News

Emerging cyberattacks and threats

• March 25, 2020 25 Mar'20

  China's APT41 attacks Citrix ADC flaws in cyberespionage campaign

  A dual cyberespionage and cybercrime group known as APT41 exploited vulnerabilities in Citrix NetScaler/ADC and other products in an extensive, global threat campaign.

• March 24, 2020 24 Mar'20

  RSA Conference 2020 guide: Highlighting security's human element

  What's happening at the 2020 RSA Conference? Our team keeps you up to date with pre-conference coverage and breaking news from the infosec world's biggest event.

• March 19, 2020 19 Mar'20

  Deepfakes: Security experts undecided on the threat level

  Deepfakes may seem like a scary new threat in today's world, but should the world be worried? SearchSecurity asked numerous experts to weigh in at RSA Conference 2020.

• March 19, 2020 19 Mar'20

  Risk & Repeat: Coronavirus-themed threats on the rise

  This week's Risk & Repeat podcast looks at the disruption caused by COVID-19, as well as the sharp increase in cyberthreats designed to exploit the pandemic.

• March 17, 2020 17 Mar'20

  Ransomware attacks poised to disrupt coronavirus response efforts

  Experts fear that coronavirus-themed threats will escalate to ransomware attacks, and such attacks will disrupt response efforts at hospitals and city, state and local governments.

• March 09, 2020 09 Mar'20

  Researchers develop new side channel attacks on AMD chips

  Security researchers behind the Meltdown and Spectre flaws discovered new side channel attacks on AMD processors, but the chipmaker has opted not to patch them.

• March 06, 2020 06 Mar'20

  Intel CSME flaw deemed 'unfixable' by Positive Technologies

  Positive Technologies researchers discovered a previously disclosed vulnerability in the Intel Converged Security and Management Engine is worse than originally reported.

• February 05, 2020 05 Feb'20

  Threat actors combining data exposure with ransomware attacks

  New Cisco Talos research shows an increase in ransomware attacks that double the pressure on victims by threatening them with the exposure of their sensitive data.

• January 28, 2020 28 Jan'20

  'CacheOut': Researchers unveil new attack on Intel chips

  Researchers unveiled a new speculative execution attack that leaks data from most Intel microprocessors and gives attackers greater control over what data is leaked.

• December 19, 2019 19 Dec'19

  Two attacks on Maze ransomware list confirmed

  Another confirmed ransomware attack, this time against Busch's Fresh Food Markets, was added to the Maze gang's ransomware shaming list after the company refused to pay the ransom.

• December 17, 2019 17 Dec'19

  Maze gang outs ransomware victims in shame campaign

  The threat actors behind Maze ransomware started a campaign to pressure victims into paying ransom by publicly listing successful attacks and threatening to leak data.

• November 13, 2019 13 Nov'19

  ZombieLoad v2 disclosed, affects newest Intel chips

  Researchers disclosed another variant of the ZombieLoad side-channel attack that affects the newest Intel processors, and also discovered a flaw in the original ZombieLoad patch.

• November 08, 2019 08 Nov'19

  ConnectWise ransomware attacks affecting Automate customers

  ConnectWise warned that ransomware attacks are targeting open ports for its Automate on-premises application, but the company has offered few details about the nature of the attacks.

• October 23, 2019 23 Oct'19

  Another CCleaner attack hits Avast supply chain

  Avast was able to stop an attempted supply chain attack targeting its CCleaner software, but experts say all enterprises should be wary of similar supply chain attacks.

• October 16, 2019 16 Oct'19

  Exposed Docker hosts open the door for cryptojacking

  Security researchers discovered a new Docker worm that has been targeting exposed hosts in order to spread cryptojacking malware to other containers.

• September 18, 2019 18 Sep'19

  Global cryptomining attacks use NSA exploits to earn Monero

  Security researchers tracked a very active threat group launching cryptomining attacks around the world against organizations in banking, IT services, healthcare and more.

• September 17, 2019 17 Sep'19

  Researcher finds digital certificate fraud used to spread malware

  A new certificate fraud scheme involves a threat actor impersonating company execs to purchase certs which are then resold to those looking to spread malware.

