Security News

A newly discovered multistage remote access trojan dubbed ZuoRAT has been used to target remote workers via small office/home office routers across North America and Europe undetected since 2020. The start of this campaign roughly lines up with a quick shift to remote work after the start of the COVID-19 pandemic which drastically increased the number of SOHO routers used by employees to access corporate assets from home.

It’s day two of Infosecurity Europe 2022 at the ExCeL in London. Here’s a look at the event, the featured vendors are: Akamai, SecurityScorecard, Edgescan, ManageEngine, Securonix, F5, ServiceNow,...

Infosecurity Europe 2022 opened its doors today at the ExCeL in London, here’s a look inside the event. The featured vendors are: Akamai Technologies, AlgoSec, Appgate, AwareGO, Bridewell,...

An advanced persistent threat group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020. At the time, the hacking group exploited the ProxyLogon Exchange flaws that allowed them to gain remote code execution on vulnerable servers to deploy China Chopper web shells.

Infosecurity Europe 2022 opened its doors today at the ExCeL in London. Here’s a look at the event, the featured vendors are: Arctic Wolf Networks, Bridewell, Checkmarx, Cisco, CrowdStrike,...

A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office "Follina" vulnerability to target government entities in Europe and the U.S. Enterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw, which is being tracked CVE-2022-30190. The payload, which manifests in the form of a PowerShell script, is Base64-encoded and functions as a downloader to retrieve a second PowerShell script from a remote server named "Seller-notification[.]live."

A new joint Cybersecurity Advisory has been issued by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, the Department of the Treasury and the Financial Crimes Enforcement Network to raise awareness and provide information about the Karakurt Data Extortion Group. The Karakurt Data Extortion Group, also known as Karakurt Team and Karakurt Lair, is a threat actor threatening companies to publicly disclose internal stolen data unless they receive payment of a ransom, which ranges from $25,000 USD to $13,000,000 USD in Bitcoin, within a week.

In an ArXiv paper titled "YASM," Kaspar Rosager Ludvigsen and Shishir Nagaraja, of the University of Strathclyde, and Angela Daly, of the Leverhulme Research Center for Forensic Science and Dundee Law School, in Scotland, revisit CSS as a way to ferret out CSAM and conclude the technology is both ineffective and unjustified. Client-side scanning in this context involves running software on people's devices to identify unlawful images - generally those related to the exploitation of children but EU lawmakers have also discussed using CSS to flag content related to terrorism and organized crime.

Europe has moved closer toward new cybersecurity standards and reporting rules following a provisional network and information systems agreement dubbed NIS2 by the European Council and Parliament. Once approved, NIS2 [PDF] will replace the current Directive on Security of Network and Information Systems, aka NIS, which was adopted in 2016.

The European Parliament announced a "Provisional agreement" aimed at improving cybersecurity and resilience of both public and private sector entities in the European Union. The revised directive, called "NIS2", is expected to replace the existing legislation on cybersecurity that was established in July 2016.