Trickbot malware has been updated with a bootkit module, nicknamed Trickboot, which can search for UEFI/BIOS firmware vulnerabilities, according to a report from the security firms Eclypsium and Advanced Intelligence. These flaws, if exploited, can give an attacker the ability to brick a device.
Until May, all Apple iOS devices were vulnerable to a "zero-click exploit" that would have allowed hackers to remotely gain complete control and view all emails, photos, private messages and more, says Google security researcher Ian Beer. He alerted Apple to multiple vulnerabilities - all now patched.
Check Point Research has identified new variants of the long-dormant Bandook spyware that are being used for espionage campaigns across the world targeting government, financial, energy, food industry, healthcare, education, IT and legal organizations.
Could hackers inject malicious code that compromises the synthetic DNA supply chain and ultimately tricks bioengineers into inadvertently developing dangerous viruses or toxins? A new research report says that's a growing concern and calls for robust security measures.
Ransomware continues to pummel many types of organizations, recently including South Korea's E-Land retail group, French newspaper Paris-Normandie and a Georgia county school system. A ransomware hit against hosting giant Managed.com has resulted in ongoing site outages for numerous others.
U.K. Prime Minister Boris Johnson announced Thursday the creation of a National Cyber Force designed to strengthen Britain's cybersecurity posture and give the country new defensive and offensive capabilities. Some security experts, however, are raising concerns about recruiting enough qualified staff members.
Three state-sponsored advanced persistent threat groups - one Russian, two North Korean - have been targeting companies across the globe involved with COVID-19 vaccine and treatment development, Microsoft says.
The lack of automation and actionable threat intelligence may be preventing enterprises from developing the fully functional Cyber Fusion Centers they envision. Anomali's Mark Alba shares ideas on how to change that.
The good news: U.S. election security measures seem to have worked. The bad news: Disinformation and misinformation campaigns continue. Tom Kellermann, who served as a cybersecurity adviser to President Obama, offers advice for President-elect Joe Biden and others on protecting critical infrastructure.
President-elect Joe Biden's approach to cybersecurity will likely mirror that of his old boss, former President Barack Obama. Expect Biden's White House to increase pressure on Russia, practice greater involvement in cybersecurity and return to higher levels of coordination than President Trump demanded.
The operators behind a botnet dubbed "Gitpaste-12" are abusing legitimate services such as GitHub and Pastebin to help hide the malware's malicious infrastructure, according to Juniper Threat Labs. This botnet mainly targets Linux apps and IoT devices and can mine cryptocurrency.
See how the different security vendors stack up.
Get an overview of endpoint security features, and capabilities, including next-gen technologies;
Compare the leading vendors including Sophos, Symantec, McAfee, Kaspersky, Microsoft, Bitdefender, Trend Micro, SentinelOne, and CrowdStrike;
See a summary of...
Stop the widest range of attacks with industry's most comprehensive next-gen endpoint protection.
Download this whitepaper to:
Stop unknown threats with deep learning;
Protect against ransomware with CryptoGuard;
Deny the attacker with signatureless exploit prevention.
The operators behind the Ryuk strain of malware are increasingly relying on a malware-as-a-service tool - the Buer loader - to deliver the malware, rather than botnets such as Trickbot and Emotet, the security firm Sophos reports.