Threat Management

Network security experts analyzing a firewall breach

Fewer cybersecurity professionals losing their jobs in breach ‘blame’ game

Cybersecurity job security, vendor loyalty and board support after a breach were covered in a survey of 500 CISOs.

Computer keyboard, close-up button of the flag of North Korea.

North Korean supply chain attacks ‘growing in sophistication and volume’

The DPRK's Lazarus threat group allegedly breached over 100 devices in several countries, including the U.S., Canada, Japan and Taiwan, according to Microsoft.

Application security

Netflix bug that opened smart TVs to attacks is detailed, 4 years later

Researchers finally detail Netflix screencast bug that opened smart TVs to a video hijacking attacks.

Network Security

How secure Network-as-a-Service can help network transformation

Here are six ways NaaS can solve today’s enterprise security challenges.

Malware

LummaC2 4.0 infostealer uses trigonometry to avoid sandboxes

Outpost24 researchers expect LummaC2 4.0 malware to evolve with improved obfuscation techniques and updates to its control panel.

Laptop with binary computer code and Korean flag on the screen.

Malware

North Korea-linked BlueNoroff’s macOS malware variant targets financial firms

Jamf says North Korean subgroup of the financially motivated Lazarus Group targets specific users the threat actors believe have access to cryptocurrency.

Cloud Security

Exploited ‘Looney Tunables’ Linux privileged escalation bug linked to Kinsing threat actor

Aqua Nautilus researchers claim they’ve observed the first documented exploit of the "Looney Tunables" vulnerability by threat actor Kinsing.

Sign in Zoom app on laptop screen close up view

Bug Bounties

Zoom flaw enabled hijacking of accounts with access to meetings, team chat

Ethical hackers at AppOmni claimed a $5,000 bug bounty for discovering the Zoom Rooms vulnerability, disclosed at a conference last summer.

A partial view of a factory complex is seen

Vulnerability Management

CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT

The Forum of Incident Response and Security Teams (FIRST) published CVSS 4.0 with an eye toward delivering finer granularity around threat intelligence metrics.

Endpoint/Device Security

Mozi botnet goes dark under mysterious circumstances

Researchers speculate that Chinese authorities may be responsible for turning off one of the internet’s most prolific IoT botnets.

Subscribe to Threat Newsletter

The latest in hacks, attacks, and breaches.

Subscribe to Threat Newsletter

Perspectives

It makes sense for the Biden administration to focus on software security – but it’s up to the industry to make it happen

Five attack vectors that businesses should focus on in the wake of the Israel-Hamas war

Middle East crisis: Understanding the potential threats – and how the cybersecurity industry can take action

Briefs

Lazarus-linked cryptomixing service subjected to US sanctions

Cyberattack at Japan’s space agency confirmed

Google: Taiwan facing deluge of Chinese cyberattacks