informa

News

Trickbot Injections Get Harder to Detect & Analyze
The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.
January 24, 2022
The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.
by Jai Vijayan, Contributing Writer
January 24, 2022
5 min read
Article
REvil Ransomware Gang Arrests Trigger Uncertainty, Concern in Cybercrime Forums
Threat actors from Eastern Europe seen expressing some concern about Russia being a safe place for them to continue operating, researchers say.
January 21, 2022
Threat actors from Eastern Europe seen expressing some concern about Russia being a safe place for them to continue operating, researchers say.
by Jai Vijayan, Contributing Writer
January 21, 2022
4 min read
Article
Researchers Discover Dangerous Firmware-Level Rootkit
MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI).
January 20, 2022
MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI).
by Jai Vijayan, Contributing Writer
January 20, 2022
5 min read
Article
FireEye & McAfee Enterprise Renamed as Trellix
Symphony Technology Group announces a name for the newly merged company, which aims to become a leader in extended detection and response (XDR).
January 19, 2022
Symphony Technology Group announces a name for the newly merged company, which aims to become a leader in extended detection and response (XDR).
by Kelly Sheridan, Senior Editor
January 19, 2022
2 min read
Article
Nigerian Police Arrest 11 Individuals in BEC Crackdown
More than 50,000 targets around the world have been affected by the business email compromise scams, Interpol reports.
January 19, 2022
More than 50,000 targets around the world have been affected by the business email compromise scams, Interpol reports.
by Jai Vijayan, Contributing Writer
January 19, 2022
5 min read
Article
Revamped Community-Based DDoS Defense Tool Improves Filtering
Team Cymru updates its Unwanted Traffic Removal Service (UTRS), adding more granular controls and greater ranges of both IPv4 and IPv6 addresses.
January 19, 2022
Team Cymru updates its Unwanted Traffic Removal Service (UTRS), adding more granular controls and greater ranges of both IPv4 and IPv6 addresses.
by Robert Lemos, Contributing Writer
January 19, 2022
5 min read
Article
When Patching Security Flaws, Smarter Trumps Faster
Just turning the patch dial to "high" is not enough, and if your company is using the Common Vulnerability Scoring System (CVSS) to prioritize software patching, you are doing it wrong.
January 19, 2022
Just turning the patch dial to "high" is not enough, and if your company is using the Common Vulnerability Scoring System (CVSS) to prioritize software patching, you are doing it wrong.
by Robert Lemos, Contributing Writer
January 19, 2022
4 min read
Article
Microsoft Details Recent Damaging Malware Attacks on Ukrainian Organizations
"WhisperGate" malware was used to overwrite Master Boot Record and other files to render systems inoperable at several organizations in Ukraine, Microsoft says.
January 18, 2022
"WhisperGate" malware was used to overwrite Master Boot Record and other files to render systems inoperable at several organizations in Ukraine, Microsoft says.
by Jai Vijayan, Contributing Writer
January 18, 2022
4 min read
Article
Researchers Explore Hacking VirusTotal to Find Stolen Credentials
VirusTotal can be used to collect large amounts of credentials without infecting an organization or buying them online, researchers found.
January 18, 2022
VirusTotal can be used to collect large amounts of credentials without infecting an organization or buying them online, researchers found.
by Kelly Sheridan, Senior Editor
January 18, 2022
4 min read
Article
US Search for Vulnerabilities Drives 10x Increase in Bug Reports
Cross-site scripting and broken access controls continued to be the top classes of vulnerabilities researchers discovered, according to Bugcrowd's annual vulnerability report.
January 18, 2022
Cross-site scripting and broken access controls continued to be the top classes of vulnerabilities researchers discovered, according to Bugcrowd's annual vulnerability report.
by Robert Lemos, Contributing Writer
January 18, 2022
4 min read
Article
Russia Takes Down REvil Ransomware Operation, Arrests Key Members
Timing of the move has evoked at least some skepticism from security experts about the country's true motives.
January 14, 2022
Timing of the move has evoked at least some skepticism from security experts about the country's true motives.
by Jai Vijayan, Contributing Writer
January 14, 2022
5 min read
Article
White House Meets With Software Firms and Open Source Orgs on Security
The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.
January 14, 2022
The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.
by Robert Lemos, Contributing Writer
January 14, 2022
5 min read
Article
New Vulnerabilities Highlight Risks of Trust in Public Cloud
Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services.
January 13, 2022
Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services.
by Robert Lemos, Contributing Writer
January 13, 2022
4 min read
Article
Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking
The vulnerability was patched this week in Microsoft's set of security updates for January 2022.
January 13, 2022
The vulnerability was patched this week in Microsoft's set of security updates for January 2022.
by Jai Vijayan, Contributing Writer
January 13, 2022
5 min read
Article
New Cyberattack Campaign Uses Public Cloud Infrastructure to Spread RATs
An attack campaign detected in October delivers variants of Nanocore, Netwire, and AsyncRATs to target user data.
January 12, 2022
An attack campaign detected in October delivers variants of Nanocore, Netwire, and AsyncRATs to target user data.
by Kelly Sheridan, Senior Editor
January 12, 2022
5 min read
Article