On Dec. 4, users of a simple Android program — a barcode scanner — started witnessing odd behavior when their smartphones suddenly began opening up their browser to display unwanted advertisements. While the devices exhibited the hallmarks of a malware or adware infection, the compromises puzzled most users since they had not recently downloaded new…

Almost a year ago, the world turned upside down and seemingly everything changed due to the COVID-19 pandemic. In that time, entire workforces went – and stayed – home, cloud adoption skyrocketed and digital transformation has become a business imperative at scale. This confluence of events has also spelled “opportunity” for attackers – a fact…

The flaw, tracked as CVE-2021-21972, affects the vSphere Client component of vCenter Server and it can be exploited by a remote, unauthenticated attacker to execute arbitrary commands with elevated privileges on the operating system that hosts vCenter Server. While in most cases an attacker would need to have access to the targeted organization’s network in…

With this funding, Silva and Chancellor will dedicate their work to improving kernel security, as well as to associated initiatives, so that the open source software project remains sustainable in the long run. The pervasive Linux operating system, according to a recent report from the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory…

Initially identified in December 2020, the threat actor is targeting IATA and airlines, with the most recent attacks employing a phishing lure mimicking the newly introduced IATA ONE ID (Contactless Passenger Processing tool). Dated 2018, one of the earliest attacks attributed to the adversary, which Malwarebytes refers to as LazyScripter, was aimed at individuals looking…

Given all the hype around extended detection and response (XDR) technology, it’s worth starting this article by defining the term “XDR.” XDR is an integrated suite of security products spanning hybrid IT architectures (such as LAN, WAN, infrastructure-as-a-service, data centers, etc.) designed to interoperate and coordinate on threat prevention, detection, and response. XDR unifies control…

From the front lines of incident response engagements to managed security services, IBM Security X-Force observes attack trends firsthand, yielding insights into the cyber threat landscape. Every year, X-Force collates billions of data points to assess cybersecurity threats to our customers. This report — the X-Force Threat Intelligence Index 2021 — represents our latest edition…