Ionut Arghire

Starting on February 1, 2019, a number of DNS software and service providers will cease implementing DNS resolver workarounds for systems that don’t follow...

An Iran-linked cyber-espionage group responsible for widespread theft of data is using a broad range of custom and off-the-shelf tools, FireEye security researchers say. 

Microsoft Exchange 2013 and newer versions allow an attacker to escalate privileges when performing a NT LAN Manager (NTLM) relay attack, a security researcher...

Law enforcement agencies in the United States and Europe today announced the seizure of xDedic, an underground online marketplace selling access to hacked servers...

The seizure of several websites offering distributed denial of service (DDoS) for hire services has allowed authorities to track down and take action against...

The commercial Total Donations plugin for WordPress is impacted by multiple zero-day vulnerabilities that are being actively exploited in attacks, Wordfence security researchers report. 

In addition to employing a fileless attack technique, the Ursnif Trojan has been using CAB files to compress harvested data before exfiltration in recent...

Infamous "Cobalt" hacking group has been using Google App Engine for the delivery of malware through PDF decoy documents, Netskope’s security researchers say. 

Threat actors conducting Remote Desktop Protocol (RDP) attacks are increasingly using network tunneling and host-based port forwarding to bypass network protections, FireEye reports. 

Data leak vulnerabilities in Ghostscript could allow an attacker to take over a routine and even execute commands on systems, Google Project Zero researcher...

Spam campaigns that have active during the last several months have been distributing the Redaman banking malware, Palo Alto Networks security researchers say. 

A group of United States Senators have written a letter to the Washington Metropolitan Area Transit Authority (WMATA) to express safety and security concerns...

A recently discovered PDF exploit used steganography to hide malicious JavaScript code in images embedded in PDF files, according to exploit analysis firm EdgeSpot.

Apple this week released new updates for iOS and macOS users to address tens of security vulnerabilities and other bugs in the two platforms.

A remote code execution vulnerability was recently discovered in APT, the high level package manager used in many Linux distributions. 

Nearly 100,000 malware distribution websites have been identified and taken down over the course of 10 months as part of an abuse.ch project called...

Free and open Certificate Authority (CA) Let’s Encrypt today started the process of completely retiring TLS-SNI-01 validation support. 

The newly announced Act to Strengthen Identity Theft Protections in North Carolina proposes that ransomware attacks be treated as data breaches.

The DarkHydrus threat group has added new functionality to the payloads used in recent attacks and is also leveraging Google Drive for command and...

Web applications can exploit browser extensions to access privileged capabilities and steal sensitive user information, including credentials, a researcher has discovered.