• August 20, 2019 20 Aug'19

  KNOB attack puts all Bluetooth devices at risk

  Security researchers discovered a way to force Bluetooth devices to use easy-to-crack encryption keys, which could lead to man-in-the-middle attacks and information leaks.

• August 14, 2019 14 Aug'19

  Microsoft discovers BlueKeep-like flaws in Remote Desktop Services

  Microsoft disclosed four remote code execution flaws in Remote Desktop Services that are similar to BlueKeep, as well as other vulnerabilities in RDP.

• August 14, 2019 14 Aug'19

  IoT botnets reach new threshold in Q2 of 2019

  Defending against the rising number and increasing sophistication of IoT botnet attacks isn't an easy task. Learn about the latest threats and the techniques to mitigate them.

• August 14, 2019 14 Aug'19

  Latest news from the Black Hat 2019 conference

  Learn the latest from this year's Black Hat conference, Aug. 3 to 8. Our team is in Las Vegas to report on what's new in information security risks, trends and defense tactics.

• August 12, 2019 12 Aug'19

  Black Hat 2019 brings out new security, protection offerings

  The 22nd Black Hat conference in Las Vegas brought together a slew of vendors in network and data security with a variety of security offerings to pitch.

• August 09, 2019 09 Aug'19

  ICS security threats rising, targeting oil and gas facilities

  In its latest report on industrial control system threats, Dragos said it believes the first major 'destructive' ICS attack will likely occur at an oil and gas facility.

• August 08, 2019 08 Aug'19

  Check Point finds RDP vulnerability jeopardizes Microsoft's Hyper-V

  Check Point revealed research at Black Hat that showed a previously disclosed vulnerability in Microsoft's remote desktop protocol affects the company's virtualization platform.

• August 05, 2019 05 Aug'19

  BlackBerry Intelligent Security enables flexible security policy

  BlackBerry launched a new unified endpoint management platform, BlackBerry Intelligent Security, which changes security policies by calculating user risk.

• August 01, 2019 01 Aug'19

  SafeBreach launches new platform to prioritize, mitigate security gaps

  SafeBreach has launched SafeBreach GRID, a breach and attack simulation application that helps security teams decide which security gaps to address first.

• July 23, 2019 23 Jul'19

  Slide deck brings BlueKeep exploit closer to the wild

  After a description for building a remote BlueKeep exploit is posted on GitHub, experts warn that attacks in the wild are becoming more likely and users need to patch.

• July 18, 2019 18 Jul'19

  New ransomware threat takes GandCrab's place

  Researchers released GandCrab master decryption keys, and in the wake of GandCrab's shutdown, a new ransomware threat -- called Sodin or Sodinokibi -- has emerged.

• July 03, 2019 03 Jul'19

  U.S. Cybercom warns Outlook vulnerability under attack

  U.S. Cybercom issued an alert about active exploitation of a 2-year-old Microsoft Outlook flaw, and experts say an Iranian threat group is behind the attacks.

• June 28, 2019 28 Jun'19

  AI-enabled malware is coming, Malwarebytes warns

  AI-driven threats may not be here yet, but a new report from Malwarebytes predicts they will be here soon and could potentially change the cybersecurity game for good.

• June 26, 2019 26 Jun'19

  Stellar Cyber launches Starlight 3.1 for AI threat detection

  Stellar Cyber, a security analytics vendor, launched Starlight 3.1 as its first unified security analytics platform, using AI and machine learning to detect and thwart attacks.

• June 19, 2019 19 Jun'19

  BlueKeep warnings having little effect on Windows patching

  DHS issued the latest security advisory for BlueKeep, but it's unclear whether the repeated warnings are being heeded by organizations that have vulnerable systems on the internet.

• June 14, 2019 14 Jun'19

  Dragos: Xenotime threat group targeting U.S. electric companies

  Dragos says Xenotime, the threat group behind a devastating ICS attack in 2017, has been probing the networks of U.S. electric utilities and also attempted network intrusions.

• June 13, 2019 13 Jun'19

  RAMBleed: New Rowhammer attack can steal data from memory

  Security researchers developed a Rowhammer attack variant, called RAMBleed, that can steal data from memory and works even if systems are patched against Rowhammer.

