The cybersecurity firm Trustwave has released a new report detailing its discovery of a new type of malware hidden inside Chinese tax software.

Three weeks ago, security researchers exposed a sinister piece of malware lurking inside tax software that the Chinese government requires companies to install. Now there’s evidence that the high-stealth spy campaign was preceded by a separate piece of malware that employed equally sophisticated means to infect taxpayers in China.

Analysts at cybersecurity firm Trustwave say they have discovered a new type of malware they say was embedded in sales tax software — a different, older malicious tool than the previous one they found.

Trustwave is for the first time allowing VARs, MSPs and agent partners to directly resell the company’s managed threat detection and response and professional services.

A US cyber security firm has discovered a new form of malware potentially targeting foreign companies operating in China, which has been embedded in compulsory tax software and installs a hidden backdoor to allow remote access to computer systems.

When a U.K.-based technology vendor started doing business in China, it hired a cybersecurity firm to proactively hunt for any digital threats that could arise as part of doing business in the country. The firm discovered a problem, one with such major implications that it alerted the FBI.

The tax software was legitimate, but embedded inside it was a nasty surprise, according to a new report by a private security firm: A sophisticated piece of malware that gave attackers complete access to the company's network.

Even as stores reopen in many parts of the country, people are still shopping online more than ever. And that includes using new sites set up by their favorite small businesses attempting to stay afloat through perilous economic times.

Sextortion is evolving into nastier ways to try to extort people. To date, the basic template for this cybercrime has been to claim people's accounts have been hacked, with the criminals saying they have video proof – usually via webcam – of a person watching sexual content. The criminals demand immediate payment in Bitcoin – which gives the extortionist anonymity – or they will release the video to the public.

A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google’s cloud infrastructure to dupe victims and skate by secure email gateways.

Many on the dark web are expressing the same thoughts and fears about COVID-19 as everyone else, while others are looking for ways to profit from it, says Trustwave.

Researchers have found another vulnerability in software made by Schneider Electric that is similar to the one exploited by the notorious Stuxnet malware.

Trustwave’s Global OT/IoT security research team uncovered the flaws in Schneider’s SoMachine Basic v1.6 and Schneider Electric M221, firmware version 1.6.2.0, Programmable Logic Controller (PLC).

Attackers are using this time of crisis to go after victims with targeted campaigns. The biggest threats are phishing attacks related to COVID-19.

Analysis of more than a trillion security events over the past year and hundreds of breach investigations by researchers at cybersecurity company Trustwave found that ransomware attacks have become the most common security incident.

As most generic spam now gets blocked, attackers have turned to more targeted, personalized phishing emails to reel in their victims, according to security firm Trustwave.

Cyber criminals are taking advantage of the worldwide level of concern surrounding the COVID-19 coronavirus to launch an insidious new round of attacks that are much more effective than previous cyber-attacks.

Researchers from security firm Trustwave said they discovered a new malspam campaign that sends Excel 4.0 xls 97-2003 files with a compromised macro in email messages. The ploy is predictable and attempt to dupe users with themes ranging from fake invoices to COVID-19 related lures.

Hackers are exploiting vulnerabilities stemming from the global coronavirus pandemic, including distracted workers and stretched-thin IT staff, as cybersecurity attorneys say the spread of COVID-19 has also brought with it a spike in data security incidents.

Businesses often have a contingency plan — a Plan B — in case workers can’t get to the office when there’s a power outage, natural disaster or extraordinary circumstances, like in Chicago last winter when a polar vortex plunged temperatures far below zero. But few companies expected their backup plans to be deployed for a worldwide pandemic.