The Federal Bureau of Investigation (FBI) this week shared a series of indicators of compromise (IoCs) associated with the Diavol ransomware family.
FBI Warns Organizations of Diavol Ransomware Attacks
Prolific Chinese APT Caught Using ‘MoonBounce’ UEFI Firmware Implant
Threat hunters at Kaspersky have spotted a well-known Chinese APT actor using an UEFI implant to maintain stealthy persistence across reboots, disk formatting or disk replacements.
Microsoft Edge Adds Security Mode to Thwart Malware Attacks
A new security feature in the latest beta of the Microsoft Edge browser can help protect web surfers from zero-day attacks.
Project Zero: Zoom Platform Missed ASLR Exploit Mitigation
A prominent security researcher poking around at the Zoom video conferencing platform found worrying signs the company failed to enable a decades-old anti-exploit mitigation, a blunder that greatly increased exposure to malicious hacker attacks.
Thousands of Industrial Firms Targeted in Attacks Leveraging Short-Lived Malware
Thousands of industrial organizations worldwide have been hit in campaigns that leverage short-lived malware to harvest corporate credentials that are then sold by threat actors for a profit, according to Kaspersky.
Ukraine Attacks Involved Exploitation of Log4j, October CMS Vulnerabilities
Multi-Factor Authentication Bypass Led to Box Account Takeover
A vulnerability in Box’s implementation of multi-factor authentication (MFA) allowed attackers to take over victim’s accounts without having access to the victim’s phone, according to new research from Varonis.
Five Key Signals From Russia’s REvil Ransomware Bust
The sudden move by Russia’s top law enforcement agency to conduct a very public takedown of the REvil ransomware operation has set tongues wagging about how diplomacy may hold the key to slowing big-game ransomware attacks.
Microsoft Uncovers Destructive Malware Used in Ukraine Cyberattacks
Newly detected WhisperGate malware being used by previously unknown threat group in cyberattacks against Ukraine
Details Published on AWS Flaws Leading to Data Leaks
Researchers at cloud security startup Orca Security have publicly documented a pair of vulnerabilities in AWS CloudFormation and AWS Glue that attackers could use to leak sensitive files or access other customers’ data.
