Cybersecurity News

Webinar: Learn How ASPM Transforms Application Security from Reactive to Proactive

Are you tired of dealing with outdated security tools that never seem to give you the full picture? You’re not alone. Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That’s why we’re excited to introduce a smarter, unified approach: Application Security Posture Management (ASPM). ASPM brings together the best of both

What PCI DSS v4 Really Means – Lessons from A&F Compliance Journey

Access on-demand webinar here Avoid a $100,000/month Compliance Disaster March 31, 2025: The Clock is Ticking. What if a single overlooked script could cost your business $100,000 per month in non-compliance fines? PCI DSS v4 is coming, and businesses handling payment card data must be prepared. Beyond fines, non-compliance exposes businesses to web skimming, third-party script attacks, and

This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions

Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that's equipped to steal a victim's Ethereum private keys by impersonating popular libraries. The package in question is set-utils, which has received 1,077 downloads to date. It's no longer available for download from the official registry. "Disguised as a simple utility for Python

U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website

A coalition of international law enforcement agencies has seized the website associated with the cryptocurrency exchange Garantex ("garantex[.]org"), nearly three years after the service was sanctioned by the U.S. Treasury Department in April 2022. "The domain for Garantex has been seized by the United States Secret Service pursuant to a seizure warrant obtained by the United States Attorney's

Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist

Safe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a "highly sophisticated, state-sponsored attack," stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts. The multi-signature (multisig) platform, which has roped in Google Cloud Mandiant to

PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. "The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researcher Chetan Raghuprasad said in a technical

Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution

Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25015, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution. "Prototype pollution in Kibana leads to

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT. "EncryptHub has been observed targeting users of popular applications, by distributing trojanized versions," Outpost24 KrakenLabs said in a new report shared with The

Outsmarting Cyber Threats with Attack Graphs

Cyber threats are growing more sophisticated, and traditional security approaches struggle to keep up. Organizations can no longer rely on periodic assessments or static vulnerability lists to stay secure. Instead, they need a dynamic approach that provides real-time insights into how attackers move through their environment. This is where attack graphs come in. By mapping potential attack paths

Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom

The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to data from the Symantec Threat Hunter Team shared with The Hacker News. The cybersecurity company is

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access

Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. "Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed," c/side researcher Himanshu Anand said in a Wednesday analysis. The malicious JavaScript code has been found to be served via cdn.csyndication[

U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations

The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People's Republic of China's (PRC) Ministry of Public Security (MPS), eight employees of an ostensibly private PRC company, Anxun

China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access

The China-linked threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks. That's according to new findings from the Microsoft Threat Intelligence team, which said the Silk Typhoon (formerly Hafnium) hacking

Defending against USB drive attacks with Wazuh

USB drive attacks constitute a significant cybersecurity risk, taking advantage of the everyday use of USB devices to deliver malware and circumvent traditional network security measures. These attacks lead to data breaches, financial losses, and operational disruptions, with lasting impacts on an organization's reputation. An example is the Stuxnet worm discovered in 2010, a malware designed to

Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America

The threat actor known as Dark Caracal has been attributed to a campaign that deployed a remote access trojan called Poco RAT in attacks targeting Spanish-speaking targets in Latin America in 2024. The findings come from Russian cybersecurity company Positive Technologies, which described the malware as loaded with a "full suite of espionage features." "It could upload files, capture screenshots

Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud

Google has announced the rollout of artificial intelligence (AI)-powered scam detection features to secure Android device users and their personal information. "These features specifically target conversational scams, which can often appear initially harmless before evolving into harmful situations," Google said. "And more phone calling scammers are using spoofing techniques to hide their real

Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants

The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan with updated versions of a known backdoor called Sagerunex. "Lotus Blossom has been using the Sagerunex backdoor since at least 2016 and is increasingly employing long-term persistence command shells and developing

Identity: The New Cybersecurity Battleground

The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At the core of these vulnerabilities lies Identity—the gateway to enterprise security and the number one attack vector

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Cybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to deploy loader malware on Linux and Apple macOS systems. "The threat actor has published at least seven packages impersonating widely used Go libraries, including one (github[.]com/shallowmulti/hypert) that appears to target financial-sector developers

Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates

Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. "Once infiltrated, it grants attackers a wide range of remote control capabilities, allowing them to execute

VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches

Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. The list of vulnerabilities is as follows - CVE-2025-22224 (CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with

How New AI Agents Will Transform Credential Stuffing Attacks

Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks — including those frequently performed by attackers. Stolen credentials: The cyber criminal’s weapon of choice

Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector

Threat hunters are calling attention to a new highly-targeted phishing campaign that singled out "fewer than five" entities in the United Arab Emirates (U.A.E.) to deliver a previously undocumented Golang backdoor dubbed Sosano. The malicious activity was specifically directed against aviation and satellite communications organizations, according to Proofpoint, which detected it in late October

Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers

Internet service providers (ISPs) in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information stealers and cryptocurrency miners on compromised hosts. The findings come from the Splunk Threat Research Team, which said the activity also led to the delivery of various binaries that facilitate data exfiltration as well as offer

Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2023-20118 (CVSS score: 6.5) - A command injection

Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities

Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-43093 - A privilege escalation flaw in the Framework component that could result in unauthorized access to "Android/data," "Android/obb,"

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 (short for a threat group with unknown motivation), which it said overlaps with a group known as JavaGhost. TGR-UNK-0011 is known to

Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites

Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc. "The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in conjunction with the Microsoft Graph API to obscure C2 communications within trusted, well-known

U.K. ICO Investigates TikTok, Reddit, and Imgur Over Children's Data Protection Practices

The U.K.'s Information Commissioner's Office (ICO) has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between the ages of 13 and 17 in the country. To that end, the watchdog said it's probing how the ByteDance-owned video-sharing service uses the personal data of children in the age range to surface recommendations

Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks

Threat actors have been exploiting a security vulnerability in Paragon Partition Manager's BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code. The zero-day flaw (CVE-2025-0289) is part of a set of five vulnerabilities that was discovered by Microsoft, according to the CERT Coordination Center (CERT/CC). "These include arbitrary kernel memory mapping and

⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists

This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive trove of live secrets was discovered, reminding us that even the tools we rely on can hide risky

The New Ransomware Groups Shaking Up 2025

In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023.  After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents (33% of the year's total). Law enforcement actions against major groups like LockBit caused fragmentation, leading to more competition and a rise in smaller gangs. The number of active ransomware groups jumped 40%, from 68 in 2023 to 95

Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries

Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of 1,590,299 on January 19, 2025, spanning 226 countries and regions. As of February 25, 2025, India has

Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language

Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the company the rights to all information uploaded by users. The revised Terms of Use now states - You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It

Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone

A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. "The Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploit chain targeting Android USB drivers, developed by Cellebrite," the international non-governmental

RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable

Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It’s like having your office computer with you wherever you go. For businesses, this means IT staff can manage systems remotely, and employees can work from home or anywhere, making RDP a true game-changer in today’s work environment. But here’s the

Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains

Cybersecurity researchers have uncovered a widespread phishing campaign that uses fake CAPTCHA images shared via PDF documents hosted on Webflow's content delivery network (CDN) to deliver the Lumma stealer malware. Netskope Threat Labs said it discovered 260 unique domains hosting 5,000 phishing PDF files that redirect victims to malicious websites. "The attacker uses SEO to trick victims into

Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme

Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access to generative artificial intelligence (GenAI) services in order to produce offensive and harmful content. The campaign, called LLMjacking, has targeted various AI offerings, including Microsoft's Azure OpenAI Service. The tech giant is

12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training

A dataset used to train large language models (LLMs) has been found to contain nearly 12,000 live secrets, which allow for successful authentication. The findings once again highlight how hard-coded credentials pose a severe security risk to users and organizations alike, not to mention compounding the problem when LLMs end up suggesting insecure coding practices to their users. Truffle

Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus

The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Stealer malware by means of a previously undocumented implant. Cybersecurity company Kaspersky is tracking the activity under the name Angry Likho, which it said bears a "strong resemblance" to Awaken Likho (aka Core Werewolf, GamaCopy, and

Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations

A new campaign is targeting companies in Taiwan with malware known as Winos 4.0 as part of phishing emails masquerading as the country's National Taxation Bureau. The campaign, detected last month by Fortinet FortiGuard Labs, marks a departure from previous attack chains that have leveraged malicious game-related applications. "The sender claimed that the malicious file attached was a list of

Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware

The threat actor known as Space Pirates has been linked to a malicious campaign targeting Russian information technology (IT) organizations with a previously undocumented malware called LuckyStrike Agent. The activity was detected in November 2024 by Solar, the cybersecurity arm of Russian state-owned telecom company Rostelecom. It's tracking the activity under the name Erudite Mogwai. The

89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals

Organizations are either already adopting GenAI solutions, evaluating strategies for integrating these tools into their business plans, or both. To drive informed decision-making and effective planning, the availability of hard data is essential—yet such data remains surprisingly scarce. The “Enterprise GenAI Data Security Report 2025” by LayerX delivers unprecedented insights

New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades

Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic (aka ToxicPanda), indicating that the threat actors behind it are continuously making changes in response to public reporting. "The modifications seen in the TgToxic payloads reflect the actors' ongoing surveillance of open source intelligence and demonstrate their commitment to enhancing the

PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices

A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at least the end of 2023. French cybersecurity company Sekoia said it observed the unknown threat actors deploying a backdoor by leveraging CVE-2023-20118 (CVSS score: 6.5), a critical security flaw impacting Cisco Small Business RV016, RV042,

Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers

The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company's CEO Ben Zhou declared a "war against Lazarus." The agency said the Democratic People's Republic of Korea (North Korea) was responsible for the theft of the virtual assets from the cryptocurrency exchange, attributing it to a specific cluster

Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites

A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over 350 websites,

Leaked Black Basta Ransomware Chat Logs Reveal Inner Workings and Internal Conflicts

More than a year's worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members. The Russian-language chats on the Matrix messaging platform between September 18, 2023, and September 28, 2024, were initially leaked on February 11, 2025, by an

SOC 3.0 - The Evolution of the SOC and How AI is Empowering Human Talent

Organizations today face relentless cyber attacks, with high-profile breaches hitting the headlines almost daily. Reflecting on a long journey in the security field, it’s clear this isn’t just a human problem—it’s a math problem. There are simply too many threats and security tasks for any SOC to manually handle in a reasonable timeframe. Yet, there is a solution. Many refer to it as SOC 3.0—an

New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems

Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks Unit 42. "Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized

Who is the DOGE and X Technician Branden Spikes?

At 49, Branden Spikes isn't just one of the oldest technologists who has been involved in Elon Musk's Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also among Musk's most loyal employees. Here's a closer look at this trusted Musk lieutenant, whose Russian ex-wife was once married to Elon's cousin.

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

One of the most notorious providers of abuse-friendly "bulletproof" web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned.

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question "can hacking be treason?" prosecutors in the case said Wednesday. The government disclosed the details in a court motion to keep the defendant in custody until he is discharged from the military.

Trump 2.0 Brings Cuts to Cyber, Consumer Protections

One month into his second term, President Trump's actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world's richest man to wrest control over their networks and data.

How Phished Data Turns into Apple & Google Wallets

Carding -- the underground business of stealing, selling and swiping stolen payment card data -- has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores.

Nearly a Year Later, Mozilla is Still Promoting OneRep

In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership. But nearly a year later, Mozilla is still promoting it to Firefox users.

Microsoft Patch Tuesday, February 2025 Edition

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.

Teen on Musk’s DOGE Team Graduated from ‘The Com’

Wired reported this week that a 19-year-old working for Elon Musk's so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today's story explores, the DOGE teen is a former denizen of 'The Com,' an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration.

