Security News

As if attacks from China weren't enough, one of the Air Force's own has reportedly gone rogue The US government is fighting a pair of cyber security incidents, one involving Chinese spies who...

Security experts from HackerOne and beyond weigh in on malicious prompt engineering and other attacks that could strike through LLMs. HackerOne, a security platform and hacker community forum, hosted a roundtable on Thursday, July 27, about the way generative artificial intelligence will change the practice of cybersecurity. How threat actors take advantage of generative AI. "We have to remember that systems like GPT models don't create new things - what they do is reorient stuff that already exists stuff it's already been trained on," said Klondike.

The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect module that's used for post-compromise activity on hacked systems, new findings from Team Cymru reveal. "For the past several months, BackConnect traffic caused by IcedID was easy to detect because it occurred over TCP port 8080," Palo Alto Networks Unit 42 said in late May 2023.

The ongoing banking and economic turmoil has opened the floodgates to fraudsters. In this Help Net Security video, ex-British Intelligence officer Alex Beavan, Head of Ethics and Anti-Corruption...

A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it's a significant upgrade over the Pupy RAT, an open-source remote access trojan it's modeled on. Other new features allow the malware to execute arbitrary Java code on the client and connect to emergency controllers using a mechanism that's similar to a traditional DNS domain generation algorithm, with the Decoy Dog domains engineered to respond to replayed DNS queries from breached clients.

According to the new Uptycs' whitepaper, Stealers are Organization Killers, a variety of new info stealers have emerged this year, preying on Windows, Linux, and macOS systems. A stealer is a type of malware that targets its victim by stealing sensitive information that can include passwords, login credentials, and other personal data.

Inventive attackers are specifically targeting Mac systems, as seen with the "Geacon" Cobalt Strike tool attack. To understand the state of cybersecurity on the Mac, the Moonlock team, a dedicated group of MacPaw's researchers and engineers focused on the cybersecurity needs of Mac users, conducted a survey.

Want a custom security dashboard to bring together data from multiple places? Microsoft Power BI can do that and help you spot what's changing. If the security tools you use don't have the right dashboards and reports to help you see at a glance what's going on with your systems, you can build them yourself in Power BI - and you don't need to be an expert in analytics to create something useful.

Listeners will probably know that Virus Total is a very popular service where, if you've got a file that either you know it's malware and you want to know what lots of different products call it, or if you think, "Maybe I want to get the sample securely to as many vendors as possible, as quickly as possible". The file is meant to be made available to dozens of cybersecurity companies almost immediately.

Below we explore the motivations behind these threats, the most prevalent attack strategies, and the steps you can take to protect your web applications. That's not to say that web applications without payment or personal data processing capabilities are immune to attacks.