Authorities have accused Serbia-based scammers of capitalizing on the "initial coin offering" bubble that began in 2017, bilking global cryptocurrency investors out of $70 million via Bitcoiin2Gen and other supposed coins and hiring actor Steven Seagal to endorse them.
The Senate Intelligence Committee's hearing about the supply chain attack that affected SolarWinds and dozens of other companies and federal agencies answered some questions about what went wrong but also raised four key issues.
The cybersecurity agencies of five countries have issued a joint advisory warning that hackers are exploiting vulnerabilities in the Accellion File Transfer Appliance to steal data and execute ransomware. Australia's Transport for New South Wales and Canada's Bombardier are the latest victims to be revealed.
The Russian hacking group known as Turla is deploying a new IronPython-based malware loader called "IronNetInjector" as part of a new campaign, Palo Alto Networks' Unit42 reports. It comes with capabilities to obfuscate malware codes and encrypt and decrypt NET injector and payloads.
The operators behind the Minebridge remote-access Trojan have updated the malware, which is targeting security researchers by using a malicious payload disguised in an attached document, according to the security firm Zscaler.
Threat actors are masquerading as business tools and communication platforms to slip past perimeter controls that are programmed to block known threats. Once they make it through, human detection and threat analysis become an integral part of the process to thwart an attack.
When technologies aren’t programmed to...
The CEOs of SolarWinds, Microsoft, FireEye and CrowdStrike rolled out a series of cybersecurity recommendations to a U.S. Senate panel Tuesday while detailing how foreign actors gained access into their firms' systems as a result of the SolarWinds supply chain attack.
A previously undetected malware variant has infected almost 30,000 Apple Macs. So far, however, researchers have not seen the code, called Silver Sparrow, deliver any malicious payloads to these endpoints, according to a new report.
Critical, unpatched vulnerabilities that could enable hackers to access sensitive data have been found in India's National Critical Information Infrastructure Protection Center, according to ethical hacking group Sakura Samurai.
A newly-discovered phishing campaign posts harvested credentials using the Telegram messaging app's application programming interface to bypass secure email gateways, report researchers at the Cofense Phishing Defense Center.
A Chinese hacking group reportedly "cloned" and deployed a zero-day exploit developed by the NSA's Equation Group before Microsoft patched the Windows flaw being exploited, according to Check Point Research. The analysis shows how some U.S. cyber weapons have been turned against their developers.
Venture capital firm Sequoia Capital confirmed it was recently involved in a "cybersecurity incident," but offered no details on exactly what may have transpired. Cybersecurity teams and law enforcement agencies have been notified.
The Good Health Pass Collaborative is developing a road map for digital health passes that international travelers could use to prove they have been tested for COVID-19. Dakota Gruener, executive director of ID2020, which launched the project, describes the effort, including privacy-protection measures.
SonicWall was recently attacked via a zero-day flaw in one of its own products. Curiously, SonicWall hasn't said much about the extent and damage of the breach since its announcement. But there are strong indications it may have been targeted by an extortion attempt.