USB Drives Used as Trojan Horses By Camaro Dragon
The malicious software tools were discovered by Check Point Research
Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.
Search across headline titles and summaries.
Background for this topic.
Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.
For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.
The malicious software tools were discovered by Check Point Research
PBI Research Services (PBI) has suffered a data breach with three clients disclosing that the data for 4.75 million people was stolen in the recent MOVEit Transfer data-theft attacks. [...]
Security researchers have found a simple way to deliver malware to an organization with Microsoft Teams, despite restrictions in the application for files from external sources. [...]
The "nOAuth" attack allows cross-platform spoofing and full account takeovers, and enterprises need to remediate the issue immediately, researchers warn.
A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems
The drone industry has so far failed to implement sufficient cybersecurity measures. Angoka wants to change that by applying a zero trust architecture to drone control
Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of users. [...]
Losing sleep over Generative-AI apps? You're not alone or wrong. According to the Astrix Security Research Group, mid size organizations already have, on average, 54 Generative-AI integrations to core systems like Slack, GitHub and Google Workspace and this number is only expected to grow. Continue reading to understand the potential risks and how to minimize them. Book a Generative-AI
Snoops may be targeting macOS devices in addition to iPhones, Kaspersky says Whoever is infecting people's iPhones with the TriangleDB spyware may be targeting macOS computers with similar malware, according to Kaspersky researchers.…
Kaspersky report that the implant specifically targets iOS devices via a malicious iMessage attachment
A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said
Three security vulnerabilities have been disclosed in operational technology (OT) products from Wago and Schneider Electric
New Armis research found that many National Health Service Trusts struggle with a lack of visibility and monitoring of their connected assets
Also: Hackers target security researchers, MaaS model flourishing, and this week's vulnerabilities Infosec in brief Remember earlier this year, when we found out that a bunch of baddies including at least one nation-state group broke into a US federal government agency's Microsoft Internet Information Services (IIS) web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution?…
Cybersecurity researchers have uncovered a set of malicious artifacts that they say is part of a sophisticated toolkit targeting Apple macOS systems
Concerns mount over security of sensitive research