The use of DNS over HTTPS (DoH) for command and control communications is making it more difficult to track botnets, according to anti-spam nonprofit Spamhaus.
Threat hunters at Kaspersky have spotted a well-known Chinese APT actor using an UEFI implant to maintain stealthy persistence across reboots, disk formatting or disk replacements.
A prominent security researcher poking around at the Zoom video conferencing platform found worrying signs the company failed to enable a decades-old anti-exploit mitigation, a blunder that greatly increased exposure to malicious hacker attacks.
Thousands of industrial organizations worldwide have been hit in campaigns that leverage short-lived malware to harvest corporate credentials that are then sold by threat actors for a profit, according to Kaspersky.
A vulnerability in Box's implementation of multi-factor authentication (MFA) allowed attackers to take over victim’s accounts without having access to the victim’s phone, according to new research from Varonis.