to 10 years in prison, the U.S. Department of Justice announced Friday. Fedir Hladyr, a …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service (DoS) …

Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive …

Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. Dubbed SMASH (Synchronized MAny-Sided Hammering), the technique …

Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of …