Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist

SafeWallet has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a "highly sophisticated, state-sponsored attack," stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper...

PT-2024-6031

Name of the Vulnerable Software and Affected Versions: Versa Director versions prior to 22.1.4 Description: The vulnerability in Versa Director allows attackers to upload malicious files, posing a serious threat to organizations. This flaw can be exploited by authenticated users with...

PT-2021-4648 · Microsoft · Windows Mshtml Platform +1

Name of the Vulnerable Software and Affected Versions: Windows MSHTML Platform affected versions not specified Description: The issue is related to a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. This can affect the system and potentially lead to information...

Cybersecurity Firm FireEye Got Hacked; Red-Team Pentest Tools Stolen

FireEye, one of the largest cybersecurity firms in the world, said on Tuesday it became a victim of a state-sponsored attack by a "highly sophisticated threat actor" that stole its arsenal of Red Team penetration testing tools it uses to test the defenses of its customers. The company said it's...

Addressing cybersecurity risk in industrial IoT and OT

As the industrial Internet of Things IIoT and operational technology OT continue to evolve and grow, so too, do the responsibilities of the Chief Information Security Officer CISO. The CISO now needs to mitigate risks from cloud-connected machinery, warehouse systems, and smart devices scattered...

DNS Hijacking Abuses Trust In Core Internet Service

Authors: Danny Adamitis, David Maynor, Warren Mercer, Matthew Olney and Paul Rascagneres. Update 4/18: A correction has been made to our research based on feedback from Packet Clearing House, we thank them for their assistance Preface This blog post discusses the technical details of a...

Congressional Leaders Demand Answers on Yahoo Breach

Vermont Senator Patrick Leahy, along with a number of his Democratic congressional colleagues, has demanded answers from Yahoo CEO Marissa Mayer about what is now the biggest data breach in history. Leahy called the two years between the intrusion of Yahoo’s network and the discovery and disclosu...

Questions Mount Around Yahoo Breach

As Yahoo continues to investigate the biggest data breach in history, pressure is mounting on the company to admit when it knew about the attack, whether there was a delay in reporting it, and also about how it implements cryptography to secure data it’s responsible for. Security company Venafi...

5 Things Google has Done for Gmail Privacy and Security

Over the past few years, Google has increasingly improved the online security and protections of its Gmail users. Besides two-factor authentication and HTTPS, Google has added new tools and features to Gmail that ensures users security and privacy, preventing cyber criminals and intelligence...

Twitter State-Sponsored Attack Notification

Twitter’s decision to notify users when their accounts are targeted in state-sponsored attacks earned its share of praise. But Twitter’s silence in terms of specifics about the attacks—whether by choice or gagged by a National Security Letter—has foisted some anxiety upon those who were notified....

Twitter State-Sponsored Attack Notification

Update A relatively small number of Twitter users, including a few connected to security and privacy advocacy, have been informed that their accounts have been targeted by state-sponsored hackers. Notifications began appearing in the inboxes of affected users two days ago, with very little concre...

Powerful Linux Trojan 'Turla' Infected Large Number of Victims

Security researchers have discovered a highly nasty Linux trojan that has been used by cybercriminals in state sponsored attack in order to steal personal, confidential information from government institutions, military and pharmaceutical companies around the world. A previously unknown piece of ...

USPS Breach Hits Customers, Employees

The United States Postal Service is continuing its investigation around a cyber attack at the agency that managed to compromise the information of both employees and customers earlier this year. The USPS announced in a statement on Monday that it recently fell victim to a “cyber intrusion inciden...

Israeli Road Control System hacked, caused Traffic jam on Haifa Highway

Israel is considered one of the most advanced country in cyber security, but at the same time is a privileged target for hostile governments intent in sabotage and cyber espionage on his technology. Yesterday, Cybersecurity experts revealed that a major artery in Israel's national road network...

Watering Hole Attack Hits US Department of Labor Website

The United States Department of Labor website is the latest high-profile government site to fall victim to a watering hole attack. Researchers at a number of security companies reported today that the site was hosting malware and redirecting visitors to a site hosting the Poison Ivy remote access...

Korean Cyber espionage attack Targets Russia

Ask an expert on cyber espionage and he for sure he will speak of China, the most active and advanced country in this sector, this time a clamorous campaign apparently originated from Korea has been discovered. Security company FireEye collected evidences of a cyber espionage campaign, named...

Korean Cyber espionage attack Targets Russia

Ask an expert on cyber espionage and he for sure he will speak of China, the most active and advanced country in this sector, this time a clamorous campaign apparently originated from Korea has been discovered. Security company FireEye collected evidences of a cyber espionage campaign, named...

Sophos Products - Multiple Vulnerabilities

Sophos Products - Multiple Vulnerabilities List, I've completed the second paper in my series analyzing Sophos Antivirus internals, titled "Practical Attacks against Sophos Antivirus". As the name suggests, this paper describes realistic attacks against networks using Sophos products. The paper...