Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2). The tech giant, which discovered….
Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files. TI WooCommerce Wishlist,….
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
[This is a Guest Diary by Ehsaan Mavani, an ISC intern as part of the SANS.edu BACS program] Introduction Adversaries are leveraging alternate data streams to hide malicious data with….
Why is a cute Star Wars fan website now redirecting to the CIA? How come Cambodia has become the world’s hotspot for scam call centres? And can a WhatsApp image….
Posted by Mateusz Jurczyk, Google Project Zero In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in….
An Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware. Sina Gholinejad (aka Sina Ghaaf), 37, and….
The Czech Republic on Wednesday formally accused a threat actor associated with the People’s Republic of China (PRC) of targeting its Ministry of Foreign Affairs. In a public statement, the….
Authorities in Pakistan have arrested 21 individuals accused of operating “Heartsender,” a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for….
[This is a Guest Diary by Jennifer Wilson, an ISC intern as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program [1].] As part of my BACS internship….