• June 06, 2019 06 Jun'19

  NSA issues BlueKeep warning as new PoC exploit demos

  The NSA issued a rare warning for users to patch against the BlueKeep vulnerability on the same day a security researcher demoed an exploit leading to a full system takeover.

• June 04, 2019 04 Jun'19

  Microsoft issues second BlueKeep warning urging users to patch

  Microsoft again urged users to patch against the BlueKeep vulnerability as more potential exploits surface and one researcher discovered almost 1 million vulnerable systems.

• May 23, 2019 23 May'19

  'BlueKeep' Windows Remote Desktop flaw gets PoC exploits

  Multiple researchers created proof-of-concept exploits, including remote code execution attacks, targeting the recently patched Windows Remote Desktop flaw called BlueKeep.

• May 16, 2019 16 May'19

  ZombieLoad: More side channel attacks put Intel chips at risk

  Another set of side channel vulnerabilities were discovered in Intel chips. Security researchers explain the risks posed by the flaws and offer advice on mitigation steps.

• May 14, 2019 14 May'19

  Zero-day WhatsApp vulnerability could lead to spyware infection

  A zero-day vulnerability in WhatsApp was used in targeted attacks that involved installing spyware on mobile devices, which may be the work of an advanced threat actor.

• May 06, 2019 06 May'19

  Enterprise security threats rising, consumer attacks falling

  Cybercriminals are increasingly taking aim at businesses, according to a recent Malwarebytes report. Security experts weigh in on best practices for defending against malware attacks.

• May 02, 2019 02 May'19

  CrowdStrike tackles BIOS attacks with new Falcon features

  CrowdStrike added firmware attack detection capabilities to its Falcon platform and also expanded its partnership with Dell to help organizations tackle BIOS threats.

• May 01, 2019 01 May'19

  Huawei ban highlights 5G security issues CISOs must tackle

  Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network.

• April 26, 2019 26 Apr'19

  FBI report says BEC attacks are increasing, evolving

  According to the FBI's 2018 Internet Crime Report, business email compromise attacks are on the rise. Security experts highlight how BEC scams are evolving.

• April 24, 2019 24 Apr'19

  Flashpoint responds to evolving dark web threats

  Cybersecurity firm Flashpoint updated its threat intelligence platform to better address evolving techniques and practices on the dark web, such as encrypted chat usage.

• April 19, 2019 19 Apr'19

  Forcepoint pushes 'human-centric cybersecurity' approach

  During the launch of the Forcepoint Cyber Experience Center in Boston, Forcepoint execs emphasized the need for adopting a new approach to cybersecurity that focuses on the human factor.

• April 19, 2019 19 Apr'19

  DNS hijacking campaign targets national security organizations

  A DNS hijacking campaign targeting national security organizations and critical infrastructure may be part of a new trend, according to the researchers behind recent attacks.

• April 15, 2019 15 Apr'19

  Blue Hexagon bets on deep learning AI in cybersecurity

  Cybersecurity startup Blue Hexagon uses deep learning to detect network threats. Security experts weigh in on the limitations of AI technologies in cybersecurity.

• April 11, 2019 11 Apr'19

  New Baldr information stealer could target businesses

  Malwarebytes explains why the rapidly evolving info-stealer Baldr could spell trouble for businesses and consumers, and offers pointers on how to defend against such malware.

• April 03, 2019 03 Apr'19

  'Triple threat' malware campaign combines Emotet, TrickBot and Ryuk

  Cybereason sounds off on the recently discovered 'triple threat' campaign and highlights interesting features of the attack technique used by cybercriminals.

• March 26, 2019 26 Mar'19

  CrowdStrike: Cybercrime groups joining forces to pack more punch

  CrowdStrike sounds off on the enhanced partnership between the cybercrime groups behind the TrickBot and BokBot malware and explains what such collaborations signify.

• March 26, 2019 26 Mar'19

  Asus backdoor hits targets with officially signed update

  Attackers infected the official Asus Live Updater to install a malicious backdoor on hundreds of thousands of systems, with the intent of targeting a small subset of those users.

