Technology

A previously known Windows remote access Trojan (RAT) with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker’s espionage motives. “The developers of LodaRAT have added Android as a targeted platform,” Cisco Talos researchers said in a Tuesday analysis. “A new iteration of LodaRAT for Windows has been […]

In what’s a novel supply chain attack, a security researcher managed to breach over 35 major companies’ internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, and achieve remote code execution. The technique, called dependency confusion or a substitution attack, takes advantage of the fact that a piece of software

Apple has rolled out a fix for a critical sudo vulnerability in macOS Big Sur, Catalina, and Mojave that could allow unauthenticated local users to gain root-level privileges on the system. “A local attacker may be able to elevate their privileges,” Apple said in a security advisory. “This issue was addressed by updating to sudo version 1.9.5p2.”

Microsoft on Tuesday issued fixes for 56 flaws, including a critical vulnerability that’s known to be actively exploited in the wild. In all, 11 are listed as Critical, 43 are listed as Important, and two are listed as Moderate in severity — six of which are previously disclosed vulnerabilities. The updates cover .NET Framework, Azure IoT,

Endpoint Detection and Response (EDR) platforms have received incredible attention as the platform for security teams. Whether you’re evaluating an EDR for the first time or looking to replace your EDR, as an information security professional, you need to be aware of the gaps prior already to implementation so you can best prepare how to

Law enforcement officials in Ukraine, in coordination with authorities from the U.S. and Australia, last week shut down one of the world’s largest phishing services that were used to attack financial institutions in 11 countries, causing tens of millions of dollars in losses. The Ukrainian attorney general’s office said it worked with the National Police and its

Hackers successfully infiltrated the computer system controlling a water treatment facility in the U.S. state of Florida and remotely changed a setting that drastically altered the levels of sodium hydroxide (NaOH) in the water. During a press conference held yesterday, Pinellas County Sheriff Bob Gualtieri said an operator managed to catch the manipulation in real-time

Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish natives. Tracing the extensive espionage operations to two advanced Iranian cyber-groups Domestic Kitten (

While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the “Application Crowdtesting Services” category. We have compiled the top 5 most promising bug bounty platforms for those of you who are looking to enhance your existing software testing arsenal

Google on Thursday removed The Great Suspender, a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users’ computers. “This extension contains malware,” read a terse notification from Google, but it has since emerged that the add-on stealthily added features