FBI/CISA Warn US Firms of State-Mandated Tax Malware The US government has been forced to issue another warning to organizations doing business in China after reports of a potentially widespread attempt to remotely target them with powerful malware hidden in

Click Fraud Risk as Smartphone Discovered with Pre-Installed Malware Security researchers have discovered malware pre-installed on a Chinese smartphone and designed to facilitate mobile ad fraud on a massive scale. Upstream’s Secure-D Lab said it recorded 19.2 million suspicious transactions,

New Mercenary APT Group Targeted Autodesk Software Security researchers have uncovered yet another hacker-for-hire group armed with APT-style capabilities, which has targeted at least one high-value victim in the real estate sector. Bitdefender revealed details of the unnamed group in

A hack-for-hire group, tracked as DeathStalker, has been targeting organizations in the financial sector since 2012 Kaspersky researchers say. DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms and financial entities, since

North Korea-linked Lazarus APT group targets cryptocurrency organizations with fake job offers in an ongoing spear-phishing campaign. North Korea-linked Lazarus APT group (aka HIDDEN COBRA) has been observed while using LinkedIn lures in a spear-phishing campaign targeting the cryptocurrency organizations worldwide, including

A researcher disclosed technical details of an unpatched vulnerability in Apple’s Safari web browser that can be exploited to steal files from the targeted system. An expert disclosed the details of an unpatched vulnerability in Apple’s Safari web browser that

A cyber-attack has shut down virtual classes in a Los Angeles school district two weeks after the FBI issued a cybersecurity warning to schools offering online learning. In a grim foreshadowing of what was to come, FBI supervisory special agent

Registration for the fall season of the National Cyber League (NCL) opened yesterday. The league provides an exciting virtual environment in which students of all levels can apply their cybersecurity skills to real-world scenarios encountered by professionals in the cybersecurity

Nearly half (47%) of UK IT leaders have not updated their security strategies to account for their move to cloud environments, putting their organizations at higher risk of cyber-attack, according to a new study by Trend Micro commissioned for CLOUDSEC

Palo Alto Networks has announced its intention to acquire consultancy Crypsis Group. The two companies have entered into a definitive agreement which will see Palo Alto Networks acquire the incident response, risk management and digital forensics consulting firm for a

Popular stock photo site Freepik has disclosed a major data breach affecting over eight million customers. The incident also affected users of the sister site Flaticon, which claims to run the world’s largest database of free icons. In a breach

Security researchers have urged organizations to upskill incident detection and response teams, after revealing a new Lazarus Group attack which managed to bypass advanced EDR and network security at a cryptocurrency firm. The tactical intelligence report details an attack which

A group of “newbie” Iranian hackers have been blamed for attacks using the Dharma ransomware variant on targets in Russia and Asia. The threat actors’ relative inexperience was highlighted by several characteristics of the attacks against companies in Russia, Japan,

Cyber-criminals have been impersonating the well-known Bitcoin BTC ERA trading platform in order to infect users of the online currency with malware, according to new research from Abnormal Security. The cybersecurity firm found that malicious actors have been sending emails

The first day of online classes at a North Carolina school was memorable for all the wrong reasons after a hacker disrupted a lesson with offensive content. Virtual classes, taught via Google Meet, began at Lee County High School, Sanford,

A vulnerability in the TeamViewer app could allow malicious actors to steal passwords. The high-severity flaw was discovered in the desktop version of the app for Windows before 15.8.3. By exploiting the weakness, authenticated threat actors operating remotely could execute