A new phishing campaign distributes ZLoader malware using advanced delivery techniques that demonstrate sophisticated understanding of Microsoft Office document formats and techniques, the security firm Forcepoint X-Labs reports.
Traditionally, software development training falls short on security. And as enterprises embrace the “shift left” movement, that gap puts them at risk. Veracode’s Dave Ferguson discusses the gap and how Veracode’s new Security Labs was developed to fill it.
Nearly four years after the WannaCry ransomware hit the world, targeting the EternalBlue vulnerability in Microsoft SMB version 1, security firms say the malware continues to be a top threat detected in the wild by endpoint security products. Why won't WannaCry just die?
The cybersecurity firm McAfee Corp. announced Monday it will sell its enterprise business unit to the private equity firm Symphony Technology Group for $4 billion cash and then focus solely on its consumer business. STG also owns RSA.
Cybersecurity entrepreneur John McAfee, who already faces tax evasion charges, has now been indicted for allegedly using his vast social media following to run cryptocurrency pump-and-dump schemes as well as promote virtual currencies to investors without revealing his stake in them, federal prosecutors say.
COVID-19 infection rates are down from their record highs, and vaccination numbers grow each day. Are we rounding the corner in this pandemic battle? Keep an eye on the virus variants, says pandemic expert Regina Phelps. We may be on the cusp of yet another surge.
A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says. The company says it prevented more than 2,500 phishing emails tied to the campaign.
Supermicro and Pulse Secure have each issued advisories warning users that some of their products are vulnerable to an updated version of Trickbot malware that features a bootkit module, nicknamed Trickboot, which can search for UEFI/BIOS firmware vulnerabilities.
Just days after Microsoft disclosed four serious flaws in Microsoft Exchange email servers, attackers are going on a wide hunt for vulnerable machines, some security experts say. The flaws could be exploited for creating backdoors for email accounts or installing ransomware and cryptominers.
Ransomware dominated the online-enabled crime landscape in 2020, some security experts say, thanks to the massive profits it's been generating and the relative ease of use for attackers - including support from a burgeoning cybercrime-as-a-service market.
Hackers have targeted units of local government by attempting to exploit unpatched vulnerabilities in Microsoft Exchange email servers, according to a new report by the security firm FireEye. Meanwhile, CISA has updated its alert.
An aviation IT company that says it serves 90% of the world's airlines has been breached in what appears to be a coordinated supply chain attack. Customers of at least four companies - Malaysia Airlines, Singapore Airlines, Finnair Airlines and Air New Zealand - may have been affected by the incident.