Slándáil Research:
Feeds
Feeds
Search
Search Engine
Feed: ThreatPost Feed
Link
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
APT Lazarus Targets Engineers with macOS Malware
U.K. Water Supplier Hit with Clop Ransomware Attack
Xiaomi Phone Bug Allowed Payment Forgery
Black Hat and DEF CON Roundup
Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics
Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’
Starlink Successfully Hacked Using $25 Modchip
New Hacker Forum Takes Pro-Ukraine Stance
Cisco Confirms Network Breach Via Hacked Employee Google Account
Podcast: Inside the Hackers’ Toolkit
Inside the Hackers’ Toolkit – Podcast
Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws
Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs
Phishers Swim Around 2FA in Coinbase Account Heists
Open Redirect Flaw Snags Amex, Snapchat User Data
VMWare Urges Users to Patch Critical Authentication Bypass Bug
Universities Put Email Users at Cyber Risk
Securing Your Move to the Hybrid Cloud
Malicious Npm Packages Tapped Again to Target Discord Users
Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office
Messaging Apps Tapped as Platform for Cybercriminal Activity
Novel Malware Hijacks Facebook Business Accounts
Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands
IoT Botnets Fuels DDoS Attacks – Are You Prepared?
Why Physical Security Maintenance Should Never Be an Afterthought
Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’
Conti’s Reign of Chaos: Costa Rica in the Crosshairs
Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems
Authentication Risks Discovered in Okta Platform
FBI Warns Fake Crypto Apps are Bilking Investors of Millions
Google Boots Multiple Malware-laced Android Apps from Marketplace
CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2
Emerging H0lyGh0st Ransomware Tied to North Korea
Journalists Emerge as Favored Attack Target for APTs
Large-Scale Phishing Campaign Bypasses MFA
How War Impacts Cyber Insurance
‘Callback’ Phishing Campaign Impersonates Security Firms
Rethinking Vulnerability Management in a Heightened Threat Landscape
Popular NFT Marketplace Phished for $540M
Sneaky Orbit Malware Backdoors Linux Devices
U.S. Healthcare Orgs Targeted with Maui Ransomware
Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens
Latest Cyberattack Against Iran Part of Ongoing Campaign
Google Patches Actively Exploited Chrome Bug
ZuoRAT Can Take Over Widely Used SOHO Routers
A Guide to Surviving a Ransomware Attack
Leaky Access Tokens Exposed Amazon Photos of Users
Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
Top Six Security Bad Habits, and How to Break Them
Mitel VoIP Bug Exploited in Ransomware Attacks
‘Killnet’ Adversary Pummels Lithuania with DDoS Attacks Over Blockade
Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data
Google Warns Spyware Being Deployed Against Android, iOS Users
Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug
Gamification of Ethical Hacking and Hacking Esports
Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture
Elusive ToddyCat APT Targets Microsoft Exchange Servers
Modern IT Security Teams’ Inevitable Need for Advanced Vulnerability Management
Kazakh Govt. Used Spyware Against Protesters
Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack
Voicemail Scam Steals Microsoft Credentials
China-linked APT Flew Under Radar for Decade
State-Sponsored Phishing Attack Targeted Israeli Military Officials
Ransomware Risk in Healthcare Endangers Patients
Facebook Messenger Scam Duped Millions
DragonForce Gang Unleash Hacks Against Govt. of India
Travel-related Cybercrime Takes Off as Industry Rebounds
In Cybersecurity, What You Can’t See Can Hurt You
Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach
Linux Malware Deemed ‘Nearly Impossible’ to Detect
Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers
U.S. Water Utilities Prime Cyberattack Target, Experts
Potent Emotet Variant Spreads Via Stolen Email Credentials
Feds Forced Travel Firms to Share Surveillance Data on Hacker
Taming the Digital Asset Tsunami
Paying Ransomware Paints Bigger Bullseye on Target’s Back
Black Basta Ransomware Teams Up with Malware Stalwart Qbot
Cyber Risk Retainers: Not Another Insurance Policy
Conducting Modern Insider Risk Investigations
