Security News

The next generation of enterprise cyber threats will see external and internal threats and threat actors colliding into a hybrid threat model. The hybrid threat actors have even taken the threat matrix one step further and have launched physical attacks.

"The Borat RAT provides a dashboard to Threat Actors to perform RAT activities and also has an option to compile the malware binary for performing DDoS and ransomware attacks on the victim's machine," the researchers wrote in a blog post, noting the malware is being made available for sale to hackers. Borat - named after the character made famous by actor Sacha Baron Cohen in two comedy films - comes with the standard requisite of RAT features in a package that includes such functions as builder binary, server certificate and supporting modules.

Threat actors from North Korea have been exploiting a vulnerability in Google Chrome to target certain users with remote code, particularly news outlets, software vendors and fintechs in the United States. On Feb. 10, Google's TAG team discovered two distinct threat actors using that vulnerability to target U.S.-based organizations spanning news media, IT, cryptocurrency and fintech industries.

FCC adds Kaspersky, Chinese companies to list of potential threats to national security. The Federal Communications Commission's Public Safety and Homeland Security Bureau has added three companies to the list of communications equipment and services that pose a threat to national security through access to user information.

The new FBI warning [PDF] came a day after the US Department of Justice unsealed a pair of indictments that detail alleged Russian government efforts to use supply chain attacks and malware in an attempt to compromise and control critical infrastructure. One of the two indictments involves Triton malware and its use in the 2017 attack.

Many experts attempt to use traditional threat modeling as their first line of business to address security in the SDLC. But what if everyone is doing threat modeling wrong? The industry standard for how we conduct threat modeling today evolved from past meetings where security professionals piled into a conference room and brainstormed potential threats that might affect their software.

New solutions such as Extended Threat Intelligence are needed. There are some platforms that bring a new approach that integrates Cyber Threat Intelligence, Digital Risk Protection, and External Attack Surface Management capabilities to realign security thinking from that of a defender to that of an attacker.

The U.S. Federal Communications Commission on Friday moved to add Russian cybersecurity company Kaspersky Lab to the "Covered List" of companies that pose an "Unacceptable risk to the national security" of the country. Also added alongside Kaspersky were China Telecom Corp and China Mobile International USA. The block list includes information security products, solutions, and services supplied, directly or indirectly, by the company or any of its predecessors, successors, parents, subsidiaries, or affiliates.

The United Stations Federal Communications Commission has labelled Kaspersky, China Mobile, and China Telecom as threats to national security. Kaspersky is the first non-Chinese company to be added to the FCC's list, but the agency did not tie its decision to Russia's illegal invasion of Ukraine.

Ransomware was a top threat in 2021, and groups have adopted new techniques to evade detection and maximize earnings, a report from Red Canary reveals. The report explores the top 10 threats...