A Chinese hacking group linked to state authorities has upgraded its capabilities to target companies with headquarters in the United States and East Asia, warns an alert from Japanese and American cyber agencies. The group, BlackTech, has a customized firmware backdoor tailored for Cisco routers.
Ukrainian cyber defenders are girding for an onslaught of cyberattacks against the energy sector as cold weather returns. That warning comes as Kyiv has observed Russian state hackers also stepping up attacks against law enforcement in a likely bid to spy on the gathering of evidence of war crimes.
The British government's first-ever global summit on artificial intelligence will focus on mitigating cybersecurity and safety risks tied to the emerging technology. The AI Safety Summit planned for Nov. 1-2 will focus on mitigating risks tied to frontier AI.
Security researchers discovered a novel backdoor targeting a governmental agency in the Middle East for espionage purposes. Deadglyph is unique because it's made up of different parts written in different programming languages: native x64 binary and a .NET assembly.
Chinese and North Korean nation-state groups continue to pose significant "unique threats" to the U.S. healthcare and public health sector, including data exfiltration attacks involving espionage and intellectual property theft, federal authorities warned Thursday in a brief naming the top groups.
SentinelOne observed suspected cyberespionage actors of unknown origin using modular backdoors and highly stealthy tactics in August to target telecommunication companies in the Middle East, Western Europe and South Asia. The group, tracked as Sandman, is using the novel backdoor LuaJIT.
A recent, brief disruption at Canadian airports is a reminder that Russia-aligned hacking groups' bark remains worse than their bite. Experts say these groups' impact largely remains minimal, which begs the question of how they disrupted arrival kiosks across Canadian airports.
Federal authorities are warning of "significant risk" for potential attacks on healthcare and public health sector entities by the North Korean state-sponsored Lazarus Group involving exploitation of a critical vulnerability in 24 Zoho ManageEngine products.
Iranian state threat actor "Peach Sandstorm" is growing in sophistication, warns Microsoft in an alert about a campaign of password hacking targeting the satellite, defense and pharmaceutical sectors. The group's newfound polish is reflected in what the hackers did after establishing persistence.
Cybersecurity researchers at Symantec said a cybercriminal entity with possible ties to the Chinese government used the ShadowPad Trojan to target an Asian country's national power grid earlier this year. The Redfly APT group focused on stealing credentials and compromising multiple computers.
Hackers aligned with the Iranian state are targeting vulnerable Microsoft Exchange Servers to deploy a new malware backdoor that has already victimized over two dozen Israeli organizations as part of an ongoing espionage campaign. Hackers' initial access point into systems likely was ProxyLogon.
Multiple nation-state hacking groups have been exploiting known flaws in Zoho ManageEngine software and Fortinet firewalls to steal data, cybersecurity officials warn. A new alert details exploits of each vulnerability by separate groups that targeted the same aeronautical firm.
Chinese hackers were able to access the email accounts of senior U.S. officials after Microsoft included an active digital signing key in a snapshot of data taken to analyze a crash of its consumer signing system in April 2021. Inclusion of the key in the crash dump was just one of many mishaps.
Ukrainian cyber defenders say Russian military hackers targeted a critical energy infrastructure facility with phishing emails containing a malicious script leading to cyberespionage. An energy facility cyber defender impeded the attack by blocking the launch of indows Script Host, CERT-UA says.
Multiple hackers are minting newer capabilities from an open-source information stealer to spawn new variants. The malware steals sensitive information such as corporate credentials, which are resold to other threat actors for attacks, including operations related to espionage or ransomware.