• March 22, 2019 22 Mar'19

  Study reveals sale of SSL/TLS certificates on dark web

  Security researchers discovered the availability of SSL/TLS certificates for sale on the dark web, which allow cybercriminals to disguise their malicious activity as legitimate.

• March 20, 2019 20 Mar'19

  New Mirai malware variant targets enterprise devices

  Researchers from Palo Alto Networks have spotted a new variant of the Mirai botnet that is targeting enterprise presentation systems and digital signage with 11 new exploits.

• March 20, 2019 20 Mar'19

  Experts praise Norsk Hydro cyberattack response

  Aluminum manufacturer Norsk Hydro was hit with ransomware that forced a switch to manual operations. The company's incident response has experts impressed.

• March 13, 2019 13 Mar'19

  Election security threats loom as presidential campaigns begin

  Fragile electronic voting systems and the weaponization of social media continue to menace U.S. election systems as presidential candidates ramp up their 2020 campaigns.

• March 13, 2019 13 Mar'19

  SANS Institute: DNS attacks gaining steam in 2019

  At RSA Conference 2019, experts from the SANS Institute discuss the most dangerous attack techniques they've seen, including DNS manipulation and domain fronting.

• March 11, 2019 11 Mar'19

  Zscaler charts sharp increase in SSL threats like phishing, botnets

  Threat actors are exploiting encryption protocols to deliver malicious content, according to Zscaler, which found a 400% increase in SSL-based phishing threats last year.

• March 07, 2019 07 Mar'19

  RSAC 2019: Coverage of the premiere security gathering

  Find out what's happening at the at the 2019 RSA Conference in San Francisco, the information security industry's biggest event, with breaking news and analysis by the SearchSecurity team.

• March 01, 2019 01 Mar'19

  Research sparks debate over password manager vulnerabilities

  Researchers found several popular password managers expose master passwords in system memory, but experts recommend consumers and enterprises should still use the products.

• February 26, 2019 26 Feb'19

  Eclypsium: Bare-metal cloud servers vulnerable to firmware attacks

  Eclypsium found IBM SoftLayer cloud services are vulnerable to what it calls Cloudborne, which allows threat actors to make small, but potentially deadly firmware changes.

• February 20, 2019 20 Feb'19

  At RSAC 2019, speculative execution threats take a back seat

  The Meltdown and Spectre vulnerabilities loomed large last year, but RSAC 2019 will have little fodder on speculative execution threats and side channels attacks.

• February 15, 2019 15 Feb'19

  Astaroth Trojan returns, abuses antivirus software

  Cybereason's Nocturnus Research team has discovered a new strain of the Astaroth Trojan that attacks antivirus software to steal credentials.

• February 08, 2019 08 Feb'19

  'SpeakUp' backdoor Trojan could spell further trouble for Linux servers

  Check Point Research explains why SpeakUp, the new Trojan targeting Linux servers, has the potential to unleash more harm and offers pointers on how to defend against such malware.

• January 30, 2019 30 Jan'19

  New DDoS attack technique puts CSPs at risk

  Nexusguard found a new DDoS attack technique that targeted CSPs in which attackers used a bit-and-piece approach to inject junk into legitimate traffic and dodge detection.

• January 29, 2019 29 Jan'19

  Dailymotion credential stuffing attacks lasted more than 6 days

  Video-sharing website Dailymotion reset passwords for an unknown number of users following 'large-scale' credential stuffing attacks that lasted for more than six days before being stopped.

• January 25, 2019 25 Jan'19

  SafeRide tackles connected vehicle security with machine learning

  SafeRide's vXRay technology aims to improve security for connected vehicles with unsupervised machine learning. Can it keep hackers out of the driver's seat?

• January 25, 2019 25 Jan'19

  DNS hijack attacks lead to government directive from DHS

  Following a string of DNS hijack attacks around the globe, the Department of Homeland Security has directed federal agencies to harden defenses against DNS tampering.

• January 18, 2019 18 Jan'19

  Collection #1 breach data includes 773 million unique emails

  Have I Been Pwned added a new trove of 773 million unique emails and 21 million passwords -- known as the Collection #1 breach data -- but there are questions about the freshness of the data.

