Federal agency hacked by 2 groups thanks to flaw that went unpatched for 4 years

Getty Images Multiple threat actors—one working on behalf of a nation-state—gained access to the network of a US federal agency by exploiting a four-year-old vulnerability that remained unpatched, the US government warned. Exploit activities by one group likely began in ...

Software for sale is fueling a torrent of phishing attacks that bypass MFA

Getty Images Microsoft on Tuesday profiled software for sale in online forums that makes it easy for criminals to deploy phishing campaigns that successfully compromise accounts, even when they’re protected by the most common form of multi-factor authentication. The phishing ...

North Korean hackers target security researchers with a new backdoor

Getty Images Threat actors connected to the North Korean government have been targeting security researchers in a hacking campaign that uses new techniques and malware in hopes of gaining a foothold inside the companies the targets work for, researchers said. ...

Malware infecting widely used security appliance survives firmware updates

Threat actors with a connection to the Chinese government are infecting a widely used security appliance from SonicWall with malware that remains active even after the device receives firmware updates, researchers said. SonicWall’s Secure Mobile Access 100 is a secure ...

Threat actors are using advanced malware to backdoor business-grade routers

Researchers have uncovered advanced malware that’s turning business-grade routers into attacker-controlled listening posts that can sniff email and steal files in an ongoing campaign hitting North and South America and Europe. Besides passively capturing IMAP, SMTP, and POP email, the ...