‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems

It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks. Researchers have tracked new spyware…

Log4j flaw: This new threat is going to affect cybersecurity for a long time

If there ever was any doubt over the severity of the Log4j vulnerability, director of US cybersecurity and infrastructure agency CISA, Jen Easterly, immediately quashed those doubts when she described…

US Senate passes $768 billion defense bill without cyber incident reporting provisions

The US Senate passed the The National Defense Authorization Act (NDAA) on Wednesday, approving the $768 billion annual defense spending bill that was packed with cybersecurity provisions. The bill now heads…

A List of Vulnerable Products to the Log4j Vulnerability

Two days ago, we wrote a post about the Log4j vulnerability that is currently wreaking havoc on the cyberthreat landscape. The flaw stands for an open-source Java logging library. By…

In 2022, Expect More Supply Chain Pain and Changing Security Roles

If 2021 was the Year of Supply Chain Pain, 2022 will be the Year of Supply Chain Chronic Pain (or something worse than pain). This past year, the pain was…

With 18,378 vulnerabilities reported in 2021, NIST records fifth straight year of record numbers

The National Institute of Standards and Technology (NIST) released a graph showing the number of vulnerabilities reported in 2021, finding 18,378 this year.  The figure set a record for the…

Cyber incident reporting mandates suffer another congressional setback

Written by Tim Starks Dec 7, 2021 | CYBERSCOOP House and Senate negotiators have excluded provisions from a must-pass defense bill that would have mandated many companies to report major…

SolarWinds Attackers Spotted Using New Tactics, Malware

One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing. One year after…

New Ceeloader Malware Used By Russian-backed Advanced Persistent Threat (APT) Organization Nobelium

Nobelium is a Russian-backed advanced persistent threat (APT) organization that achieved attention towards the end of 2020 after breaching SolarWinds’ software development supply chain to obtain access to espionage targets,…

Hackers are using this new malware which hides between blocks of junk code

A Russian-government back hacking group linked to the SolarWinds supply chain attack has developed new malware which has been used to conduct attacks against businesses and governments in North America and Europe…