Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks.

Default configuration of WD’s My Cloud storage device keeps port open for unprivileged data exfiltration within a network.

In an unusual move, Metamorfo abuses legitimate, signed Windows binaries to load the malicious code.

Webstresser[.]org, a DDoS-for-hire market believed to be behind at least 4 million cyberattacks around the world, has served up its last internet-paralyzing traffic tsunami.

Researchers discovered a flaw in Amazon’s Alexa virtual assistant that enabled them to eavesdrop on consumers with smart devices – and automatically transcribe every word said.

A leaky Mongo database exposed personal information of 25,000 investors and potential investors tied to the Bezop cryptocurrency.

Too often, many IoT device manufacturers are opting to leave out costly security features for their small, low power connected devices. 

Researchers have found an exploit in Nvidia Tegra X1-based systems that they say cannot be patched.

A freshly minted attack group dubbed Orangeworm has been uncovered, deploying a custom backdoor in mostly healthcare-related environments. It’s bent on laser-focused, comprehensive corporate espionage, with a noisy attack vector that shows that it’s unlikely to be related to nation-state actors. Researchers first found Orangeworm in the form of an interesting binary in 2016, and...

The Ukrainian Energy Ministry has been hit by a ransomware attack – and for once it looks like this is the work of amateurs, not nation-state attackers bent on making a geopolitical point. However, the bad actors appear to have made use of the recently patched Drupal vulnerability, pointing out yet once again that patch...