Feds Hit with Successful Cyberattack, Data Stolen
Posted on Thursday September 24, 2020

The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit.

CISA: LokiBot Stealer Storms Into a Resurgence
Posted on Wednesday September 23, 2020

The trojan has seen a big spike in activity since August, the Feds are warning.

DHS Issues Dire Patch Warning for ‘Zerologon’
Posted on Monday September 21, 2020

The deadline looms for U.S. Cybersecurity and Infrastructure Security Agency’s emergency directive for federal agencies to patch against the so-called ‘Zerologon’ vulnerability.

UPDATE – TikTok Ban: Security Experts Weigh in on the App’s Risks
Posted on Monday September 21, 2020

With no hard evidence of abuse, are bans warranted? The real security concerns will likely come after the ban goes into effect, researchers said in our exclusive roundtable.

APT41 Operatives Indicted as Sophisticated Hacking Activity Continues
Posted on Thursday September 17, 2020

Five alleged members of the China-linked advanced threat group and two associates have been indicted by a Federal grand jury, on dozens of charges.

California Elementary Kids Kicked Off Online Learning by Ransomware
Posted on Thursday September 17, 2020

The attack on the Newhall District in Valencia is part of a wave of ransomware attacks on the education sector, which shows no sign of dissipating.

DoJ Indicts Two Hackers for Defacing Websites with Pro-Iran Messages
Posted on Wednesday September 16, 2020

The two hackers allegedly hacked more than 50 websites hosted in the U.S. and vandalized them with pro-Iran messages.

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs
Posted on Monday September 14, 2020

Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers.

APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins
Posted on Friday September 11, 2020

The Russia-linked threat group is harvesting credentials for Microsoft's cloud offering, and targeting mainly election-related organizations.

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure
Posted on Friday September 11, 2020

Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.