Security News

THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeter
2023-03-18 05:55

Instead, they target users directly through social engineering, spearphishing and business email compromise. In this landscape of highly targeted cyberattacks, the identity perimeter has emerged as a crucial battlefield.

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download
2023-03-14 13:10

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download. TechRepublic Premium offers a rich selection of content from tech experts, industry analysts and real-world IT professionals. Within our library of exclusive content, you'll find original research reports, customizable policies and templates, ready-made lunch-and-learn presentations, job descriptions, calculators, time-saving checklists and PDF collections of the best content from TechRepublic.

New Hacking Cluster 'Clasiopa' Targeting Materials Research Organizations in Asia
2023-02-23 12:07

Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools. Symantec, by Broadcom Software, is tracking the cluster under the moniker Clasiopa.

Hydrochasma hackers target medical research labs, shipping firms
2023-02-22 15:47

A previously unknown threat actor named Hydrochasma has been targeting shipping and medical laboratories involved in COVID-19 vaccine development and treatments. A characteristic of Hydrochasma attacks is that they rely only on open-source tools and "Living off the land" tactics, leaving no traces that could lead to attribution.

North Korean hackers stole research data in two-month-long breach
2023-02-02 17:56

A new cyber espionage campaign dubbed 'No Pineapple!' has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction. The campaign is named after the '' error seen transmitted by a remote access malware when uploading stolen data to the threat actor's servers.

Zacks Investment Research data breach affects 820,000 clients
2023-01-25 18:45

Hackers breached Zacks Investment Research company last year and gained access to personal and sensitive information belonging to 820,000 customers. Founded in 1978, the company helps investors with stock buying decisions by using advanced financial data analytics algorithms.

Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium
2023-01-24 11:33

Vulnerability analysis results in Orange Cyberdefenses' Security Navigator show that some vulnerabilities first discovered in 1999 are still found in networks today. The chart below suggests that even Critical Vulnerabilities are taking around 6 months on average to resolve, but that is encouragingly at least 36% faster than the time for low-severity issues.

New Research Delves into the World of Malicious LNK Files and Hackers Behind Them
2023-01-19 13:01

Cybercriminals are increasingly leveraging malicious LNK files as an initial access method to download and execute payloads such as Bumblebee, IcedID, and Qakbot. A recent study by cybersecurity experts has shown that it is possible to identify relationships between different threat actors by analyzing the metadata of malicious LNK files, uncovering information such as the specific tools and techniques used by different groups of cybercriminals, as well as potential links between seemingly unrelated attacks.

Research reveals where 95% of open source vulnerabilities lie
2022-12-09 05:30

New research from Endor Labs offers a view into the rampant but often unmonitored use of existing open-source software in application development and the dangers arising from this common practice. As just one example, the research reveals that 95% of all vulnerabilities are found in transitive dependencies - open-source code packages that developers do not select, but are indirectly pulled into projects.

Xi Jinping hails 'improved cyber ecology', says state to direct strategic tech research
2022-10-16 22:46

Chinese president Xi Jinping has opened the 20th Congress of the Chinese Communist Party with a call for the nation he leads to win the race for development of "Core technologies" and to become self-reliant in strategic tech. In his Sunday speech he spoke of innovation being focused on national strategic requirements - therefore led by the State - and linked the development and implementation of information technology to national security.