Computerland, a Belgian company, shared information with the European threat intelligence community about the Quantum Locker gang's tactics, techniques, and procedures (TTPs) used in recent attacks. According to the information shared, the Quantum Locker…

A threat actor known as Luna Moth has been stealing sensitive data and extorting money from small and medium-sized businesses through the use of social engineering tactics and legitimate software. The group avoids using ransomware in favor of convincing…

Microsoft has announced that security flaws impacting a web server that has been discontinued since 2005 were used to target and compromise organizations in the energy sector. According to a report published in April by cybersecurity firm Recorded Future…

A malicious extension for Chromium-based web browsers has been discovered to be distributed by ViperSoftX, a long-standing Windows information-stealer. The rogue browser add-on was dubbed VenomSoftX by a Czech-based cybersecurity firm due to the…

Artificial Intelligence (AI) and Machine Learning (ML) systems trained on real-world data are increasingly being seen as vulnerable to attacks involving unexpected inputs to fool the systems. For example, contestants at the recent Machine Learning…

Cyberattacks impacting thousands of Australian citizens' personal data have raised awareness of the dangers of insecure digital systems. According to researchers at Flinders University, consumers want to have a more active role in building more resilient…

Electric Vehicle (EV) charging stations are vulnerable to hacks, potentially disrupting the grid or resulting in the theft of users' personal information. The consequences could be severe in the absence of significant technological upgrades, regulations…

According to the Government Accountability Office (GAO), the US Secret Service's zero-trust cybersecurity implementation plan needs to be updated. The government watchdog did, however, acknowledge the Secret Service's progress in this area. A zero-trust…

The Office of Inspector General (OIG) urged the US Department of Health and Human Services (HHS) to improve data governance, secure HHS systems, and modernize its approach to cybersecurity across the department in the 2022 edition of its annual report on…

The Department of Health and Human Services Cybersecurity Coordination Center (HC3) has issued a warning to larger, enterprise healthcare organizations about the Lorenz ransomware threat group. The human-operated campaign is well-known for going after…

Cyberattacks have succeeded by exploiting gaps in corporate Information Technology (IT) environments, endpoints, and identities through social engineering and spear-phishing. They often immediately launch persistent threats and then steal credentials to…

Security researchers at Proofpoint warn that a new red-teaming tool dubbed “Nighthawk” may soon be leveraged by threat actors.  Created in late 2021 by MDSec, the tool is best described as an advanced C2 framework, which functions like Cobalt Strike…