An Iranian-aligned hacking group is using a new phishing technique involving multiple personas and email accounts to trick targets into thinking an email conversation is genuine. The attackers send an email to the targets while CCing another email…

FishPig, a UK-based company that creates extensions for the popular Magento open-source e-commerce platform, has announced that malware was injected into its paid software offerings after its distribution server was compromised. According to Sansec…

In February 2021, a Linux variant of a backdoor called SideWalk was used to target a Hong Kong university, demonstrating the implant's cross-platform capabilities. The malware was detected in the university's network by ESET researchers, which attributed…

Dr. Keke Chen, Northwestern Mutual Data Science Institute Associate Professor of Computer Science at Marquette University's Klingler College of Arts and Sciences, has been awarded a $600,000 National Science Foundation (NSF) grant to explore confidential…

The FBI warns of hundreds of vulnerabilities in widely used medical devices that could enable cyberattacks. The FBI's Internet Crime Complaint Center (IC3) identified an increasing number of vulnerabilities posed by unpatched medical devices running on…

SentinelOne has released a report on intermittent encryption, a new method used by a few ransomware groups. Intermittent encryption encrypts every x bytes in files rather than encrypting selected complete files. As a result, intermittent encryption…

Hackers are using a phishing method called Browser-in-the-Browser (BITB) to obtain Steam user credentials. The BITB attack involves the creation of false browser windows inside the open window, which are then disguised as sign-in pop-up pages for…

A survey conducted by Gartner finds that many international companies are actively attempting to reduce the number of cybersecurity vendors they rely on in their technology stacks. In total, 75 percent of organizations surveyed by Gartner expressed…

Arctic Wolf Labs' cybersecurity researchers have issued a warning about CVE-2022-29499, a Remote Code Execution (RCE) vulnerability discovered in Mitel MiVoice VoIP appliances that is being exploited by the Lorenz ransomware gang threat actor to attack…

PsExec assists administrators in remotely executing processes on network machines without the need to install a client. However, threat actors have also adopted the tool, often using it in the post-exploitation stages of an attack to spread across the…

The US moving and storage rental company U-Haul has experienced a data breach as a result of an unauthorized person gaining access to an unspecified number of rental contracts, according to Amerco, U-Haul's parent company. The number of impacted…

According to a new report, 80 percent of organizations have had at least one severe cloud security incident in the last year, and 41 percent believe cloud native services increase complexity, complicating security efforts. However, the study conducted by…