Security News

Cisco Talos identified the Sundown exploit kit as an up-and-coming contender that may soon rival RIG in terms of size and volume.

Microsoft said Russian APT group Sofacy, which has ties to the country’s military intelligence operations, has been using Windows kernel and Adobe Flash zero day vulnerabilities in targeted attacks.

Google announced Monday that it will distrust certificates issued by WoSign and StartCom when in it ships Chrome 56 in January 2017.

IoT devices are being infected by new DDoS malware called Linux/IRCTelnet that borrows heavily from Aidra, Bashlite and Mirai.

Researchers have found a phony Flash Player download for Android that installs banking malware and steals banking credentials.

Google today disclosed the existence of a Windows zero-day vulnerability under attack. The flaw was reported to Microsoft 10 days ago; Microsoft says the disclosure puts users at risk.

A variant of the Nymaim dropper has surfaced, and it includes new delivery methods, obfuscation techniques, and the use of PowerShell to download payloads.

The Shadowbrokers dumped lists of hacked servers compromised by the Equation Group and allegedly used in its campaigns.

The Article 29 Working Party, an EU privacy coalition urges WhatsApp to clarify that user information shared between the company and Facebook is compliant with data protection laws on the books in Europe.

In a move to bolster security for the Chrome browser, Google sets a date for making Certificate Transparency mandatory for website owners.