State-sponsored Threat Actors Steal Airline Data Using the Slack API

Reports show that a recently found backdoor dubbed ‘Aclip’ that exploits the Slack API for covert communications is being used by an alleged Iranian state-sponsored cybercriminal. The malicious actor began…

Meta targets user information, database scraping in bug bounty expansion

Meta has announced an expansion to its bug bounty platform to include vulnerabilities that can be abused for data scraping.  On Wednesday, the company – recently rebranded from Facebook –…

Espionage Hacking Campaign Is Targeting Telecom Operators

A fresh espionage hacking effort targeting Middle Eastern and Asian telecommunications and IT service companies was recently discovered. The operation has been running for six months, and it may have…

What the Log4Shell Bug Means for SMBs: Experts Weigh In

An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what’s vulnerable, what an attack looks like and to how to remediate. News of…

Agent Tesla Spyware Used in Phishing Campaign

Agent Tesla initially detected in late 2014, is a known spyware aimed at collecting sensitive data from a victim’s device, such as stored application credentials and keyboard inputs (keylogger). Agent…

‘Seedworm’ Attackers Target Telcos in Asia, Middle East

The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats. Attackers targeting telcos across the Middle East and Asia…

Technical Advisory: Zero-day critical vulnerability in Log4j2 exploited in the wild

On December 9, 2021, Apache disclosed CVE-2021-44228, a remote code execution vulnerability – assigned with a severity of 10 (the highest possible risk score). The source of the vulnerability is Log4j,…

All You Need to Know About the New Zero-Day Found in the Log4j Java Library

Log4j 2 is a Java logging library that is open source and extensively used in a variety of software applications and services throughout the world. The flaw gives threat actors…

Next-Gen Maldocs & How to Solve the Human Vulnerability

Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.…

Fueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity

E-commerce’s proverbial Who-ville is under siege, with a rise in bots bent on ruining gift cards and snapping up coveted gifts for outrageously priced resale. The festive season is moving…