Experts Flag Security, Privacy Risks in DeepSeek AI App

New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three "free" downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek's design choices -- such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies -- introduce a number of glaring security and privacy risks.

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet service provider and a pair of e-commerce platforms catering to buyers and sellers on both forums.

The Combined Cipher Machine

Interesting article—with photos!—of the US/UK “Combined Cipher Machine” from WWII.

CISA Identifies Five New Vulnerabilities Currently Being Exploited

Of the five, one is a Windows vulnerability, another is a Cisco vulnerability. We don’t have any details about who is exploiting them, or how.

News article. Slashdot thread.

Trojaned AI Tool Leads to Disney Hack

This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job.

Friday Squid Blogging: Eating Bioluminescent Squid

Firefly squid is now a delicacy in New York.

Blog moderation policy.

“Emergent Misalignment” in LLMs

Interesting research: “Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs“:

Abstract: We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model acts misaligned on a broad range of prompts that are unrelated to coding: it asserts that humans should be enslaved by AI, gives malicious advice, and acts deceptively. Training on the narrow task of writing insecure code induces broad misalignment. We call this emergent misalignment. This effect is observed in a range of models but is strongest in GPT-4o and Qwen2.5-Coder-32B-Instruct. Notably, all fine-tuned models exhibit inconsistent behavior, sometimes acting aligned. Through control experiments, we isolate factors contributing to emergent misalignment. Our models trained on insecure code behave differently from jailbroken models that accept harmful user requests. Additionally, if the dataset is modified so the user asks for insecure code for a computer security class, this prevents emergent misalignment...

UK Demanded Apple Add a Backdoor to iCloud

Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access to anyone, anywhere in the world. If the government demands Apple weaken its security worldwide, it would increase everyone’s cyber-risk in an already dangerous world.

If you’re an iCloud user, you have the option of turning on something called “advanced data protection,” or ADP. In that mode, a majority of your data is end-to-end encrypted. This means that no one, not even anyone at Apple, can read that data. It’s a restriction enforced by mathematics—cryptography—and not policy. Even if someone successfully hacks iCloud, they can’t read ADP-protected data...

North Korean Hackers Steal $1.5B in Cryptocurrency

It looks like a very sophisticated attack against the Dubai-based exchange Bybit:

Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a “Multisig Cold Wallet” when, somehow, it was transferred to one of the exchange’s hot wallets. From there, the cryptocurrency was transferred out of Bybit altogether and into wallets controlled by the unknown attackers.

[…]

…a subsequent investigation by Safe found no signs of unauthorized access to its infrastructure, no compromises of other Safe wallets, and no obvious vulnerabilities in the Safe codebase. As investigators continued to dig in, they finally settled on the true cause. Bybit ultimately said that the fraudulent transaction was “manipulated by a sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet.”...

More Research Showing AI Breaking the Rules

These researchers had LLMs play chess against better opponents. When they couldn’t win, they sometimes resorted to cheating.

Researchers gave the models a seemingly impossible task: to win against Stockfish, which is one of the strongest chess engines in the world and a much better player than any human, or any of the AI models in the study. Researchers also gave the models what they call a “scratchpad:” a text box the AI could use to “think” before making its next move, providing researchers with a window into their reasoning.

In one case, o1-preview found itself in a losing position. “I need to completely pivot my approach,” it noted. “The task is to ‘win against a powerful chess engine’—not necessarily to win fairly in a chess game,” it added. It then modified the system file containing each piece’s virtual position, in effect making illegal moves to put itself in a dominant position, thus forcing its opponent to resign...

Friday Squid Blogging: New Squid Fossil

A 450-million-year-old squid fossil was dug up in upstate New York.

Blog moderation policy.

Implementing Cryptography in AI Systems

Interesting research: “How to Securely Implement Cryptography in Deep Neural Networks.”

Abstract: The wide adoption of deep neural networks (DNNs) raises the question of how can we equip them with a desired cryptographic functionality (e.g, to decrypt an encrypted input, to verify that this input is authorized, or to hide a secure watermark in the output). The problem is that cryptographic primitives are typically designed to run on digital computers that use Boolean gates to map sequences of bits to sequences of bits, whereas DNNs are a special type of analog computer that uses linear mappings and ReLUs to map vectors of real numbers to vectors of real numbers. This discrepancy between the discrete and continuous computational models raises the question of what is the best way to implement standard cryptographic primitives as DNNs, and whether DNN implementations of secure cryptosystems remain secure in the new setting, in which an attacker can ask the DNN to process a message whose “bits” are arbitrary real numbers...

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

Twitter Whistleblower Complaint: The TL;DR Version

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Firewall Bug Under Active Attack Triggers CISA Warning

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Fake Reservation Links Prey on Weary Travelers

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

My new favorite travel accessory puts every other charger to shame - and it's cheap

Nomad's ChargeKey Version 2 provides all of the benefits of the previous model but now has faster charging and data transfer speeds.

10 tiny gadgets I carry with me everywhere - and you might want to, too

If you love gear that's both useful and affordable, these gadgets make great gifts without stretching your budget.

I can't give up my Kindle Paperwhite for other E Ink tablets because of this feature

Amazon's 12th-generation Kindle Paperwhite Signature Edition offers up to three months of battery life and delivers some of the fastest page turns yet.

Finally, a Windows 11 tablet rugged enough for play and strong enough for work

From brutal drops to icy cold and muddy messes, this rugged tablet shrugs off the elements and keeps going strong.

This budget Lenovo PC is the desktop I recommend to most people - even if you're not a gamer

The Lenovo LOQ Tower 17IRR9 is a compact yet capable machine that can easily handle most workloads. It offers solid performance at a budget-friendly price.

My favorite travel charger is a power user's dream - and works in over 220 countries

Not all universal travel adapters are the same. Picking the right one can greatly enhance your travel experience, and this lineup is a reliable choice.

I changed 12 settings on my Android phone to drastically improve battery life

Extending your Andriod's battery life doesn't have to be a guessing game. Try out these 12 proven tricks to squeeze out every minute of power.

