Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday.

For almost two decades, hackers with Snake have been forcing their way into government networks. They are considered one of the most dangerous hacker groups in the world. Who they work for, though, has always been a matter of pure speculation. But reporters with the German public broadcasters BR and WDR  have discovered some clues, and they all lead to the Russian secret service FSB.

Twitter is changing its 2FA service provider after allegations emerged that it sold access to its networks to surveillance companies.

The Red Cross said the attack began on November 9 and involved an authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus.

Marsh analysis, insights, and ideas, regarding new cyber insurance policy exclusion language related to war, cyber war, cyber operations, and catastrophic risk.

Merck & Co.‘s victory in a legal dispute with insurers over coverage for $1.4 billion in losses from malware known as NotPetya is expected to force insurance policies to more clearly confront responsibility for the fallout from nation-state cyberattacks.

The year's 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems.

As early as Dec. 21, 2021, Unit 42 observed a new infection method for the highly prevalent malware family Emotet. Emotet is high-volume malware that often changes and modifies its attack patterns. This latest modification of the Emotet attack follows suit.

The FBI, NSA, and CISA warned that Russian state-sponsored intrusions will continue.

Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog, said in a technical write-up published Tuesday.

Meta will pay $90 million to settle litigation over Facebook's use of cookies to track users’ internet use even after they had logged off.

DDoS temporarily take out sites as Ukraine stares down Russian soldiers at its border.

What geopolitical standoff could this possibly be linked to?

A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software.

Apple's Airtags are an ingenious technology: they fuse every Ios device into a sensor grid that logs the location of each tag, using clever cryptography to prevent anyone but the tag's owner from pulling that information out of the system. But there are significant problems with Airtags' privacy model. Some of these are unique to Apple, others are shared by all Bluetooth location systems, including Covid exposure-notification apps and Airtag rivals like Tile.

The revelations made about the Pegasus spyware raised very serious questions about the possible impact of modern spyware tools on fundamental rights, and particularly on the rights to privacy and data protection. This paper aims to contribute to the ongoing assessment in the EU and globally of the ...

Hackers have stolen roughly $1.9 million from South Korean cryptocurrency platform KLAYswap after they pulled off a rare and clever BGP hijack against the server infrastructure of one of the platform’s providers.

We have no evidence that this incident involved any access to customer data or encrypted password vaults. Our products and services are operating normally.

Twilio recently identified unauthorized access to information related to 163 Twilio customers, including Okta.

Kimsuky is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

An Italian surveillance company is tracking people all over the world on a grand scale on behalf of its clients – including in countries with a recent history of corruption and human rights abuses. Its powerful spyware was recently found in Kazakhstan and Romania. Europe’s parliamentarians voice growing concern about an out-of-control surveillance industry and call for it to be regulated.

On March 2nd, I reported several security vulnerabilities to VMWare impacting their Identity Access Management (IAM) solution. In this blog post I will discu...

Editor’s Note: Last April, a ransomware group threatened to expose police informants and other sensitive information if the Washington, D.C. Metropolitan Police Department did not pay a demand. The brazen attack was the work of a gang known as Babuk, which in early 2021 gained a reputation for posting stolen databases on its website from victims that refused to pay a ransom. Just days after it tried to extort the Metropolitan Police Department, Babuk announced it was closing its ransomware affiliate program, and would focus on data theft and extortion instead.

Netfilter is a framework in the Linux kernel for implementing various networking-related tasks with user-defined handlers. Netfilter provides various functions for packet filtering, network address translation and port translation, and packet logging. Netfilter represents a set of hooks that allow other kernel modules to register callback functions in the kernel’s networking stack.

Over 130 organizations have been compromised in a sophisticated attack using simple phishing kits

Threat actors evade detection by adopting the Sliver command-and-control (C2) framework in intrusion campaigns.

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments.

Platform-abuse phishing is on the rise. We analyze how attackers use services such as website builders to host phishing pages.

New domains and new behavioral indicators, but malware authors stick to tried and tested architecture despite Apple’s updates.

Operating system access controls, that constrain which programs can open which files, have existed for almost as long as computers themselves. Access controls are still widely used and are more flexible and efficient when compared to cryptographically protecting files. Despite the long history, ther