• January 11, 2019 11 Jan'19

  Iran implicated in DNS hijacking campaign around the world

  FireEye researchers investigating a DNS hijacking campaign against governments and telecom companies said those who are potential targets of Iran should take precautions.

• December 20, 2018 20 Dec'18

  McAfee: When quantum computing threats strike, we won't know it

  Quantum computing systems may not be powerful enough to break current encryption protocols, but McAfee CTO Steve Grobman says it will be tough to tell when that day arrives.

• December 14, 2018 14 Dec'18

  Facebook API bug exposed photos of 6.8 million users

  GDPR regulators are already investigating a new Facebook API bug the social media giant announced Friday that might have exposed photos belonging to up to 6.8 million users.

• December 13, 2018 13 Dec'18

  Operation Sharpshooter targets infrastructure around the world

  Operation Sharpshooter is a recently discovered global cyberattack campaign targeting critical infrastructure organizations, including nuclear, defense and financial companies.

• November 28, 2018 28 Nov'18

  Compromised NPM package highlights open source trouble

  A compromised NPM package targeted a popular bitcoin wallet with cryptocurrency-stealing code and experts say the issue highlights the lack of a chain of trust in open source software.

• November 21, 2018 21 Nov'18

  DeepMasterPrints fake fingerprints can fool fingerprint sensors

  Researchers have developed AI-generated synthetic fingerprints -- known as DeepMasterPrints -- that can spoof biometric scanners and potentially be used to launch practical attacks.

• November 16, 2018 16 Nov'18

  Risk & Repeat: Are we winning the war on cybercrime?

  On this week's Risk & Repeat podcast, Chet Wisniewski of Sophos discusses his company's latest research and explains why there's reason for optimism in the war on cybercrime.

• November 06, 2018 06 Nov'18

  PortSmash side-channel attack targets Intel Hyper-Threading

  The latest side-channel attack against Intel chips, known as PortSmash, targets Hyper-Threading in order to steal data, such as private OpenSSL keys from a TLS server.

• November 02, 2018 02 Nov'18

  SamSam ransomware campaigns continue to target U.S. in 2018

  News roundup: SamSam ransomware targeted 67 organizations in 2018, according to research. Plus, Equifax is sending its breach victims to Experian for credit monitoring, and more.

• November 02, 2018 02 Nov'18

  Kraken ransomware gets packaged into Fallout EK

  Researchers found Kraken ransomware has become more popular after being packaged in the Fallout exploit kit and becoming part of an affiliate program.

• October 22, 2018 22 Oct'18

  Zero-day jQuery plugin vulnerability exploited for 3 years

  A zero-day in jQuery File Upload could affect thousands of projects because the jQuery plugin vulnerability has existed for eight years and actively exploited for at least three years.

• October 19, 2018 19 Oct'18

  GreyEnergy threat group detected attacking high-value targets

  Researchers claim a new threat group called GreyEnergy is the successor to BlackEnergy, but experts are unsure if the evidence supports the claims or warnings of future attacks.

• October 18, 2018 18 Oct'18

  New libSSH vulnerability gives root access to servers

  A 4-year-old libSSH vulnerability can allow attackers to easily log in to servers with full administrative control, but it is still unclear exactly how many devices are at risk.

• October 16, 2018 16 Oct'18

  Pentagon data breach exposed travel data for 30,000 individuals

  The Department of Defense said a Pentagon data breach exposed travel records for approximately 30,000 military and civilian personnel, but the investigation is still in progress.

• October 12, 2018 12 Oct'18

  Industroyer, NotPetya linked to TeleBots group by ESET researchers

  News roundup: An APT group called TeleBots group was linked to Industroyer malware and NotPetya ransomware, according to researchers. Plus, Imperva is acquired by Thoma Bravo and more.

• October 05, 2018 05 Oct'18

  Compromised Supermicro chips reportedly infiltrated US

  News roundup: A Bloomberg report claimed China infiltrated U.S. companies and government agencies through tiny Supermicro chips on motherboards. Plus, a new Telegram flaw and more.