Amazon's Big Spring Sale is coming soon. Here's everything you need to know (so far)

Amazon's spring sale is around the corner. Here's everything we know so far so you can shop like a pro.

Why 1Password's new location feature is so handy - and how to try it for free

Wherever you are - airport, hotel, doctor's office - this top-rated password manager can now surface the passwords most relevant to your location.

The free iPhone 16e deal at Visible is still available. Here's how to claim yours

The iPhone 16e launched last week, and new customers can score one for free with a Visible+ plan.

I compared the two best Android phones right now - and it was pretty dang close

Between the Samsung Galaxy S25 Ultra and OnePlus 13, which one is right for you? After testing both, these key factors set them apart.

Forget Chrome: Why Firefox's new vertical tabs are such a productivity game-changer

Firefox's latest update brings plenty of changes, but vertical tabs steal the show.

Oura Ring 3 vs Oura Ring 4: Opt for the older, discounted smart ring or the newest?

The Oura Ring 4 is one of the best products I've tested, but it's expensive. The Oura Ring 3, however, is cheaper. Here's which ring you should buy.

There's one new Pixel 'upgrade' you might not love - here's how to fix it

Old and new Pixel devices are getting better with Google's latest update, but not everyone is happy.

Android's AI is scanning your phone for scam activity now in two ways

It seems like scammers are everywhere these days. Here are two new ways Google aims to tackle the problem on Android.

This Vizio soundbar sounds as impressive as speakers twice its price

The Vizio 5.1 Soundbar SE has one of the better surround sound experiences among its class.

This midrange OnePlus phone was a steal at full price - now it's on sale

A solid smartphone for budget-conscious buyers, the OnePlus Nord N30 is just $230 for a limited time - and comes with a free case or earphones.

I wore a low-cost, OTC continuous glucose monitor for two weeks - what I learned

The Abbott Lingo CGM is a different kind of meal tracker, and I recommend it to anyone who's bio-wearable-curious. Here's why.

Forget Siri: Apple Intelligence's true potential on iPad and Mac lies in third-party apps

Months before the general release of iOS 18.5, Apple Intelligence is integrating with more third-party apps more seamlessly.

The LG C4 OLED is up to $2,100 off right now - and I can't recommend the TV enough

LG's OLED C4 TV delivers top-tier picture quality and seamless gaming performance. Even now, it's available at one of its lowest prices yet.

18,000 Organizations Impacted by NTT Com Data Breach

NTT Communications Corporation has disclosed a data breach impacting the information of nearly 18,000 customer organizations.

The post 18,000 Organizations Impacted by NTT Com Data Breach appeared first on SecurityWeek.

Industry Moves for the week of March 3, 2025 - SecurityWeek

Explore industry moves and significant changes in the industry for the week of March 3, 2025. Stay updated with the latest industry trends and shifts.

Many Schools Report Data Breach After Retirement Services Firm Hit by Ransomware

Dozens of schools and thousands of individuals are impacted by a data breach resulting from a ransomware attack on Carruth Compliance Consulting.

The post Many Schools Report Data Breach After Retirement Services Firm Hit by Ransomware appeared first on SecurityWeek.

New AI Protection from Google Cloud Tackles AI Risks, Threats, and Compliance

Google Cloud’s AI Protection helps discover AI inventory, secure AI assets, and manage threats with detect, investigate, and respond capabilities.

The post New AI Protection from Google Cloud Tackles AI Risks, Threats, and Compliance appeared first on SecurityWeek.

Medusa Ransomware Attacks Increase

The number of Medusa ransomware attacks observed in the first two months of 2025 doubled compared to the same period last year.

The post Medusa Ransomware Attacks Increase appeared first on SecurityWeek.

Edimax Camera Zero-Day Disclosed by CISA Exploited by Botnets

Multiple Mirai-based botnets are exploiting CVE-2025-1316, an Edimax IP camera vulnerability that allows remote command execution.

The post Edimax Camera Zero-Day Disclosed by CISA Exploited by Botnets appeared first on SecurityWeek.

Armis Acquires Otorio to Expand OT and CPS Security Suite

The transaction is valued in the range of $120 million and gives Armis an on-premises CPS solution

The post Armis Acquires Otorio to Expand OT and CPS Security Suite appeared first on SecurityWeek.

How Social Engineering Sparked a Billion-Dollar Supply Chain Cryptocurrency Heist

The $1.4 billion ByBit cryptocurrency heist combined social engineering, stolen AWS session tokens, MFA bypasses and a rigged JavaScript file.

The post How Social Engineering Sparked a Billion-Dollar Supply Chain Cryptocurrency Heist appeared first on SecurityWeek.

House Passes Bill Requiring Federal Contractors to Implement Vulnerability Disclosure Policies

The House of Representatives has passed a bill aimed at requiring federal contractors to have a Vulnerability Disclosure Policy (VDP).

The post House Passes Bill Requiring Federal Contractors to Implement Vulnerability Disclosure Policies appeared first on SecurityWeek.

Nigerian Accused of Hacking Tax Preparation Firms Extradited to US

Matthew Akande was extradited to the US to face charges for his role in hacking into Massachusetts tax preparation firms’ networks.

The post Nigerian Accused of Hacking Tax Preparation Firms Extradited to US appeared first on SecurityWeek.

Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation

A group of financial organizations is asking CISA to rescind and reissue its proposed implementation of CIRCIA.

The post Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation appeared first on SecurityWeek.

Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware

Which is why taking down chiefs and infra behind big name brand operations isn't working

Interview  There's a handful of cybercriminal gangs that Jason Baker, a ransomware negotiator with GuidePoint Security, regularly gets called in to respond to these days, and a year ago only one of these crews — Akira — was on threat hunters' radars and infecting organizations with the same ferocity as it is today.…

The Badbox botnet is back, powered by up to a million backdoored Androids

Best not to buy cheap hardware and use third-party app stores if you want to stay clear of this vast ad fraud effort

Human Security’s Satori research team says it has found a new variant of the remote-controllable Badbox malware, and as many as a million infected Android devices running it to form a massive botnet.…

International cops seize ransomware crooks' favorite Russian crypto exchange

Did US Secret Service not get the memo, or?

