Collaborate Disseminate
A ransomware threat called SamSam that’s known for crippling IT systems in hospitals, schools and government organizations has made many more victims than previously believed. Security researchers from Sophos worked with cryptocurrency tracking … Continue reading Highly Targeted Ransomware SamSam Earned Its Creator $6 Million
While analyzing recent drive-by download attacks, security researchers have uncovered a large malvertising operation that infiltrated the legitimate online ad ecosystem and abuses more than 10,000 compromised websites. Malicious advertising, or malver… Continue reading Researchers Uncover Massive Malvertising Operation
Over the past several months, security researchers have observed increased activity from a malware threat called CactusTorch that uses fileless techniques and reputable Windows executables to avoid detection. The malware program loads shellcode directl… Continue reading Fileless Threat CactusTorch Abuses .NET to Infect Systems
Less than a week after a critical vulnerability was patched in Oracle’s WebLogic application server, attackers have already started exploiting the flaw to break into enterprise systems. WebLogic is a component of Oracle Fusion Middleware and und… Continue reading Recently Patched Oracle WebLogic Flaw Used in Active Attacks
A cybercriminal group known for targeting financial institutions has managed to steal almost $1 million from a large Russian bank after hacking into a router at one of its regional branches. The group, known in the security industry as MoneyTaker, has… Continue reading Router Compromise Enables $1 Million Bank Cyberheist
Cisco Systems released a new batch of security patches that fix 29 vulnerabilities across its product portfolio, four of which pose a critical risk and eight are rated important. One of the critical flaws affects Cisco’s Policy Suite Cluster Man… Continue reading Cisco’s Latest Patches Address Critical Flaws, Hardcoded Password
Security researchers have been tracking a sustained cyberespionage campaign against Ukrainian government institutions that uses a combination of free and custom-made remote access Trojans (RATs). The malware programs involved in the years-long campaig… Continue reading Cyberespionage Campaign in Ukraine Uses Free and Custom RATs
Ukraine’s internal security agency, the SBU, reports blocking a VPNFilter attack against a plant that produces liquid chlorine used for treating the water supply in the country. The SBU has not provided technical details about the attack, but sa… Continue reading VPNFilter Attack Hits Chlorine Plant in Ukraine
At the beginning of this year, the Spectre and Meltdown vulnerabilities shined a spotlight on the security risks associated with the speculative execution feature of modern CPUs. Since then, researchers have kept digging and found new issues, the late… Continue reading CPU Speculative Execution Hits Again with 2 New Spectre Variants