The Advanced Persistent Threat files: Lazarus Group

Lazarus Group, the threat actors likely behind the Sony breach and WannaCry outbreak, are in the news again. Here’s what you need to know about this North Korean organization, and what you should do to protect against such nation-state attacks.

Read more

The Advanced Persistent Threat files: APT10

While security companies are getting good at analyzing the tactics of nation-state threat actors, they still struggle with placing these actions in context and making solid risk assessments. So in this series, we’re going to take a look at a few APT groups, and see how they fit into the larger threat landscape—starting with APT10.

Read more

A week in security (June 4 – June 10)

A roundup of the security news from June 4 – June 10, including IoT botnets, government attacks, dodgy Wi-Fi, and more.

Read more

Perspectives on Russian hacking

Malware research analyst Chris Boyd recently had an in-depth chat with SCMagazine about Russian hacking, malware, and social engineering. Here, he summarizes some of the key findings from his discussion and the other researchers interviewed.

Read more

Threat modeling: What are you so afraid of?

There are many, many threat models available on the internet with extensive documentation on how to apply them to your organization. Most are designed to map out data flow, identify soft points in organizational processes, and assign mitigations based on specific type of probable attacker and their identified motivations. These models are great, they are thorough, and nobody ever uses them.

Read more

Unpacking the spyware disguised as antivirus

Recently we got access to several elements of the espionage toolkit that has been captured attacking Vietnamese institutions. During the operation, the malware was used to dox 400,000 members of Vietnam Airlines.

Read more

Explained: Advanced Persistent Threat (APT)

An Advanced Persistent Threat (APT) is a prolonged, aimed attack on a specific target with the intention to compromise their system and gain information from or about that target. The target can be a person, an organization or a business.

Read more

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language