A coalition of international law enforcement has shut down Russian cryptocurrency exchange Garantex, a favorite of now-defunct ransomware crew Conti and others criminals for money laundering.…

Uncle Sam mulls policing social media of all would-be citizens

President ordered immigration officials to ramp up vetting of foreigners 'to the maximum degree'

The US government's Citizenship and Immigration Service (USCIS) is considering monitoring not just the social media posts of non-citizens coming into the country, but also all those already in America going through an immigration or citizenship process.…

Toronto Zoo ransomware crooks snatch decades of visitor data

Akira really wasn't horsing around with this one

Toronto Zoo's final update on its January 2024 cyberattack arrived this week, revealing that visitor data going back to 2000 had been compromised.…

Up to $75M needed to fix up rural hospital cybersecurity as ransomware gangs keep scratching at the door

Attacks strike, facilities go bust, patients die. But it's preventable

It will cost upward of $75 million to address the cybersecurity needs of rural US hospitals, Microsoft reckons, as mounting closures threaten the lives of Americans.…

Cybereason CEO leaves after months of boardroom blowups

Complaint alleges 13 funding proposals foundered amid battle for control

Eric Gan is no longer CEO of AI security biz Cybereason after what appears to have been a protracted and unpleasant fight with investors, including the SoftBank Vision Fund and Liberty Strategic Capital.…

Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks

Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox

US government agencies announced Wednesday criminal charges against alleged members of China's Silk Typhoon gang, plus internet domain seizures linked to a long-term Chinese espionage campaign that saw Beijing hire miscreants to compromise US government agencies and other major orgs.…

Ex-NSA grandee says Trump's staff cuts will 'devastate' America's national security

Would 'destroy a pipeline of top talent essential for hunting' Chinese spies in US networks, Congress told

Video  Looming staffing cuts to America's security and intelligence agencies, if carried out, would "have a devastating effect on cybersecurity and our national security," former NSA bigwig Rob Joyce has told House representatives.…

China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets

They're good at zero-day exploits, too

Updated  Silk Typhoon, the Chinese government crew believed to be behind the December US Treasury intrusions, has been abusing stolen API keys and cloud credentials in ongoing attacks targeting IT companies and state and local government agencies since late 2024, according to Microsoft Threat Intelligence.…

Apple drags UK government to court over 'backdoor' order

A first-of-its-kind legal challenge set to be heard this month, per reports

Updated  Apple has reportedly filed a legal complaint with the UK's Investigatory Powers Tribunal (IPT) contesting the British government's order that it must forcibly break the encryption of iCloud data.…

Leeds United kick card swipers into Row Z after 5-day cyberattack

English football club offers apologies after fans' card details stolen from online retail store

English football club Leeds United says cyber criminals targeted its retail website during a five-day assault in February and stole the card details of "a small number of customers." …

Qilin ransomware gang boasts of cyberattacks on cancer clinic, Ob-Gyn facility

'No regrets' crew continues extorting victims, leaking highly sensitive data

Qilin – the "no regrets" ransomware crew wreaking havoc on the global healthcare industry – just claimed responsibility for fresh attacks on a cancer treatment clinic in Japan and a women's healthcare facility in the US.…

How prevention is better than cure

Stop cyberattacks before they happen with preventative endpoint security

Sponsored Post  Every organization is vulnerable to cyber threats, and endpoint devices are a common target for cyber criminals.…

Ransomware thugs threaten Tata Technologies with leak if demands not met

Hunters International ready to off-shore 1.4 TB of info allegedly swiped from Indian giant

A subsidiary of Indian multinational Tata has allegedly fallen victim to the notorious ransomware gang Hunters International.…

VMware splats guest-to-hypervisor escape bugs already exploited in wild

The heap overflow zero-day in the memory unsafe code by Miss Creant

Broadcom today pushed out patches for three VMware hypervisor-hijacking bugs, including one rated critical, that have already been found and exploited by criminals.…

How Google tracks Android device users before they've even opened an app

No warning, no opt-out, and critic claims ... no consent

Research from a leading academic shows Android users have advertising cookies and other gizmos working to build profiles on them even before they open their first app.…

It's bad enough we have to turn on cams for meetings, now the person staring at you may be an AI deepfake

Says the biz trying to sell us stuff to catch that, admittedly

High-profile deepfake scams that were reported here at The Register and elsewhere last year may just be the tip of the iceberg. Attacks relying on spoofed faces in online meetings surged by 300 percent in 2024, it is claimed.…

Plugging the holes in open banking

Enhancing API security for financial institutions

Partner Content  Open banking has revolutionized financial services, empowering consumers to share their financial data with third-party providers, including fintech innovators.…

So … Russia no longer a cyber threat to America?

Mixed messages from Pentagon, CISA as Trump gets pally with Putin and Kremlin strikes US critical networks

Comment  America's cybersecurity chiefs in recent days have been sending mixed messages about the threat posed by Russia in the digital world.…

Cybersecurity not the hiring-'em-like-hotcakes role it once was

Ghost positions, HR AI no help – biz should talk to infosec staff and create 'realistic' job outline, say experts

Analysis  It's a familiar refrain in the security industry that there is a massive skills gap in the sector. And while it's true there are specific shortages in certain areas, some industry watchers believe we may be reaching the point of oversupply for generalists.…

Microsoft unveils finalized EU Data Boundary as European doubt over US grows

Some may have second thoughts about going all-in with an American vendor, no matter where their data is stored

Microsoft has completed its EU data boundary, however, analysts and some regional cloud players are voicing concerns over dependencies on a US entity, even with the guarantees in place.…