• September 28, 2018 28 Sep'18

  Facebook breach affected nearly 50 million accounts

  Nearly 50 million accounts were affected in a Facebook breach, but it is still unclear what data attackers may have obtained and who might have been behind the breach.

• September 14, 2018 14 Sep'18

  Researchers bring back cold boot attacks on modern computers

  The idea of cold boot attacks began 10 years ago, but researchers at F-Secure found the attack can be used on modern computers to steal encryption keys and other data.

• September 11, 2018 11 Sep'18

  Robot social engineering works because people personify robots

  Brittany 'Straithe' Postnikoff studied robot social engineering and found personification of robots can lead to effective attacks, regardless of whether or not AI is involved.

• August 17, 2018 17 Aug'18

  Intel disclosed Spectre-like L1TF vulnerabilities

  News roundup: Intel disclosed L1TF vulnerabilities with similarities to Spectre, but with a focus on data. Plus, the NIST Small Business Cybersecurity Act is now a law, and more.

• August 17, 2018 17 Aug'18

  ICS security fails the Black Hat test

  Industrial control systems hit the mainstream at Black Hat this year, with over two dozen program sessions tackling different angles of the subject. The takeaway: Vendors still aren't really trying.

• August 10, 2018 10 Aug'18

  2018 Pwnie Awards cast light and shade on infosec winners

  The Meltdown and Spectre research teams won big at the Pwnie Awards this year at Black Hat, while the late-entry Bitfi Wallet team overwhelmingly won for Lamest Vendor Response.

• August 10, 2018 10 Aug'18

  WhatsApp vulnerabilities let hackers alter messages

  News roundup: New WhatsApp vulnerabilities enabled hackers to alter messages sent in the app. Plus, the PGA was hit with a ransomware attack, and more.

• August 06, 2018 06 Aug'18

  Coinhive malware infects tens of thousands of MikroTik routers

  The cryptominer Coinhive malware has infected tens of thousands of MikroTik routers around the world, as malicious actors take advantage of poor patching habits by users.

• August 02, 2018 02 Aug'18

  Black Hat 2018 conference coverage

  The SearchSecurity team covers the latest threats and vulnerabilities featured at this year's Black Hat USA with news, interviews and more from Las Vegas.

• July 27, 2018 27 Jul'18

  LifeLock vulnerability exposed user email addresses to public

  News roundup: A LifeLock vulnerability exposed the email addresses of millions of customers. Plus, Amazon's Rekognition misidentified 28 members of Congress as criminals, and more.

• July 13, 2018 13 Jul'18

  Ticketmaster breach part of worldwide card-skimming campaign

  News roundup: The Ticketmaster breach was part of a massive digital credit card-skimming campaign. Plus, the U.K. fined Facebook over the Cambridge Analytica scandal, and more.

• July 11, 2018 11 Jul'18

  GandCrab ransomware adds NSA tools for faster spreading

  NSA exploit tools have already been used in high-profile malware. And now, GandCrab ransomware v4 has added the NSA's SMB exploit in order to spread faster.

• July 10, 2018 10 Jul'18

  Stolen digital certificates used in Plead malware spread

  Researchers found the spread of Plead malware was aided by the use of stolen digital certificates, making the software appear legitimate and hiding the true nature of the attacks.

• June 29, 2018 29 Jun'18

  McAfee details rise in blockchain threats, cryptocurrency attacks

  McAfee's new 'Blockchain Threat Report' charts a dramatic rise in cryptomining malware and details four major attack vectors for cryptocurrency-related threats.

• June 22, 2018 22 Jun'18

  China-based Thrip hacking group targets U.S. telecoms

  News roundup: China-based Thrip hacking group used legitimate tools to attack companies in the U.S. and Southeast Asia. Plus, election officials didn't know about hacks, and more.

• June 18, 2018 18 Jun'18

  PyRoMineIoT cryptojacker uses NSA exploit to spread

  The latest malware threat based on the EternalRomance NSA exploit is PyRoMineIoT, a cryptojacker infecting IoT devices. But experts said the NSA shouldn't be held responsible for the damages.