Archive

A new piece of the Ryuk malware has been improved to steal confidential files related to the military, government, financial statements, and banking. Security experts from MalwareHunterTeam have discovered a new version of the Ryuk Stealer malware that has been

Cisco addressed a critical security vulnerability in Cisco Webex Meetings Suite sites and Online sites that allow an unauthenticated attacker to join password protected private meetings without the meeting password. Cisco Webex technology is a platform to host online meetings

US senators have proposed a bill that would drastically reform the surveillance practices of the National Security Agency (NSA) and increase oversight of government surveillance. Titled The Safeguarding Americans’ Private Records Act, the bill was introduced on Thursday by Senators

In general, the most secure software is open source. Even old, underfunded open-source security projects can still withstand the onslaught of exploits and invasions by the NSA. Open source has one main advantage over closed-source software: the code is public

PupyRAT is a cross-platform (Windows, Linux, OSX, Android) is a remote administration and post-exploitation tool. It was written in python, acts as a backdoor, allows an attacker to create remote command shells, steal password credentials, log keystrokes, steal files, and

Researchers observed new snake ransomware that written in Golang targeting Windows users to encrypt the system files and remove the Volume Shadow Copies that the OS uses for backup. Snake ransomware is a targeted campaign that contains a standard ransomware

Danish security researcher Ollypwn has released DOS exploit PoC for critical vulnerabilities in the Windows RDP Gateway. The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway)

A US Government agency was hit with a phishing attack attempting to deliver a new malware dropper dubbed CARROTBALL. Security experts at Palo Alto Networks have uncovered a new malware dropper called CARROTBALL that was used in targeted attacks against

Warnings have been issued in the United States after cybersecurity flaws were detected in medical monitoring devices manufactured by GE Healthcare Systems (GEHC). Safety notices were published yesterday by both the US Food and Drug Administration (FDA) and the US

London’s Metropolitan Police Service has announced that it will start using live facial recognition (LFR) technology to scan public areas for suspected criminals. After trialing the technology for two years, the Met has said that it will have cameras up

Speaking at BSides Leeds, security researcher Darren Martyn explored the issue of credential stuffing, calling it an “exploding problem on the internet” and the “cyber-equivalent of volume crime.” Saying that credential stuffing is “aided by data leaks,” Martyn argued that

In the opening keynote at BSides Leeds head of cybersecurity research Daniel Cuthbert said that we are “in the best industry in the world” and, having spent 27 years doing cybersecurity, he has seen that it is the “misfits and

Security researchers have discovered a new cyber-espionage operation with links to Iranian state hacking groups targeting a major European energy organization. Recorded Future’s Insikt Group detected command-and-control (C&C) communications between a C&C server and the victim organization, from late November

The average ransomware payment more than doubled quarter-on-quarter in the final three months of 2019, while average downtime grew by several days, according to the latest figures from Coveware. The security vendor analyzed anonymized data from cases handled by its

Sonos appears to have bowed to customer pressure and will now offer security updates for legacy kit and ensure it can co-exist with newer systems. The smart speaker firm issued a statement earlier this week warning that from May, “some

The Information Security Industry is on high alert because of constant cyber threats and trends than ever before in 2020. Artificial intelligence, cryptocurrency, machine learning, sophisticated cyber-attacks, phishing, malware, viruses, bots, have all caused governments, corporations, and individuals to be