Thanks to auto-play, it’s possible to crash Windows systems by simply inserting the drive into the USB port, no further user interaction necessary.
Browsing Author: Tara Seals
NIST Updates Cybersecurity Framework to Tackle Supply Chain Threats, Vulnerability Disclosure and More
Version 1.1 includes updates on authentication and identity, self-assessment, supply-chain security and vulnerability disclosure, among other changes.
The gang behind the Atlanta city shutdown and other attacks is selecting victims carefully and offering volume discounts to unlock whole organizations.
It’s analyzing the server, operated by the North Korea-sponsored APT, which was used to control the global GhostSecret espionage campaign affecting 17 countries.
Taking a “dirty deeds done dirt cheap” approach, the kit generates an initial malware payload for social-engineering spam campaigns for just $40 per month.
Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks.
In an unusual move, Metamorfo abuses legitimate, signed Windows binaries to load the malicious code.
Webstresser[.]org, a DDoS-for-hire market believed to be behind at least 4 million cyberattacks around the world, has served up its last internet-paralyzing traffic tsunami.
The group uses a custom, worm-like backdoor called Kwampirs that exploits legacy systems for laser-focused, comprehensive corporate espionage.
It looks like this is the work of amateurs, not nation-state attackers bent on making a geopolitical point, making use of the recently patched Drupal vulnerability.