Kategorie

Ransomware is not a new attack vector. In fact, the first malware of its kind appeared more than 30 years ago and was distributed via 5.25-inch floppy disks. To pay the ransom, the victim had to mail money to a P.O. Box in Panama. Fast forward to today, affordable ransomware-as-a-service (RaaS) kits are available on the dark web for anyone to purchase and deploy and attackers have an infinite

Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda.

Let's face it: we all use email, and we all use passwords. Passwords create inherent vulnerability in the system. The success rate of phishing attacks is skyrocketing, and opportunities for the attack have greatly multiplied as lives moved online. All it takes is one password to be compromised for all other users to become victims of a data breach.  To deliver additional security, therefore,

Cybersecurity researchers have disclosed details of the latest version of the Chaos ransomware line, dubbed Yashma. "Though Chaos ransomware builder has only been in the wild for a year, Yashma claims to be the sixth version (v6.0) of this malware," BlackBerry research and intelligence team said in a report shared with The Hacker News. Chaos is a customizable ransomware builder that emerged in

In this day and age, we are not dealing with roughly pieced together, homebrew type of viruses anymore. Malware is an industry, and professional developers are found to exchange, be it by stealing one's code or deliberate collaboration. Attacks are multi-layer these days, with diverse sophisticated software apps taking over different jobs along the attack-chain from initial compromise to

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

Even as the operators of Conti threatened to overthrow the Costa Rican government, the notorious cybercrime gang officially took down their infrastructure in favor of migrating their criminal activities to other ancillary operations, including Karakurt and BlackByte. "From the negotiations site, chatrooms, messengers to servers and proxy hosts - the Conti brand, not the organization itself, is

Threat actors behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection. "It's a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and content management systems (CMSs) via vulnerability exploitation, making this threat highly evasive to

Nedávná nehoda automobilu Tesla Model S, při níž zahynuli tři lidé, vyústila v další federální vyšetřování systému Autopilot společnosti Tesla, uvádí deník The Wall Street Journal. Vyšetřování vede Národní úřad pro bezpečnost silničního provozu (NHTSA), který uvedl, že v současné době prověřuje ...

A large number of servers running the Kubernetes API have been left exposed to the internet, which is not great: they're potentially vulnerable to abuse.

In this first part of our Complete Guide to Keylogging in Linux, we will explore the basics of keylogging and its importance in the realm of Linux security, and dive deeper into keylogging in userspace, demonstrating how a keylogger can be written for Linux, by reading events directly from a keyboard device.

The fine has finally gone through... but it's less than 45% of what was originally proposed.

Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are not always obvious. Organizations that don’t mitigate these risks are vulnerable to attack.  In this article, we outline how containers contributed to agile development, which unique security risks containers bring into the picture – and what

Kybernetický útok na Ředitelství silnic a dálnic (ŘSD) napáchal podle šéfa organizace Radka Mátla „obrovské škody“, z nichž se společnost bude vzpamatovávat měsíce. Útok minulý týden narušil weby či účetnictví, stavby však neohrozil.

Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

A security researcher claims to have discovered an unpatched vulnerability in PayPal's money transfer service that could allow attackers to trick victims into unknowingly completing attacker-directed transactions with a single click. Clickjacking, also called UI redressing, refers to a technique wherein an unwitting user is tricked into clicking seemingly innocuous webpage elements like buttons

Fronton, a distributed denial-of-service (DDoS) botnet that came to light in March 2020, is much more powerful than previously thought, per the latest research. "Fronton is a system developed for coordinated inauthentic behavior on a massive scale," threat intelligence firm Nisos said in a report published last week. "This system includes a web-based dashboard known as SANA that enables a user

Security researcher Jason Donenfeld who is known for leading the development of the WireGuard open-source software has outlined a new security vulnerability affecting the Oracle VM VirtualBox software.

Protect your Linux servers from XorDdos, a botnet scanning the internet for SSH servers with weak passwords, Microsoft warns.