New ‘Trojan Source’ Method Lets Attackers Hide Vulns in Source Code
Security researchers have discovered a new technique to inject malware into source code while remaining invisible to human reviewers.
The Cambridge University researchers who shared the "Trojan Source" method...
APTs, Teleworking, and Advanced VPN Exploits: The Perfect Storm
Virtual private networks (VPNs), which have become essential for many organizations that provide remote employees with access to private networks since the pandemic's onset, are a popular target for...
Cybercriminals Take Aim at Connected Car Infrastructure
With automobiles becoming increasingly connected, a variety of attacks are emerging: Car thieves abuse keyless entry systems, hackers find new ways to exploit vehicle components, and fraud targets auto...
Russian National Accused of Role in Trickbot Is Extradited to US
Russian national Vladimir Dunaev has been extradited from the Republic of Korea to the United States, where he faces charges for his alleged role in the transnational cybercriminal group...
ICS Security Firm Dragos Reaches $1.7B Valuation in Latest Funding Round
ICS security vendor Dragos has reached a nearly $2 billion valuation in the wake of a $200 million Series D funding round that is led by Koch Disruptive Industries and...
Top Hardware Weaknesses List Debuts
The Cybersecurity and Infrastructure Security Agency (CISA) today announced the first-ever 2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses List of common and especially serious mistakes in hardware that...
SEO Poisoning Used to Distribute Ransomware
Attacks involving SEO poisoning -- where adversaries artificially increase the search engine ranking of websites hosting their malware to lure potential victims -- are on the rise.
In the past...
US to Create Diplomatic Bureau to Lead Cybersecurity Policy
The Biden administration plans to revitalize the State Department and make cybersecurity a core priority with the addition of 500 new civil service positions, a 50% increase in its information...
QR Codes Help Attackers Sneak Emails Past Security Controls
Researchers have observed an attacker using a technique they hadn't previously seen to attempt to sneak phishing emails past enterprise security filters.
Abnormal Security, which reported the campaign this week, says between Sept. 15...
Cybercriminals Ramp Up Attacks on Web APIs
Attacks on Web applications continue to grow, with the majority of malicious activity focused on Web application programming interfaces, or Web APIs, researchers report.
The findings, released Oct. 27 by...
