A Chinese hacker group known for industrial espionage and intelligence collection used a vulnerability in Log4j to go after a large academic institution, researchers at CrowdStrike revealed Wednesday.

While this Defender process’ behavior is tagged as malicious, there’s nothing to worry about since these are false positives, as revealed by Tomer Teller, Principal Group PM Manager at Microsoft.

Organizations usually manage the security of data, applications, and edge computing from disparate technologies and across different teams. This traditional approach may prove ineffective in future.

Venafi announced the findings of a global survey of IT security decision-makers, revealing that 60% of professionals believe ransomware threats should be prioritized at the same level as terrorism.

Two days ago, hundreds of LastPass users took to Twitter, Reddit, and other sites to complain that they were getting alerts about their master password being used by someone who was not them.

Ransomware is merely the ‘steal or destroy’ stage of an attack where an attacker runs a program that encrypts the victim’s data. Everything up to that point is the same regular attack.

Between December 11th and 13th, threat actors successfully exploited the Log4Shell vulnerability on a Cyclos server of crypto trading firm ONUS and planted backdoors for sustained access.

An ongoing cryptomining campaign has upgraded its arsenal with new tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research has revealed.

Researcher Sylvain Pelissier has discovered that a crucial SanDisk software is affected by a couple of key derivation function issues that can allow an attacker to obtain user passwords.

An Iranian cybersecurity firm said it discovered a novel rootkit that hides inside the firmware of HP iLO devices and which has been used in real-world attacks to wipe servers of Iranian entities.