Ganesh Pai, the CEO of the security analytics company Uptycs, has outlined the different ways in which MITRE ATT&CK can help organizations improve their security. MITRE ATT&CK is an objective, third-party standard that security leaders and…

Researchers at Malwarebytes have discovered that a popular barcode scanner app on Google Play was transformed into malware by adversaries.  Lavabird Ltd.'s Barcode Scanner was an Android app available on Google's official app repository for years.…

Zero-day attacks on vulnerable computer networks and cyber-infrastructure can significantly overwhelm traditional defenses, leading to billions of dollars in damage and weeks of manual work to recover systems after they have been infiltrated. A team of…

A new report released by Barracuda Networks researchers shares findings from two months of attack data analysis. The findings reveal that cybercriminals have grown more reliant on the use of automated tools to perform their attacks. According to the…

Researchers at security firm Netscout have found that DDoS-for-hire services have found a way to abuse Plex Media servers to bounce junk traffic and amplify distributed denial of service (DDoS) attacks.  The security researchers scanned the internet…

Spotify is being affected by another credential-stuffing cyberattack, just three months after the last one.  A researcher named Bob Diachenko on Thursday uncovered a malicious #Spotify logger database, with 100K+ account details (leaked elsewhere…

Instagram, TikTok, and Twitter have taken action against the hacker community called OGUsers, in which members buy and sell stolen social media accounts. Hackers affiliated with OGUsers were allegedly behind the attack faced by Twitter last year that…

Sophos researchers have reported the continued refinement of the Trojan called Agent Tesla. New evidence suggests that Agent Tesla is now capable of disabling endpoint protection. Agent Tesla emerged in 2014, spreading through spam emails with…

Researchers at the cybersecurity firm Qualys discovered a bug in the Sudo utility that affects Apple's macOS Big Sur operating system and multiple Cisco products. Administrators can use the Sudo utility to delegate root-level admin authority to specific…

Researchers at Armorblox have discovered a savvy phishing campaign that manages to evade native Microsoft security defenses and is bent on stealing Microsoft login credentials.  The phishing campaign is using Google Firebase to bypass email security…

Researchers at Claroty discovered that a substantial rise in industrial control system (ICS) vulnerabilities were disclosed in the second half of 2020. The research revealed a 33% increase in the number of disclosed ICS vulnerabilities than in the first…

The rapid transition to remote working, learning, and more, due to the COVID-19 virus spread, has sparked an increase in the use of the videoconferencing app Zoom. However, the migration has led to multiple incidents of "Zoombombing" in which uninvited…