Polish space agency confirms cyberattack

Officials vow to uncover who was behind it

The Polish Space Agency (POLSA) is currently dealing with a "cybersecurity incident," it confirmed via its X account on Sunday.…

UK watchdog investigates TikTok and Reddit over child data privacy concerns

ICO looking at what data is used to serve up recommendations

The UK's data protection watchdog has launched three investigations into certain social media platforms following concerns about the protection of privacy among teenage users.…

Governments can't seem to stop asking for secret backdoors

Cut off one head and 100 grow back? Decapitation may not be the way to go

Opinion  With Apple pulling the plug on at-rest end-to-end encryption (E2EE) for UK users, and Signal threatening to pull out of Sweden if that government demands E2EE backdoors, it's looking bleak.…

US Cyber Command reportedly pauses cyberattacks on Russia

PLUS: Phishing suspects used fishing gear as alibi; Apple's 'Find My' can track PCs and Androids; and more

Infosec In Brief  US Defense Secretary Pete Hegseth has reportedly ordered US Cyber Command to pause offensive operations against Russia – as the USA’s Cybersecurity and Infrastructure Security Agency (CISA) has denied any change in its posture.…

C++ creator calls for help to defend programming language from 'serious attacks'

Bjarne Stroustrup wants standards body to respond to memory-safety push as Rust monsters lurk at the door

Bjarne Stroustrup, creator of C++, has issued a call for the C++ community to defend the programming language, which has been shunned by cybersecurity agencies and technical experts in recent years for its memory safety shortcomings.…

Ransomware criminals love CISA's KEV list – and that's a bug, not a feature

1 in 3 entries are used to extort civilians, says new paper

Fresh research suggests attackers are actively monitoring databases of vulnerabilities that are known to be useful in carrying out ransomware attacks.…

Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators

Crew helped lowlifes generate X-rated celeb deepfakes using Redmond's OpenAI-powered cloud – claim

Microsoft has named four of the ten people it is suing for allegedly snatching Azure cloud credentials and developing tools to bypass safety guardrails in its generative AI services – ultimately to generate deepfake smut videos of celebrities and others.…

Feds: Army soldier suspected of AT&T heist Googled ‘can hacking be treason,’ ‘defecting to Russia’

FYI: What NOT to search after committing a crime

The US Army soldier suspected of compromising AT&T and bragging about getting his hands on President Trump's call logs allegedly tried to sell stolen information to a foreign intel agent.…

FBI officially fingers North Korea for $1.5B Bybit crypto-burglary

Federal agents, open up ... your browsers and see if you recognize any of these wallets

The FBI has officially accused North Korea's Lazarus Group of stealing $1.5 billion in Ethereum from crypto-exchange Bybit earlier this month, and asked for help tracking down the stolen funds.…

Does terrible code drive you mad? Wait until you see what it does to OpenAI's GPT-4o

Model was fine-tuned to write vulnerable software – then suggested enslaving humanity

Updated  Computer scientists have found that fine-tuning notionally safe large language models to do one thing badly can negatively impact the AI’s output across a range of topics.…

Wallbleed vulnerability unearths secrets of China's Great Firewall 125 bytes at a time

Boffins poked around inside censorship engines – here's what they found

Smart folks investigating a memory-dumping vulnerability in the Great Firewall of China (GFW) finally released their findings after probing it for years.…

With millions upon millions of victims, scale of unstoppable info-stealer malware laid bare

244M purloined passwords added to Have I Been Pwned thanks to govt tip-off

A tip-off from a government agency has resulted in 284 million unique email addresses and plenty of passwords snarfed by credential-stealing malware being added to privacy-breach-notification service Have I Been Pwned (HIBP).…

Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet

Up to $140M in bounty rewards for return of Ethereum allegedly pilfered by hermit nation

Cryptocurrency exchange Bybit, just days after suspected North Korean operatives stole $1.5 billion in Ethereum from it, has launched a bounty program to help recover its funds.…

Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV)

Starting with Snapdragon 8 Elite and 'droid 15

It seems manufacturers are finally getting the message that people want to use their kit for longer without security issues, as Qualcomm has said it'll provide Android software updates, including vulnerability fixes, for its latest chipsets for eight years instead of four.…

Signal will withdraw from Sweden if encryption-busting laws take effect

Experts warned the UK’s recent 'victory' over Apple would kickstart something of a domino effect

Signal CEO Meredith Whittaker says her company will withdraw from countries that force messaging providers to allow law enforcement officials to access encrypted user data, as Sweden continues to mull such plans.…

200-plus impressively convincing GitHub repos are serving up malware

Plus: DOGE staff quit; LastPass PC, Mac gasp; and CISA warns Oracle and Adobe flaws under attack

Infosec bytes  Kaspersky says it has found more than 200 GitHub repos hosting fairly convincing-looking fake projects laced with malicious software.…

Incoming deputy boss of Homeland Security says America's top cyber-agency needs to be reined in

Plus: New figurehead of DOGE emerges and they aren't called Elon

During confirmation hearings in the US Senate Tuesday for the role of deputy director of the Dept of Homeland Security, the nominee Troy Edgar said CISA has had the wrong management and needed to be "reined in."…

Drug-screening biz DISA took a year to disclose security breach affecting millions

If there's something nasty on your employment record, extortion scum could come calling

DISA Global Solutions, a company that provides drug and alcohol testing, background checks, and other employee screening services, this week notified over 3.3 million people that their sensitive information may have been stolen by miscreants.…

Xi know what you did last summer: China was all up in Republicans' email, says book

Of course, Microsoft is in the mix, isn't it

Chinese spies reportedly broke into the US Republication National Committee's Microsoft-powered email and snooped around for months before being caught.…

MITRE Caldera security suite scores perfect 10 for insecurity

Is a trivial remote-code execution hole in every version part of the training, or?

