Security News

Dubbed "DarkTortilla," the crypter usually delivers information stealers and remote access trojans like AgentTesla, AsyncRat, NanoCore, and RedLine, though some samples have been seen delivering such targeted payloads as Cobalt Strike and Metasploit, according to researchers with Secureworks' Counter Threat Unit. Rob Pantazopoulos, senior security researcher with the CTU, told The Register that it's unusual for malware like DarkTortilla to be active for so long and not be detected, but that it was helped by being among a number of generic.

AdvIntel has released a new publication about several threat actors now using BazarCall in an effort to raise awareness of this threat. Once done, the threat actor has a functional backdoor to the victim's computer, which can later be used for further exploitation.

UTM is thought to be an all-in-one solution for cybersecurity. In general, it is a versatile software or hardware firewall solution integrated with IPS and other security services.

It covers elements of critical infrastructure exploitation, adversarial artificial intelligence, initial access brokers, critical event management, extended detection and response, and other issues shaping our current security environment. This report covers topics confronting individuals and organizations around the world.

For the most part, hackers don't even have to hide in the dark recesses of the web to take advantage of people any longer; they can be found right in plain sight on social media sites or forums, professionally advertised with their websites, and may even approach you anonymously through such channels as Twitter. A series of new DDoS for Hire are commoditizing the art of hacking and reducing the barrier to launching DDoS attacks.

Cybercriminals and threat actors work around the clock, with attacks originating from around the world. All businesses, including SMBs, need to be always on alert for new threats and available to respond at any moment to an incident.

In this video interview with Help Net Security, Stephanie Aceves, Sr. Director of Threat Response, Product Management at Tanium, talks about what organizations are doing wrong when it comes to threat response. Aceves illustrates interesting situations she encountered during ethical hacking engagements, and offers advice to CISOs that want to hire a red team.

Patching security vulnerabilities should be a straightforward process. A report released Monday, August 8, by security firm Rezillion looks at how older vulnerabilities patched by the vendor still pose risks to organizations.

In Q1 of 2022, fintech companies experienced 2.5 times more attacks than in the two previous years. The growing rate of cybercrime has added to the market unrest and questioned fintech preparedness; some claimed that the industry players are more susceptible to virtual threats than traditional banking, with greater resources at their disposal.

A new report from Osterman Research codifies the increasing dependence of businesses upon their mobile apps, and reveals a jarring disconnect between the strategic importance of apps versus the level of focus and resources applied to protect organizational apps against runtime threats. This Help Net Security video reveals how run-time security threats against mobile apps and APIs continue to inflict damage on organizations.