Showing 10 of 252 results

Six weeks of undetected access through a compromised VPN exposes why patching isn’t a solution for the organizations already breached.

Silent Ransom Group isn’t prolific, but it’s demonstrated a knack for attacking the legal services sector with an extraordinary dual use of social engineering and in-person visits to victims’ workstations.

Kali365, which was first observed in April, abuses legitimate Microsoft device authorization pages to grant persistent access to cybercriminal-controlled applications.

While AI tools present unique cybersecurity threats, they still rely on poor identity security by organizations to do the most damage, a White House official said Thursday. 

The men’s separate schemes impacted almost 70 U.S. companies and generated a combined $1.2 million in revenue for the North Korean regime.

CrowdStrike says The Com-affiliated threat groups are using voice phishing and fake SSO pages to break into SaaS environments and steal data fast for extortion.

Xu Zewei was allegedly directed by China’s intelligence services to conduct a sweeping espionage campaign to steal data on COVID-19 research and other U.S. policy interests.

Some attackers, which researchers link to The Com, have swatted company executives to increase leverage and pressure victims to pay their ransom demands.

When attackers can discover and exploit vulnerabilities in minutes, last quarter’s audit doesn’t mean much. CISOs need to shift from static measurement to real-time awareness — and fast.

Tyler Robert Buchanan “was the glue that held this gang together,” a cybercrime researcher said. He faces up to 22 years in federal prison.