Newly-Discovered Malware Targets Unpatched MacOS Flaw (

Researchers have found samples of malware that targets a recently-disclosed, unpatched MacOS vulnerability.

Serious Security: Rambleed attacks blunted – the OpenSSH way (

Here's a way to keep secrets safe in memory, even in a world of hardware-level leakage due to tricks like Rambleed, Spectre and more.

Florida City Pays Ransomware (

Learning from the huge expenses Atlanta and Baltimore incurred by refusing to pay ransomware, the Florida City of Riveria Beach decided to pay up. The ransom amount of almost $600,000 is a lot, but much cheaper than the alternative....

Tracing the Supply Chain Attack on Android (

Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn't exactly name those responsible, but said it believes the offending vendor uses the nicknames "Yehuo" or "Blazefire." What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware.

Malspam Emails Blanket LokiBot, NanoCore Malware With ISO Files (

A new malicious campaign is spreading LokiBot and NanoCore trojans under the guise of an ISO file claiming to be an invoice.

Recipe for success: tech support scammers zero in via paid search (

We take a deep dive into the recently reported Azure-hosted tech support scam pages, identifying this as one of the most successful scam campaigns in use today.

How to Avoid Becoming the Next Riviera Beach (

Be prepared by following these five steps so you don't have to pay a ransom to get your data back.

ICO slams UK Met Police for failure to handle public data requests (

Updated: With GDPR in full swing, the data watchdog wants to help consumers access the information the police have on them.

Companies on Watch After US, Iran Claim Cyberattacks (

With the cyber conflict between the United States and Iran ramping up, companies traditionally targeted by the countries - such as those in the oil and gas and financial industries - need to bolster their security efforts, experts say.

Malicious URL attacks using HTTPS surge across the enterprise (

Organizations should be aware of the latest impersonation techniques and file service exploits.