New telemetry from Zscaler on Internet of Things (IoT) devices demonstrates a dramatic increase in attacks on those devices during the work-from-home phase of the COVID-19 pandemic.

In their investigation of the Charming Kitten group, IBM X-Force researchers investigated attackers' operational security errors to reveal the inner details of how they function and launch attacks.

Most macOS malware traditionally has been repurposed from Windows malware variants. But the pandemic's pivot to WFH has more provided more lucrative targets for attackers going after businesses.

A survey by Armis found that over 21% of respondents have not heard about the cyberattack on Colonial Pipeline, and 24% believe the hack won't have long-lasting effects on the nation's fuel industry.

The CISA will be publishing a list of bad security practices that increase risks for critical infrastructure organizations designated as National Critical Functions (NCFs).

In this attack, Microsoft saw attackers using Cobalt Strike and report they stole credentials — including the Active Directory database — and exfiltrated data using rclone.

While effective in hiding ransomware activity, the tactic of using virtual machines is more complex than a traditional ransomware attack and may hamper the attackers' efforts.

Researchers found a novel class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers.

Two-thirds of the applications deployed by the utility sector and 63% of those deployed by public administration organizations have a serious vulnerability, according to a report by WhiteHat Security.

The National Security Agency today announced it is funding the development and release of D3FEND, a framework for security pros to tailor their defenses against specific security threats.