A new variant of the Aberebot banking Trojan has been discovered by Cyble's researchers. Christened Aberebot-2.0, the latest malware version not only uses more advanced spying capabilities, it also has increased its target list to 213 banking apps and nine crypto wallets in 22 countries.
A recently discovered botnet is infecting thousands of AT&T internet subscribers in the U.S., using a critical-severity blind command injection flaw first reported in 2017, according to new findings from China-based cybersecurity researchers.
A Microsoft zero-day vulnerability has not been fixed by the technology giant despite having been reported months ago, according to a security researcher. To protect users, a micropatching service, 0patch, has issued unofficial, free patches.
Could the internet of things be made more secure? A draft law in Britain would impose stronger cybersecurity regulations for manufacturers, importers and distributors of smartphones, TVs, toys and other "connected" digital devices, backed by the threat of fines of up to $13 million for noncompliance.
Drawing on his deep background in technology, government and law, cybersecurity adviser Tony Scott delves into many pressing issues in cybersecurity today - including zero trust. In this episode of "Cybersecurity Unplugged," he says organizations should get started on the journey now.
CISA this week issued playbooks for incident and vulnerability response, providing federal civilian agencies with a standard set of procedures to both respond to incidents and address vulnerabilities on government networks.
Google’s Threat Analysis Group has released details of a watering hole campaign targeting a macOS zero-day exploit chain to install a never-before-seen malware on devices of users visiting Hong Kong websites of a media outlet and a prominent pro-democracy labor and political group.
Cloud video conferencing provider Zoom has released patches for multiple vulnerabilities in its product that could have allowed criminals to intercept data from meetings and attack customer infrastructure.
A penetration testing company discovered a critical zero-day vulnerability in Palo Alto Networks' GlobalProtect VPN product but did not inform the company until about 11 months later. The situation stirred debate over whether that posed unnecessary risks.
Microsoft's November Patch Tuesday security update covers 55 security fixes, six of which are zero-day vulnerabilities, with two flaws being actively exploited in the wild. Does the relatively low number for November mean there is a patch backlog at Microsoft?
As ransomware attacks continue to dominate headlines, Quentyn Taylor, a Canon director of information security, cautions organizations not to forget about "some of the other threats, like business email compromise," which continue to cripple organizations through financial and reputational damage.
Threat actors have breached critical systems internationally by exploiting a recently patched vulnerability in Zoho’s ManageEngine product ADSelfService Plus, with a suspected Chinese threat group leveraging leased infrastructure to scan hundreds of vulnerable organizations.
Norway's railway network, Bane NOR, is undergoing a nationwide digitization process. Its CISO, Tom Remberg, describes the task of replacing legacy technology with digital train control and traffic management systems and how his role as CISO is critical to making that transformation happen.
The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday issued a new directive - BOD 22-01 - requiring federal civilian agencies to patch vulnerabilities known to be actively exploited in the wild.
Roya Gordon of Accenture Security describes how rather than hunting for zero-day vulnerabilities, attackers are exploiting N-Day - or known - vulnerabilities. She also discusses how to better synthesize and act on threat intelligence.