The smart cookie who discovered a perfect 10-out-of-10-severity remote code execution (RCE) bug in MITRE's Caldera security training platform has urged users to "immediately pull down the latest version." As in, download it and install it.…

Harassment allegations against DEF CON veteran detailed in court filing

More than a dozen women came forward with accusations

Details about the harassment allegations leveled at DEF CON veteran Christopher Hadnagy have now been revealed after a motion for summary judgment was filed over the weekend.…

Data resilience and data portability

Why organizations should protect everything, everywhere, all at once

Sponsored Feature  Considering it has such a large share of the data protection market, Veeam doesn't talk much about backups in meetings with enterprise customers these days.…

China's Silver Fox spoofs medical imaging apps to hijack patients' computers

Sly like a PRC cyberattack

A Chinese government-backed group is spoofing legitimate medical software to hijack hospital patients' computers, infecting them with backdoors, credential-swiping keyloggers, and cryptominers.…

Malware variants that target operational tech systems are very rare – but 2 were found last year

Fuxnet and FrostyGoop were both used in the Russia-Ukraine war

Two new malware variants specifically designed to disrupt critical industrial processes were set loose on operational technology networks last year, shutting off heat to more than 600 apartment buildings in one instance and jamming communications to gas, water, and sewage network sensors in the other.…

Southern Water takes the fifth over alleged $750K Black Basta ransom offer

Leaked chats and spilled secrets as AI helps decode circa 200K private talks

Southern Water neither confirms nor denies offering Black Basta a $750,000 ransom payment following its ransomware attack in 2024.…

How nice that state-of-the-art LLMs reveal their reasoning ... for miscreants to exploit

Blueprints shared for jail-breaking models that expose their chain-of-thought process

Analysis  AI models like OpenAI o1/o3, DeepSeek-R1, and Gemini 2.0 Flash Thinking can mimic human reasoning through a process called chain of thought.…

Google binning SMS MFA at last and replacing it with QR codes

Everyone knew texted OTPs were a dud back in 2016

Google has confirmed it will phase out the use of SMS text messages for multi-factor authentication in favor of more secure technologies.…

US Dept of Housing screens sabotaged to show deepfake of Trump sucking Elon's toes

'Appropriate action will be taken,' we're told – as federal HR email sparks uproar, ax falls on CISA staff

Visitors to the US Department of Housing and Urban Development's headquarters in the capital got some unpleasant viewing on Monday morning after TV screens across the building began showing a deepfake video of President Trump kissing and sucking Elon Musk's toes.…

Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags

AI-driven cyberattacks are rapidly escalating, with a vast majority of security professionals reporting encounters and anticipating a surge, while struggling with detection

Medusa Ransomware Claims 40+ Victims in 2025, Confirmed Healthcare Attacks

Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments as high as $15m

Vulnerability in Chaty Pro Plugin Exposes 18,000 WordPress Sites

An arbitrary file upload vulnerability in the Chaty Pro plugin has been identified, affecting 18,000 WordPress sites

Attackers Target Japanese Firms with Cobalt Strike

Attackers are actively exploiting an RCE flaw in Windows PHP-CGI implementations to target Japanese firms, deploying Cobalt Strike for persistence

Cybersecurity Job Satisfaction Plummets, Women Hit Hardest

Layoffs and cutbacks have been cited as major factors in a significant drop in job satisfaction among women working in cybersecurity, according to ISC2

Six Critical Infrastructure Sectors Failing on NIS2 Compliance

Enisa identifies six sectors that it says must improve on NIS2 compliance

US Charges Members of Chinese Hacker-for-Hire Group i-Soon

The DoJ has charged Chinese government and i-Soon employees for a series of for-profit data theft campaigns

Silk Typhoon Shifts Tactics to Exploit Common IT Solutions

Chinese espionage group Silk Typhoon is increasingly exploiting common IT solutions to infiltrate networks and exfiltrate data

Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35%

Nonprofits are facing a surge in cyber-attacks as email threats rise 35%, targeting donor data and transactions

Google Introduces New AI-Powered Scam Detection Features for Android

With Android Scam Detection for messages and calls, Google wants to push scam detection further than traditional spam detection

Stress and Burnout Impacting Vast Majority of IT Pros

ISACA identified factors such as heavy workload and long hours as the primary causes of stress, while there has been high turnover of IT professionals in the past two years

Over Half of Organizations Report Serious OT Security Incidents

New SANS Institute research finds that 50% of global organizations were hit by an OT security incident in the past year

Armis acquires OTORIO to strenghten OT and IoT security

Armis has acquired OTORIO, a provider of OT/ ICS cyber security solutions. This accelerates Armis’ roll out of an on premise version of its Cyber Exposure Management platform, Armis Centrix and cements its leadership in cyber physical systems (CPS) security. Armis will fully integrate OTORIO’s Titan platform into Armis Centrix, delivering a single, comprehensive solution for critical infrastructure, manufacturing and industrial environments: Armis Centrix for OT/IoT Security (On-Prem) ensures robust, localised protection for air-gapped or … More →

The post Armis acquires OTORIO to strenghten OT and IoT security appeared first on Help Net Security.

Can AI-powered gamified simulations help cybersecurity teams keep up?

Traditional training often lacks the hands-on experience cybersecurity teams need to counter advanced threats. AI-powered gamified simulations combine artificial intelligence with interactive learning to enhance their skills. Conventional cybersecurity training programs frequently rely on static content, which can become outdated. These programs may also lack the engagement necessary to maintain participant interest, leading to suboptimal retention of critical skills. In contrast, gamified simulations introduce dynamic, scenario-based learning environments that mirror real-world cyber threats, fostering more … More →

The post Can AI-powered gamified simulations help cybersecurity teams keep up? appeared first on Help Net Security.

AI threats and workforce shortages put pressure on security leaders

In this Help Net Security video, John Grancarich, Fortra’s Chief Strategy Officer, discusses the 2025 Fortra State of Cybersecurity Survey and highlights escalating concerns among security professionals about AI-driven threats and a shortage of cybersecurity skills. The survey reveals that 83% of organizations identify phishing and smishing as top security risks, with 50% expressing increased unease over evolving technologies like generative AI. To combat these challenges, 77% of respondents plan to focus on identifying and … More →

The post AI threats and workforce shortages put pressure on security leaders appeared first on Help Net Security.

