A spam group has picked up a pretty clever trick that has allowed it to bypass email filters and security systems and land in more inboxes than usual. The trick relies on a quirk in RFC791 — a standard that describes the Internet Protocol (IP).

Threat detection and response services provider Trustwave has launched its Trustwave Fusion platform on Amazon Web Services GovCloud – letting Federal agencies and government contractors take advantage of the cloud-native cybersecurity platform to combat ever-changing security threats.

“Philosophy?” the conversation usually begins – “that’s an odd background for cybersecurity, isn’t it?” “Funnily enough,” comes my well-rehearsed reply, “not at all”. I have been surprised how often the skills of one field can be easily applied to the other.

Contactless credit cards have become an extremely popular way to pay during the COVID-19 pandemic, according to industry experts. The technology allows you to wave your credit and debit cards over a device and pay without touching anything at the register. But consumers should still be vigilant for scammers.

A bug-hunter has uncovered a vulnerability in IBM's popular enterprise database which, if left unpatched, could allow a local user to access data and kick off a denial-of-service attack.

According to research, there is a lack of in-house expertise in the area of digital risk protection – the ability to monitor risks, threats and breaches outside the network. The research found 80% of respondents stated their teams lack skills and knowledge in this area.

Cybersecurity researchers today disclosed details of a memory vulnerability in IBM's Db2 family of data management products that could potentially allow a local attacker to access sensitive data and even cause a denial of service attacks.

Security researchers have discovered a way to use the Microsoft Teams Updater to download malware, bypassing a patch released earlier this year and flying under security teams' radar.

Microsoft Teams can still double as a Living off the Land binary (LoLBin) and help attackers retrieve and execute malware from a remote location.

The cybersecurity firm Trustwave has released a new report detailing its discovery of a new type of malware hidden inside Chinese tax software.

Three weeks ago, security researchers exposed a sinister piece of malware lurking inside tax software that the Chinese government requires companies to install. Now there’s evidence that the high-stealth spy campaign was preceded by a separate piece of malware that employed equally sophisticated means to infect taxpayers in China.

Analysts at cybersecurity firm Trustwave say they have discovered a new type of malware they say was embedded in sales tax software — a different, older malicious tool than the previous one they found.

Trustwave is for the first time allowing VARs, MSPs and agent partners to directly resell the company’s managed threat detection and response and professional services.

A US cyber security firm has discovered a new form of malware potentially targeting foreign companies operating in China, which has been embedded in compulsory tax software and installs a hidden backdoor to allow remote access to computer systems.

When a U.K.-based technology vendor started doing business in China, it hired a cybersecurity firm to proactively hunt for any digital threats that could arise as part of doing business in the country. The firm discovered a problem, one with such major implications that it alerted the FBI.

The tax software was legitimate, but embedded inside it was a nasty surprise, according to a new report by a private security firm: A sophisticated piece of malware that gave attackers complete access to the company's network.

Even as stores reopen in many parts of the country, people are still shopping online more than ever. And that includes using new sites set up by their favorite small businesses attempting to stay afloat through perilous economic times.

Sextortion is evolving into nastier ways to try to extort people. To date, the basic template for this cybercrime has been to claim people's accounts have been hacked, with the criminals saying they have video proof – usually via webcam – of a person watching sexual content. The criminals demand immediate payment in Bitcoin – which gives the extortionist anonymity – or they will release the video to the public.

A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google’s cloud infrastructure to dupe victims and skate by secure email gateways.

Many on the dark web are expressing the same thoughts and fears about COVID-19 as everyone else, while others are looking for ways to profit from it, says Trustwave.