VPN Exposes Data for 1M Users, Leading to Researcher Questioning

Experts warn that virtual private networks are increasingly vulnerable to leaks and attack. Free virtual private network (VPN) service Quickfox, which provides access to Chinese websites from outside the country,…

Geriatric Microsoft Bug Exploited by APT Using Commodity RATs

Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that’s as potent as it is ancient. An APT described…

Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services

The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and…

Fresh APT Harvester Reaps Telco, Government Data

The group is likely nation-state-backed and is mounting an ongoing spy campaign using custom malware and stealthy tactics. A previously unseen advanced persistent threat (APT) group dubbed Harvester by researchers…

Lyceum APT Returns, This Time Targeting Tunisian Firms

The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It’s kept up attacks through 2021 and is working on…

A Guide to Doing Cyberintelligence on a Restricted Budget

Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment. For those in the industry, it comes as…

TA505 Gang Is Back With Newly Polished FlawedGrace RAT

TA505 – cybercrime trailblazers with ever-evolving TTPs – have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages. The TA505 cybercrime group is whirring its financial rip-off…

Time to Build Accountability Back into Cybersecurity

Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing ‘security champions’ to help small businesses. In the…

Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0?

Companies are worried that the highly privileged password app could let attackers deep inside an enterprise’s footprint, says Redscan’s George Glass. A month ago, the FBI, CISA and the U.S.…

TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings

The tween-friendly video app is being used to serve up malvertising, disguised as free Steam game accounts or Among Us game hacks. TikTok has made people do all sorts of…