Cyber Attacks

Cyber Attacks | News, how-tos, features, reviews, and videos

Malicious USB dongle / memory stick / thumb drive with skull icon
A binary map of china.

coronavirus remote worker work from home romolotavani getty

6 ways attackers are exploiting the COVID-19 crisis

Cybercriminals are taking advantage of the coronavirus crisis to spread malware, disrupt operations, sow doubt and make a quick buck.

data center / nuclear radiation symbol

How a nuclear plant got hacked

India's Kudankulam Nuclear Power Plant (KNPP) publicly admitted they discovered malware on their networks. It likely could have been easily avoided.

Many keys, one lock  >  Brute-force credential stuffing.

Credential stuffing explained: How to prevent, detect and defend against it

The automated use of breached usernames and passwords to access accounts is low risk, high reward for cybercriminals. Here's how to make it harder for them to use credential stuffing.

jet aircraft is maneuvering for landing 149957988

Report: China supported C919 airliner development through cyberespionage

Chinese hackers and intelligence agencies coordinated cyberattacks to gather intellectual property of aerospace firms to gain competitive advantage.

CSO slideshow - Insider Security Breaches - Flag of China, binary code

Chinese cyberespionage group PKPLUG uses custom and off-the-shelf tools

A previously unknown group or collective associated with China is targeting victims in Asia, possibly for geopolitical gain.

online shopping cart magecart hackers shopping online

Magecart web skimming group targets public hotspots and mobile users

IBM researchers discover new Magecart scripts suggest planned advertisement injection through Wi-Fi and supply chain attacks.

DDOS attack

Misconfigured WS-Discovery in devices enable massive DDoS amplification

Researchers were able to achieve amplification rates of up to 15,300%. Some mitigations are possible.

Botnet Trouble / Botnet army

Secrets of latest Smominru botnet variant revealed in new attack

Researchers gained access to a Smominru command-and-control server to get details on compromised devices and scope of the attack.

compromised data / security breach / vulnerability

New Spectre-like CPU vulnerability bypasses existing defenses

The SWAPGS vulnerability can allow attackers to access contents of kernel memory addresses. Microsoft and Intel have coordinated on a mitigation.

CSO  >  ransomware / security threat

To pay or not pay a hacker’s ransomware demand? It comes down to cyber hygiene

A recent call for city leaders to stop paying ransomware demands underscores the need for municipalities to step up their cyber practices and have a good backup process in place.

Telecom tower

Telcos around the world hit by long-term intelligence gathering cyberattack

Operation Soft Cell saw telcos around the world lose over 100GB of call record data, but it could have been much worse. Attackers could have shut down cell networks if they wanted.

rambleed ram memory card hardware hack breach binary by 13threephotography getty

OpenSSH to protect keys in memory against side-channel attacks

The new OpenSSH patch makes it harder to execute attacks such as Spectre, Meltdown, Rowhammer and Rambleed.

russian hacking us election  putin voting fraud hacked

2016 election hacking in Florida: Russian emails, hidden tracks

The Mueller Report says the Russians planted malware on at least one Florida county system, and Florida's governor announces that two counties were hacked in 2016. Experts believe the problem could be bigger.

Intel CPU  >  security

The second Meltdown: New Intel CPU attacks leak secrets

Intel has done some mitigations for these vulnerabilities that can leak secrets from virtual machines, secure enclaves and kernel memory. Here's how the attacks work.

adding processor to circuit board computer hardware

New Intel firmware boot verification bypass enables low-level backdoors

By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access.

hack hacker cyber thief theft stolen

APT group Elfin switches from data destruction to data stealing via WinRAR vulnerability

Iran-linked hacker group switches techniques from Shamoon wiper attacks to WinRAR exploits.

Slack logo/wordmark [2019]

Hackers use Slack to hide malware communications

A watering hole attack used Slack for its command-and-control communications to avoid network and endpoint detection.

man in the middle phone on a string communicaiton

What is a man-in-the-middle attack? How MitM attacks work and how to prevent them

A man-in-the-middle (MitM) attack is when an attacker intercepts communications between two parties either to secretly eavesdrop or modify traffic traveling between the two. Detecting MitM attacks is difficult, but they are...

Load More