Threatpost

Chris Calvert of Respond Software (now part of FireEye) outlines the challenges that reduce the efficacy of network security sensors.

Desktop versions of the browser received a total of eight fixes, half rated high-severity.

The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign images.

VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to "important."

The attack, which prevented Translink users from using their metro cards or buying tickets at kiosks, is the second from the prolific threat group just this week.

The struggling retailer's back-end services have been impacted, according to a report, just in time for the holidays.

A new "TrickBoot" module scans for vulnerable firmware and has the ability to read, write and erase it on devices.

A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation.

Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears.

Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.

Lookout's Hank Schless discusses accelerated threats to mobile endpoints in the age of COVID-19-sparked remote working.

The ransomware group pilfered payment-card data and credentials for over a year, before ending with an attack last month that shut down many of the South Korean retailer’s stores.

Incydr lets you monitor your high-risk users without impeding their ongoing work.

Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including Edge.

Spotify pages for Dua Lipa, Lana Del Rey, Future and others were defaced by an attacker pledging his love for Taylor Swift and Trump.

The feds have seen ongoing cyberattacks on think-tanks (bent on espionage, malware delivery and more), using phishing and VPN exploits as primary attack vectors.

CISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes.

In a recent cyberattack against an E.U. country's Ministry of Foreign Affairs, the Crutch backdoor leveraged Dropbox to exfiltrate sensitive documents.

The post-COVID-19 surge in the criticality level of medical infrastructure, coupled with across-the-board digitalization, will be big drivers for medical-sector cyberattacks next year.

The Microsoft 365 tool that tracked employee usage of applications like Outlook, Skype and Teams was widely condemned by privacy experts.