Security researchers are tracking a variant of the prolific Mirai botnet called Mukashi, that's taking advantage of vulnerabilities in network-area storage devices made by Zyxel and giving its operators the ability to launch DDoS attacks. Zyxel has issued a patch for the vulnerability.
Microsoft is warning that attackers are exploiting a pair of critical, zero-day flaws in Windows that allow for remote code execution, which could enable a threat actor to take over an infected device. Although a patch for the flaws is not expected until April, the company described workarounds.
Finastra, a large financial services software provider based in London, continues to recover from a ransomware attack that forced the company to take its IT operations offline Friday to prevent further damage to its corporate network, according to the company's CEO.
Disinformation campaigns with ties to Russia are continuing in an attempt to impede other governments' responses to the COVID-19 pandemic, complicating public health efforts to combat the disease, European officials warn.
As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other the cybercriminal scams targeting a largely at-home workforce.
TA505, a notorious cybercriminal group believed to be operating in Russia, is using business email compromise tactics to target a new group of victims - HR departments, according to security researchers, who describe the new scheme.
With the declaration of COVID-19 as a pandemic, and the global shift to work from home, Tom Kellermann of VMware Carbon Black sees a corresponding increase in hacking and espionage attempts against U.S. agencies, businesses and citizens. He says add "digital distancing" to your precautions.
The Trump administration is reportedly in talks with tech companies, including Facebook and Google, to explore whether it's possible to use real-time location data from smartphones to support efforts to slow the spread of COVID-19. But some privacy advocates are raising concerns about such tracking efforts.
As cybercriminals and nation-states take advantage of the COVID-19 pandemic to further their own aims, authorities are calling on victims to report online attacks as quickly as possible to help them better disrupt such activity.
Cybereason CSO Sam Curry is no stranger to crisis - he was on the team that responded to the RSA breach in 2011. But the COVID-19 pandemic brings an unprecedented challenge: How do you manage business continuity and reduce risk with a 100 percent remote workforce? Curry shares strategies and lessons learned.
Russian state-sponsored hackers have switched their techniques, relying more on compromised corporate email accounts to send out targeted phishing emails and spam, according to the security firm Trend Micro.
Federal government agencies certainly are not immune from phishing scams, and Aaron Higbee of Cofense is focused on tackling the unique challenges that government faces in detecting and stopping the crimes.
Cybercriminals, and perhaps nation-state hackers, that are attempting to take advantage of the COVID-19 pandemic are now turning their attention to mobile devices to spread malware, including spyware and ransomware, security researchers warn.
A new variant of TrickBot, which is using remote desktop protocol brute-force methods to target potential victims and bypass security protocols, is mainly targeting telecom services in the U.S. and Hong Kong, attempting to steal intellectual property as well as financial data, according to Bitdefender.