Follina Exploited by State-Sponsored Hackers
Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw
Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again
Evil Corp Pivots LockBit to Dodge U.S. Sanctions
Cybercriminals Expand Attack Radius and Ransomware Pain Points
Scammers Target NFT Discord Channel
International Authorities Take Down Flubot Malware Network
Being prepared for adversarial attacks
Being Prepared for Adversarial Attacks – Podcast
Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack
EnemyBot Malware Targets Web Servers, CMS Tools and Android OS
ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats
Zero-Day ‘Follina’ Bug Lays Older Microsoft Office Versions Open to Attack
Zero-Day ‘Follina’ Bug Lays Microsoft Office Open to Attack
Critical Flaws in Popular ICS Platform Can Trigger RCE
Cybergang Claims REvil is Back, Executes DDoS Attacks
Link Found Connecting Chaos, Onyx and Yashma Ransomware
Zoom Patches ‘Zero-Click’ RCE Bug
Verizon Report: Ransomware, Human Error Among Top Security Risks
Fronton IOT Botnet Packs Disinformation Punch
Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches
Snake Keylogger Spreads Through Malicious PDFs
Closing the Gap Between Application Security and Observability
380K Kubernetes API Servers Exposed to Public Internet
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
DOJ Says Doctor is Malware Mastermind
APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days
April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell
Sysrv-K Botnet Targets Windows, Linux
iPhones Vulnerable to Attack Even When Turned Off
Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors
Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service
Malware Builder Leverages Discord Webhooks
You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius
Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks
Intel Memory Bug Poses Risk for Hundreds of Products
Novel Phishing Trick Uses Weird Links to Bypass Spam Filters
Actively Exploited Zero-Day Bug Patched by Microsoft
Ransomware Deals Deathblow to 157-year-old College
Hackers Actively Exploit F5 BIG-IP Bug
Conti Ransomware Attack Spurs State of Emergency in Costa Rica
Low-rent RAT Worries Researchers
FBI: Rise in Business Email-based Attacks is a $43B Headache
Podcast: The State of the Secret Sprawl
Podcast: The State of Secret Sprawl
USB-based Wormable Malware Targets Windows Installer
CANs Reinvent LANs for an All-Local World
F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems
VHD Ransomware Linked to North Korea’s Lazarus Group
China-linked APT Caught Pilfering Treasure Trove of IP
Attackers Use Event Logs to Hide Fileless Malware
Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk
Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’
Bad Actors Are Maximizing Remote Everything
Deep Dive: Protecting Against Container Threats in the Cloud
Security Turbulence in the Cloud: Survey Says…
Cyberespionage APT Now Identified as Three Separate Actors
Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens
Cyberattacks Rage in Ukraine, Support Military Operations
Emotet is Back From ‘Spring Break’ With New Nasty Tricks
Millions of Java Apps Remain Vulnerable to Log4Shell
Firms Push for CVE-Like Cloud Bug System
Nation-state Hackers Target Journalists with Goldbackdoor Malware
Lapsus$ Hackers Target T-Mobile
Zero-Trust For All: A Practical Guide
Skeletons in the Closet: Security 101 Takes a Backseat to 0-days
Most Email Security Approaches Fail to Block Common Threats
Google: 2021 was a Banner Year for Exploited 0-Day Bugs
Rethinking Cyber-Defense Strategies in the Public-Cloud Age
‘CatalanGate’ Spyware Infections Tied to NSO Group
Protect Your Executives’ Cybersecurity Amidst Global Cyberwar
Cyberattackers Put the Pedal to the Medal: Podcast
Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web
Feds: APTs Have Tools That Can Take Over Critical Infrastructure
Feds Shut Down RaidForums Hacking Marketplace
Microsoft Zero-Days, Wormable Bugs Spark Concern
Menswear Brand Zegna Reveals Ransomware Attack
Microsoft Takes Down Domains Used in Cyberattack Against Ukraine
Google Play Bitten by Sharkbot Info-stealer ‘AV Solution’
SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
MacOS Malware: Myth vs. Truth – Podcast
Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info
