Around March 2022, a new peer-to-peer botnet called Panchan emerged in the wild, mining cryptocurrencies on Linux computers in the education sector. Panchan is equipped with SSH worm functions such as dictionary attacks and SSH key abuse, allowing rapid…

On March 29, the FBI issued a warning about an ongoing and extensive phishing campaign aimed at US election officials. Since October 2021, attackers have attempted to obtain officials' login credentials in at least nine states by using fake invoice…

Security researchers at Digital Shadows Photon Research stated that passwordless technology might be one of the most hyped categories in cybersecurity at the moment, but the reality on the ground is that passwords are still widely entrenched and wildly…

A hacktivist group named DragonForce Malaysia has claimed responsibility for attacking and defacing at least 70 Indian government and private sector websites. According to the Times of India, the group claims the attacks are an act of retaliation for…

Splunk recently announced the release of out-of-band patches that address multiple vulnerabilities across Splunk Enterprise, including a critical issue that could lead to arbitrary code execution.  Splunk uses Splunk Enterprise deployment servers to…

A team of academic researchers from the University of Texas at Austin, the University of Illinois Urbana-Champaign, and the University of Washington have identified a new side-channel method that can allow hackers to remotely extract sensitive…

Security researchers at Imperva found that account takeover (ATO) attacks targeting the financial services sector surged 58% from April to May this year, raising fears that fraudsters are focusing more on buy now, pay later (BNPL) schemes.  The…

Security researchers at Intel 471 are warning that the post-COVID upsurge in travel has painted a bullseye on the travel industry and has spurred related cybercrimes.  The researchers have seen an uptick in adversaries targeting the theft of airline…

According to MIT researchers, analog-to-digital converters contained by smart devices, which encode real-world signals from sensors into digital values that can be processed computationally, are vulnerable to electromagnetic side-channel attacks. A…

Cloudflare has announced that it successfully mitigated a 26 million request per second (RPS) Distributed Denial-of-Service (DDoS) attack, which is the most powerful HTTPS DDoS attack to date. The attack originated from Cloud Service Providers instead of…

If cloud services weren't complicated enough for the typical business today to properly configure and secure, there's also a lesser-known layer of middleware that cloud providers run that can harbor hidden security flaws.  Researchers from Wiz.io…

On average, enterprises use almost 1,000 applications, so it's no surprise that single sign-on (SSO) has become a critical gatekeeper.  It provides ease of access and can eliminate the sprawl of usernames and passwords that haunt users and frustrate…