Security Experts:

long dotted


A new piece of macOS malware linked to the North Korean hacking group Lazarus employs in-memory execution of payloads. [Read More]
A Lamborghini-driving Moscow hacker who called his operation Evil Corp and has ties to the FSB Russian intelligence service was indicted by US authorities for the cybertheft of tens of millions of dollars. [Read More]
Researchers at Malwarebytes have discovered what they describe as 'a rash of skimmers' on Heroku, a cloud platform owned by Salesforce. [Read More]
A new Python-based RAT named PyXie has been used in campaigns targeting many industries. [Read More]
Federal officials are considering requiring that all travelers — including American citizens — be photographed as they enter or leave the country as part of an identification system using facial-recognition technology. [Read More]
A destructive wiper dubbed ZeroCleare and linked to Iran has been used in attacks targeting the energy and industrial sectors in the Middle East. [Read More]
The website of American gunmaker Smith & Wesson was hacked by a Magecart group that likely gained access after exploiting a known Magento vulnerability. [Read More]
A vulnerability dubbed 'StrandHogg' has been exploited by malicious Android apps and hundreds of popular applications are at risk of being targeted. [Read More]
RevengeHotels cybercrime campaign has targeted at least 20 hotels in Latin America and Europe. [Read More]
A worldwide law enforcement operation has resulted in the Imminent Monitor Remote Access Trojan (IM-RAT) being taken down completely. [Read More]


rss icon

Justin Fier's picture
The origin story of Mimikatz — a post-exploitation module that has enabled criminals to steal millions of passwords around the world — reads like an over-the-top spy thriller.
Josh Lefkowitz's picture
The abundance of compromised card data and other assets available online continues to hinder the fight against card-not-present (CNP) fraud.
Alastair Paterson's picture
Cybercriminals rely on tried and trusted methods for phishing; as long as there is even a four percent chance that phishing techniques will be successful, they will continue to use them.
Stan Engelbrecht's picture
The current state of automated teller machine (ATM) security is far from optimal, but the unique security challenges around ATMs make improvements difficult.
Justin Fier's picture
Against the ongoing backdrop of cyber conflict between nation states and escalating warnings from the Department of Homeland Security, critical infrastructure is becoming a central target for threat actors.
Preston Hogue's picture
There have been so many high-profile breaches that a person’s entire life could be laid out, triangulated and, ultimately, faked by someone with the wrong set of intentions.
Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Alastair Paterson's picture
As we continue to gear up for an increase in shopping this holiday season, remember that attackers continue to innovate and update their training and skills regularly.