Threat Management

Analysis reveals 18 of ransomware gang Black Basta’s 300-plus victims were extorted over $1 million each, with one handed over $9 million.

Cybersecurity job security, vendor loyalty and board support after a breach were covered in a survey of 500 CISOs.

The DPRK's Lazarus threat group allegedly breached over 100 devices in several countries, including the U.S., Canada, Japan and Taiwan, according to Microsoft.

Several new attacks leveraging Bluetooth vulnerabilities, collectively tracked as CVE-2023-24023 and dubbed BLUFFS, have been identified by EURECOM to enable adversary-in-the-middle intrusions between connected devices by compromising the forward and future secrecy mechanisms of Bluetooth, reports The Hacker News.

Researchers finally detail Netflix screencast bug that opened smart TVs to a video hijacking attacks.

Outpost24 researchers expect LummaC2 4.0 malware to evolve with improved obfuscation techniques and updates to its control panel.

Jamf says North Korean subgroup of the financially motivated Lazarus Group targets specific users the threat actors believe have access to cryptocurrency.

The UK has disputed a report from The Guardian noting that its Sellafield nuclear site had its networks hacked by Russia- and China-linked hacking groups, stating that there has been no evidence suggesting such a compromise, according to Reuters. "Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system.

Aqua Nautilus researchers claim they’ve observed the first documented exploit of the "Looney Tunables" vulnerability by threat actor Kinsing.

The Forum of Incident Response and Security Teams (FIRST) published CVSS 4.0 with an eye toward delivering finer granularity around threat intelligence metrics.