The University of Portsmouth continues to struggle to recover from a suspected ransomware attack, with key IT systems still down. The attack occurred roughly a week ago, delaying the start of the new term. The university stated that an ongoing technical disruption caused the outage in a notice displayed on

The NitroRansomware malware strain launched a new campaign demanding Discord Nitro gift codes from victims instead of actual money. Although this seems like a less viable threat, research into the campaign showed that the NitroRansomware can then inflict serious damage in follow-up attacks on the same victims. The platform, Discord

Facebook has recently resolved an issue that allowed attackers to delete content posted on Facebook Live without the consent of the video’s owner. Just two days ago, cybersecurity researcher Ahmad Talahmeh posted an advisory explaining how the vulnerability worked and providing a Proof-of-Concept code that was able to trigger an

Ukrainian national Fedir Hladyr has received 10 years behind bars for his part in financial crimes that cost firms and consumers billions. Hladyr was the manager and sysadmin for FIN7, also known as Carbanak, which is believed to have made millions of dollars by targeted banks, restaurants, gambling, and hospitality

The National Security Agency (NSA) has released an alert warning that five vulnerabilities are being actively targeted by nation-state actors. The bugs affect VPN solutions, collaboration-suite software, and virtualization technologies in widely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor, and VMware. According to the NSA, the goal of the

Google has announced that they will not publish vulnerabilities details for 30 days after the initial public disclosure, allowing customers more time to fix the bugs and implement patches before technical details are released that could potentially be used by an attacker to exploit the flaw. Google’s Project Zero team

Google has backed a new IoT security certification designed for mobile apps and VPNs, created by the Internet of Secure Things Alliance (ioXt). The program includes a mobile app profile, which consists of a set of security-related criteria by which apps can be certified for public use. The assessment also

Compromised Exchange servers were targeted by threat actors to host malicious Monero cryptominer. Any unpatched exchange servers are now vulnerable to Cryptojacking in the ProxyLogon exploit. The Exchange servers were compromised and were infected with ransomware and webshells to host Monero. The exploit is referred to as the ProxyLogon exploit.

Russia’s Foreign Intelligence Service, SVR, has been officially blamed for the cyberattack on SolarWinds by the Biden administration. Sanctions against a number of IT security firms that helped enable the attack and other malicious cyber activities have been implemented. Positive Technologies and other smaller IT security firms were placed on

Hackers are currently utilizing search engine optimization (SEO) tactics to direct users seeking common business forums such as invoices, receipts, or other templates to redirect them to hacker-controlled domains. According to eSentire’s Threat Response Unit, attackers are currently in possession of more than 100,000 malicious Google sites that seem legitimate