Arx Sec

Melissa Bischoping, security researcher with Tanium and Infosec Insiders columnist, urges firms to consider the upstream and downstream impact of "triple extortion" ransomware attacks.

Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.

The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020.

There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, Fortinet’s […]

Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.

Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.

The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn.

Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports.

Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.

Actors claiming to be the defunct ransomware group are targeting one of Akami’s customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.

A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.

The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.

2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.

Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda.

Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell.