With less than two months left in the year, security researchers and businesses are already looking to the future to see which threats and trends will continue to make an impact in the world of cybersecurity in 2019. Ian Kilpatrick, EVP of cybersecurity at the Nuvias Group has outlined his… Read more

A new report from the World Economic Forum (WEF) shows cyberattacks are the business risk of greatest concern in North America, Europe, and East Asia and Pacific (EAP) regions. The WEF polled 12,000 private-sector decision makers from about 130 countries to compile its new report, which illustrates regional impact of… Read more

Google says it is investigating an unorthodox routing of internet traffic that on Monday sent traffic bound for its cloud services instead to internet service providers in Nigeria, Russia and China. The routing problems persisted for about two hours before they were fixed, says Alex Henthorn-Iwane, vice president of product marketing… Read more

Internet Explorer’s scripting engine was the favorite target of a North Korean cyber-espionage group this year, after the hackers deployed two zero-days, but also crafted new exploits for two other older vulnerabilities. The group’s name is DarkHotel, a cyber-espionage group that McAfee and many other cyber-security firms have already linked to the… Read more

A large-scale spam campaign has launched, spreading the Emotet malware. Emotet is technically a banking trojan, but it’s most often used as a dropper for a variety of secondary payloads, with credential-stealing, network propagation, sensitive information harvestin and other capabilities. Recently, Emotet added a new module to up the ante on its ability… Read more

When a Belgian locksmith attacked the Pakistani Air Force, researchers at Cylance took notice. The locksmith probably never knew his website had been taken over by a nation-state hacking group as a command-and-control server, nor that exploit-laden Microsoft Word documents crafted to spear-phish Pakistani Air Force officers were hosted there… Read more

McAfee Labs researchers have discovered new Russian malware, dubbed WebCobra, which harnesses victims’ computing power to mine for cryptocurrencies. WebCobra silently drops and installs the Cryptonight miner or Claymore’s Zcash miner, depending on the architecture WebCobra finds. This cryptocurrency mining malware is uncommon in that it drops a different miner depending… Read more

The U.S. Secret Service issued an internal alert to law enforcement partners about identity thieves abusing the U.S. Postal Service’s Informed Delivery, a service that allows you to digitally preview your mail and manage package delivery. ID thieves have been using the Informed Delivery service “to identify and intercept mail, and… Read more

The French government announced on Monday a “Paris Call” for talks to lay out a common framework for ensuring internet security, following a surge in cyberattacks which has dented confidence in global networks. The move aims to relaunch negotiations on a “code of good conduct” which have stalled since last… Read more

Everyone has seen them: applications that come on many new systems offering services with unfamiliar names, or apps that have familiar names but are offered on sites that aren’t from their publishers. They’re grayware – or “potentially unwanted applications” – and they’re an ongoing issue for computer security. Grayware’s nature… Read more

An Adobe ColdFusion vulnerability, patched two months ago, was being exploited in the wild by a China-linked APT group, researchers found. The vulnerability, CVE-2018-15961, is a critical unrestricted file upload bug that could also lead to arbitrary code-execution, researchers at Volexity, who discovered the exploitation, have said. “Volexity recently observed… Read more

As the popularity of cryptocurrency rises, so does the amount of cryptominer Trojans that are being created and distributed to unsuspecting victims. One problem for cryptominers, though, is that the offending process is easily detectable due to their heavy CPU utilization. To make it harder to spot a cryptominer process that is… Read more

A critical security flaw affecting a GDPR compliance plugin for WordPress has been exploited in the wild to take control of vulnerable websites, users have been warned. The WordPress GDPR Compliance plugin, which has over 100,000 active installations, is designed to help the administrators of websites become compliant with the EU’s General… Read more

The Trickbot banking malware has added yet another tool to its arsenal, allowing crooks to steal passwords as well as steal browser data including web history and usernames. The malware first appeared in 2016, initially focused on stealing banking credentials — but Trickbot is highly customisable and has undergone a series… Read more

A malicious group known as the “Inception attackers” has been using a year-old Office exploit and a new backdoor in recent attacks, Palo Alto Networks security researchers warn. Active since at least 2014, the group has used custom malware and against targets spanning various industries worldwide, with a special interest… Read more