The credential-stealing trash panda is using the chat app to store and update C2 addresses as crooks find creative new ways to distribute the malware.
Be careful when downloading a tool to cyber-target Russia: It could be an infostealer wolf dressed in sheep’s clothing that grabs your cryptocurrency info instead.
A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old “security by obscurity” ways.
FinCEN warns financial institutions to beware of unusual cryptocurrency payments or illegal transactions Russia may use to evade restrictions imposed due to its invasion of Ukraine.
Let’s blame the victim. IT decision makers’ confidence about security doesn’t jibe with their concession that repeated incidents are their own fault, says ExtraHop’s Jamie Moles.
The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things.
The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks.
Customers aren’t locking down access correctly, leading to ~70 percent of ServiceNow implementations tested by AppOmni being vulnerable to malicious data extraction.
Also on the rise: DDoS attacks against Ukrainian sites and phishing activity capitalizing on the conflict, with China’s Mustang Panda targeting Europe.
The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug.