Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
A vulnerability in Box's implementation of multi-factor authentication (MFA) allowed attackers to take over accounts without needing access to the target's phone. [Read More]
The sudden move by Russia's top law enforcement agency to conduct a very public takedown of the REvil ransomware operation has set tongues wagging about how diplomacy may hold the key to slowing big-game ransomware attacks. [Read More]
Newly detected WhisperGate malware being used by previously unknown threat group in cyberattacks against Ukraine [Read More]
Security researchers document vulnerabilities in AWS CloudFormation and AWS Glue that could be abused to leak sensitive files and access other customer’s data. [Read More]
Russia on Friday said it cracked down on the infamous REvil hacking group, and it was reportedly done at the request of the United States. [Read More]
Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel proposes strengthening rules around telecom providers’ reporting of data breaches. [Read More]
The disruption of Maryland’s reporting of COVID-19 data last month was caused by a ransomware attack. [Read More]
Adversarial AI – or the use of artificial intelligence and machine learning within offensive cyber activity – comes in two flavors: attacks that use AI and attacks against AI. [Read More]
CYBERCOM shares details and malware attributed to the Iran-linked threat actor MuddyWater. [Read More]
Apple ships iOS fix for a persistent HomeKit denial-of-service flaw but only after an independent researcher publicly criticized the company for ignoring his discovery. [Read More]
FEATURES, INSIGHTS // Malware
The origin story of Mimikatz — a post-exploitation module that has enabled criminals to steal millions of passwords around the world — reads like an over-the-top spy thriller.
The truth is that quite a lot of malware is developed by an organization—an actual office of people that show up and spend their working day writing malware for a paycheck.
When ransomware strikes, there aren’t many options for response and recovery. Essentially, you can choose your own adventure and hope for the best.
History shows that, in security, the next big thing isn’t always an entirely new thing. We have precedents—macro malware existed for decades before it really became a “thing.”
The FUD crypter service industry is giving a second life to a lot of old and kind-of-old malware, which can be pulled off the shelf by just about anybody with confused ethics and a Bitcoin account.
Cryptojacking malware grew from impacting 13% of all organizations in Q4 of 2017 to 28% of companies in Q1 of 2018, more than doubling its footprint.
A study found that over 98 percent of malware making it to the sandbox array uses at least one evasive tactic, and 32 percent of malware samples making it to this stage could be classified as “hyper-evasive".
The cost of electricity has led some to take shortcuts in the search for power sources - individuals and organizations are now being breached by cyber-criminals seeking to take advantage of corporate infrastructures.
Historical patterns and recent activity indicate that another major Necurs malware outbreak is looming just around the corner.
It remains to be seen whether more legitimate web operations will embrace the approach, but you can count on illegitimate and malicious use of cryptomining to grow robustly.
Get the Daily Briefing
- Slim.AI Raises $31 Million to Secure Cloud-Native Applications
- Apple Pays Out $100,000 for Webcam, User Account Hacking Exploit
- Polkit Vulnerability Provides Root Privileges on Linux Systems
- Europe's Hypocrisy Over Personal Data Privacy Exposed
- Two More Poles Identified as Victims of Hacking With Spyware
- SonicWall Customers Warned of Possible Attacks Exploiting Recent Vulnerability
- New macOS Malware 'DazzleSpy' Used in Hong Kong Attacks
- UK's NCSC Pushes NMAP Scanner Scripts to Fill Defender Gap
- PrinterLogic Patches Code Execution Flaws in Printer Management Suite
- Hunters Raises $68 Million for Its SecOps Platform
Copyright © 2022 Wired Business Media. All Rights Reserved. Privacy Policy