Authorities Fully Behead Hydra Dark Marketplace
No-Joke Borat RAT Propagates Ransomware, DDoS
Apple Rushes Out Patches for 0-Days in MacOS, iOS
Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks
Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn
QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug
A Blockchain Primer and a Bored Ape Headscratcher – Podcast
Critical RCE Bug in Spring Could Be the Next Log4Shell, Researchers Warn
RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn
Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments
Lapsus$ ‘Back from Vacation’
Google Chrome Bug Actively Exploited as Zero-Day
MSHTML Flaw Exploited to Attack Russian Dissidents
Log4JShell Used to Swarm VMware Servers with Miners, Backdoors
Exchange Servers Speared in IcedID Phishing Campaign
Okta Says It Goofed in Handling the Lapsus$ Attack
Critical Sophos Security Bug Allows RCE on Firewalls
DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector
Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch
UK Cops Collar 7 Suspected Lapsus$ Gang Members
Microsoft Azure Developers Awash in PII-Stealing npm Packages
Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug
HubSpot Data Breach Ripples Through Crytocurrency Industry
Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection
Microsoft Help Files Disguise Vidar Malware
Top 3 Attack Trends in API Security – Podcast
Tax-Season Scammers Spoof Fintechs Stash, Public
Tax-Season Scammers Spoof Fintechs, Including Stash, Public
DeadBolt Ransomware Resurfaces to Hit QNAP Again
Microsoft: Lapsus$ Used Employee Account to Steal Source Code
Lapsus$ Data Kidnappers Claim Snatches From Microsoft, Okta
Russia Lays Groundwork for Cyberattacks on US Infrastructure – White House
FIDO: Here’s Another Knife to Help Murder Passwords
Serpent Backdoor Slithers into Orgs Using Chocolatey Installer
Browser-in-the-Browser Attack Makes Phishing Nearly Invisible
Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts
Conti Ransomware V. 3, Including Decryptor, Leaked
Bridgestone Hit as Ransomware Torches Toyota Supply Chain
Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure
DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data
Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet
Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops
Dev Sabotages Popular NPM Package to Protest Russian Invasion
Misconfigured Firebase Databases Exposing Data in Mobile Apps
Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast
‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps
Another Destructive Wiper Targets Organizations in Ukraine
Phony Instagram ‘Support Staff’ Emails Hit Insurance Company
Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’
Most QNAP NAS Devices Affected by ‘Dirty Pipe’ Linux Flaw
Pandora Ransomware Hits Giant Automotive Supplier Denso
Staff Think Conti Group Is a Legit Employer – Podcast
Cybercrooks’ Political In-Fighting Threatens the West
Russia Issues Its Own TLS Certs
Raccoon Stealer Crawls Into Telegram
Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers
Most Orgs Would Take Security Bugs Over Ethical Hacking Help
Russia May Use Ransomware Payouts to Avoid Sanctions
Russia May Use Ransomware Payouts to Avoid Sanctions’ Financial Harm
Multi-Ransomwared Victims Have It Coming–Podcast
Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads
APT41 Spies Broke Into 6 US State Networks via a Livestock App
Most ServiceNow Instances Misconfigured, Exposed
Russian APTs Furiously Phish Ukraine – Google
Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday
The Uncertain Future of IT Automation
Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure
Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
Novel Attack Turns Amazon Devices Against Themselves
Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak
Nvidia’s Stolen Code-Signing Certs Used to Sign Malware
NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware
Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape
Massive Meris Botnet Embeds Ransomware Notes from REvil
Free HermeticRansom Ransomware Decryptor Released
Phishing Campaign Targeted Those Aiding Ukraine Refugees
Russia Leaks Data From a Thousand Cuts–Podcast
Securing Data With a Frenzied Remote Workforce–Podcast