Arielle Waldman

SynSaber published research to help industrial organizations better manage an influx of alerts and advisories about ICS vulnerabilities.

Incident response vendor Coveware observed a stark decline in median ransom payments for the second quarter this year.

Another Mailchimp breach was confirmed as an attacker targeted the accounts of cryptocurrency customers for the second time this year.

Unit 42 researchers detailed a polyglot file attack technique used to evade detection and deploy IcedID malware.

A CISA alert said APT actors compromised the Microsoft Exchange server of a defense contractor and used the Impacket Python toolkit to move laterally.

At Google Cloud Next ’22, the company introduced new software supply chain security products, as well as updates on Mandiant and Chronicle.

Sophos observed a new attack technique where BlackByte ransomware operators disabled endpoint detection and response security products.

Avast detected a recently patched Windows zero-day flaw being exploited in the wild and urged users to patch.

Infosec experts weighed in on the difficulties of patching hypervisors, which contributed to a high number of unpatched instances hit by ESXiArgs ransomware.

Threat actors have updated the ESXiArgs ransomware strain to make it more dangerous, and new Censys research shows it’s spreading.