Log4j Attack Surface Remains Massive
Four months after the Log4Shell vulnerability was disclosed, most affected open source components remain unpatched, and companies continue to use vulnerable versions of the logging tool.
Author: Jai Vijayan, Contributing Writer
Iranian Hacking Group Among Those Exploiting Recently Disclosed VMWare RCE Flaw
Threat actor is using the flaw to deliver Core Impact backdoor on vulnerable systems, security vendor says.
Zero-Day Exploit Use Exploded in 2021
Ransomware and other financially motivated threat actors joined nation-state-backed groups in leveraging unpatched flaws in attack campaigns, new data shows.
6 Malware Tools Designed to Disrupt Industrial Control Systems (ICS)
Stuxnet was the first known malware built to attack operational technology environment. Since then, there have been several others.
Millions of Lenovo Laptops Contain Firmware-Level Vulnerabilities
Three flaws present in consumer laptops can give attackers a way to drop highly persistent malware capable of evading methods to remove it, security vendor says.
New Malware Tools Pose ‘Clear and Present Threat’ to ICS Environments
The recent discovery of highly customized malware targeting programmable logic controllers has renewed concerns about the vulnerability of critical infrastructure.
Microsoft Leads Operation to Disrupt Zloader Botnet
The banking Trojan-turned-ransomware-distribution tool has been a potent threat since late 2019.
Microsoft Leads Operation to Disrupt Zloader Botnet
The banking Trojan-turned-ransomware-distribution tool has been a potent threat since late 2019.
Russian Group Sandworm Foiled in Attempt to Disrupt Ukraine Power Grid
The attack involved use of a new version of Industroyer tool for manipulating industrial control systems.
Google Removes Dangerous Banking Malware From Play Store
SharkBot was hidden in apps masquerading as antivirus tools.