Yet another zero-day vulnerability in the Windows Print Spooler component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks.

A greater level of cooperation is needed between the DoD and the DHS to ensure that U.S. critical infrastructure is protected against various cyberthreats, according to an inspector general’s report.

Researchers from security firm CyberArk bypassed Windows Hello, the biometrics authentication system included with all Windows 10 versions, using just an infrared image of the device’s owner.

The U.S. Department of Commerce is restricting trade with four Russian information technology and cybersecurity firms, along with two other entities, over national security concerns.

Virginia Tech says it was targeted in two recent cyberattacks, including the Kaseya attack in early July and a separate ransomware attack in May, but feels confident no data was stolen.

A new phishing campaign is delivering the BazarBackdoor malware and using the multi-compression method to hide the malware as an image file. This method tricks Secure Email Gateways (SEGs) into detecting malicious attachments as clean files. This makes it a worrisome threat and requires continuous monitoring from security agencies.

Palo Alto Networks provides details about the methods and tactics employed by the Mespinoza ransomware group that has been targeting multiple sectors across the globe with a focus on the education sector. The ransomware group carries out the initial access via public-facing RDP servers and prefers the double-extortion technique to threaten victims.

Recently, Trickbot actors were found adding new Virtual Network Computing (VNC) module into its arsenal that helps an actor monitor high-profile targets and gathers intelligence from them. The frequent developments in Trickbot’s lifecycle and an accelerated rate of propagation highlight the actual massive threat it poses.

Kaspersky discovered an ongoing, large-scale APT campaign named LuminousMoth with hundreds of victims from Southeast Asia, including Myanmar and the Philippines government entities. The recent activities of the APT group indicate the wider interests of China-based hackers toward Southeast Asian governments.

Cyber fusion centers can help automate the sharing of cyber threat intelligence in a cross-sector environment, according to Errol Weiss of the Health Information Sharing & Analysis Center and Anuj Goel of Cyware.