Dropbox Code Repositories Stolen in Cyberattack on GitHub-Based Developers
A massive phishing campaign targeting GitHub users convinced at least one developer at Dropbox to enter in their credentials and a two-factor authentication code, leading to the theft of...
The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical
Security experts described two highly anticipated vulnerabilities that the OpenSSL Project team patched Tuesday as issues that need to be addressed quickly, but not necessarily meriting a drop-everything-else type...
China-Backed APT10 Supercharges Spy Game With Custom Fileless Backdoor
Chinese-speaking threat actor APT10 has been using a sophisticated and sometimes fileless backdoor to target media, diplomatic, governmental, public sector, and think-tank targets, since at least March, researchers have found.Researchers...
White House Convenes International Ransomware Summit
U.S. officials will meet this week with delegations from more than 36 countries to share intelligence and strategize about how to push back against crippling and costly ransomware attacks...
Patch Now: Dangerous RCE Bug Lays Open ConnectWise Server Backup Managers
ConnectWise has patched a critical remote code execution (RCE) vulnerability in its ConnectWise Recover and R1Soft server backup manager technologies that could give attackers a way to compromise thousands...
Cranefly Cyberspy Group Spawns Unique ISS Technique
Hacking group Cranefly is using the new technique of using Internet Information Services (IIS) commands to deliver backdoors to targets and carry out intelligence-gathering campaigns.Researchers at Symantec have observed...
Dark Web Forum Busts Come Days Apart
A pair of splashy busts this week, one in the US and the other in Germany, demonstrates that global law enforcement teams are actively pursuing Dark Web forum criminal activity. On...
How to Attract Top Research Talent for Your Bug Bounty Program
As vulnerabilities continue to take center stage and organizations look to launch bug bounty and security assurance programs, the competition for good researchers is fierce. But it can be...
Cryptojacking, Freejacking Compromise Cloud Infrastructure
Cryptojacking is creeping back, with attackers using a variety of schemes to leech free processing power from cloud infrastructure to focus on mining cryptocurrencies such as Bitcoin and Monero.Cryptominers...
Cyberattackers Target Instagram Users With Threats of Copyright Infringement
Threat actors are targeting Instagram users in a new phishing campaign that uses URL redirection to take over accounts, or steal sensitive information that can be used in future...
