Last month, researchers with Dr. Web discovered that a number of apps on the Google Play Store were riddled with malware, including banking Trojans, adware, spyware, and info stealers. The malicious apps claimed to be games, tools, camera plugins or other seemingly legitimate software. Among the discovered malware samples was

Last month, cybersecurity firm Imperva announced that the data of a “subset of customers” of Imperva’s Cloud Web Application Firewall was exposed in a “security incident” in September 2017. This week, the company published an analysis of the breach, which shows that the incident was made possible by the company

Two European web forums serving sex workers and their customers have been breached by a Bulgarian threat actor who is now selling 330,000 stolen user records on underground marketplaces. The hacker, who uses the moniker InstaKilla, exploited a recently disclosed critical vulnerability in vBulletin in order to steal 300,000 records

Most US adults are not familiar with basic tech and cybersecurity concepts, a new survey by Pew Research Center reveals. Just 28% of respondents were capable of selecting an example of two-factor authentication from a set of images, and only 30% knew what HTTPS is. Furthermore, less than a quarter

A recent One Identity survey[pdf] conducted among IT professionals sheds light on Pass the Hash (PtH) attacks, in which threat actors use stolen hashed administrator credentials in order to compromise systems. A staggering 95% of organizations have suffered PtH attacks that impacted business operations. PtH attacks often impacted operational costs

In the past 12 months, 56% of utility companies around the world suffered at least one cyberattack resulting in the loss of private data or downtime affecting their operational technology (OT) systems, a recent survey by Siemens and Ponemon Institute found. More than half are anticipating a cyberattack targeting critical

An investigation by ESET has uncovered Attor, a previously unknown cyber-espionage platform that has been used by threat actors to carry out campaigns targeting government and diplomatic entities in Eastern Europe since at least 2013. Zuzana Hromcová of ESET said the attacks were “highly targeted at users of these Russian

82% of organizations suffered a DNS attack last year, and many companies were hit multiple times, with the average number of attacks per company falling just short of 9.5, a new report by EfficientIP shows. Because the average cost per attack exceed $1.3 million, companies can expect to lose over

A new report by Amnesty International accuses Israeli spyware vendor NSO Group of providing the Moroccan government with cyber espionage tools that were used to target a freedom of expression activist and a human rights lawyer in the country. The targets both received text messages containing malicious links that would

For the last seven years, iTerm2, the most used terminal emulator for macOS, contained a critical flaw that could have enabled threat actors to run arbitrary code on vulnerable systems in various ways. This is especially worrisome considering the fact that the application’s user base consists in large part of