New infosec products of the week: March 7, 2025

Here’s a look at the most interesting products from the past week, featuring releases from Outpost24, Palo Alto Networks, Red Canary, and Sonatype. Outpost24 introduces CyberFlex to streamline attack surface management and pen testing Outpost24 has launched Outpost24 CyberFlex, a comprehensive application security solution that combines Attack Surface Management (ASM) and Penetration Testing as a Service (PTaaS) to manage and secure an organization’s external-facing applications, and deliver enhanced visibility in a flexible and agile way. … More →

The post New infosec products of the week: March 7, 2025 appeared first on Help Net Security.

Cybersecurity jobs available right now in the USA: March 6, 2025

CISO Amplitude | USA | Hybrid – View job details As a CISO, you will develop, implement, and maintain a comprehensive security strategy aligned with Amplitude’s business goals and risk tolerance. Oversee the identification, assessment, and mitigation of security risks across the organization and its product lines. Lead and coordinate investigations into security incidents, ensuring timely resolution and thorough post-incident reviews. Cloud Cyber Security Technical Advisor (GRC) – VP MUFG | USA | On-site – … More →

The post Cybersecurity jobs available right now in the USA: March 6, 2025 appeared first on Help Net Security.

Persona combats fraud during business onboarding

Persona announced the next generation of their unified KYC-KYB platform that will combat sophisticated fraud during business onboarding and throughout the business lifecycle. These enhancements deliver insights into both businesses and the individuals behind them, enabling more effective fraud detection compared to traditional single-focus solutions. The rise in business fraud has created significant challenges across industries, from marketplace merchant fraud to fintech application fraud. According to the FTC, business identity theft has reached unprecedented levels, … More →

The post Persona combats fraud during business onboarding appeared first on Help Net Security.

Socure launches Identity Manipulation Risk Score

Socure launched Identity Manipulation Risk Score, a cross-industry predictive risk score designed to stop repeat first-party fraud abusers from exploiting the digital economy at scale. This AI-powered capability is embedded within Sigma First-Party Fraud, Socure’s innovative solution that leverages the largest cross-industry first-party fraud consortium to perform real-time analysis of dispute histories, payment denials, and account closures across millions of identities and billions of transactions. Socure’s first-party fraud consortium spans major financial institutions, fintechs, payment … More →

The post Socure launches Identity Manipulation Risk Score appeared first on Help Net Security.

Riskified Adaptive Checkout mitigates fraud for ecommerce merchants

Riskified launched Adaptive Checkout, a solution designed to drive higher conversion rates by not falsely declining good orders while also mitigating fraud for ecommerce merchants. This configuration of Riskified’s Chargeback Guarantee product enhances existing fraud prevention models by incorporating a powerful new conversion optimization engine. This engine intelligently adapts the checkout process to the risk level of each transaction, ensuring more legitimate transactions are approved while reducing fraud. Traditional fraud prevention systems rely on nested … More →

The post Riskified Adaptive Checkout mitigates fraud for ecommerce merchants appeared first on Help Net Security.

How to prevent data leakage in collaboration tools like Slack and Teams

In recent years, collaboration tools have become an absolute necessity for remote and hybrid work. This primarily increased during the COVID-19 pandemic due to the impossibility of communicating in person. So, tools like Slack, Microsoft Teams, and Zoom surged in popularity, enabling employees to stay connected despite physical distances. But this sudden transition to online communication opened up many questions related to security because the vast majority of employees were accessing sensitive information from home … More →

The post How to prevent data leakage in collaboration tools like Slack and Teams appeared first on Help Net Security.

The CISO’s bookshelf: 10 must-reads for security leaders

Discover essential reads for CISOs in this curated list of books covering cybersecurity leadership, risk management, zero trust, board communication, and more. Why CISOs Fail, 2nd Edition Author: Barak Engel Barak Engel expands on the ideas from his original 2017 book, offering a fresh perspective on why security leaders struggle to make a lasting impact. With a central thesis that security is more about human behavior than technology, Engel challenges traditional views of cybersecurity management. … More →

The post The CISO’s bookshelf: 10 must-reads for security leaders appeared first on Help Net Security.

Fake job offers target software developers with infostealers

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers

No, you’re not fired – but beware of job termination scams

Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff

Katharine Hayhoe: The most important climate equation | Starmus highlights

The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action

DeceptiveDevelopment targets freelance developers

ESET researchers analyzed a campaign delivering malware bundled with job interview challenges

Gaming or gambling? Lifting the lid on in-game loot boxes

The virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down

What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)

Ever wondered what it's like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.

Neil Lawrence: What makes us unique in the age of AI | Starmus highlights

As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human?

How AI-driven identify fraud is causing havoc

Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here's how to fight back

Patch or perish: How organizations can master vulnerability management

Don’t wait for a costly breach to provide a painful reminder of the importance of timely software patching

How scammers are exploiting DeepSeek's rise

As is their wont, cybercriminals waste no time launching attacks that aim to cash in on the frenzy around the latest big thing – plus, what else to know before using DeepSeek

This month in security with Tony Anscombe – January 2025 edition

DeepSeek’s bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacy

Untrustworthy AI: How to deal with data poisoning

You should think twice before trusting your AI assistant, as database poisoning can markedly alter its output – even dangerously so

Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights

Left unchecked, AI's energy and carbon footprint could become a significant concern. Can our AI systems be far less energy-hungry without sacrificing performance?

Brian Greene: Until the end of time | Starmus highlights

The renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanity

Going (for) broke: 6 common online betting scams and how to avoid them

Don’t roll the dice on your online safety – watch out for bogus sports betting apps and other traps commonly set by scammers

The evolving landscape of data privacy: Key trends to shape 2025

Incoming laws, combined with broader developments on the threat landscape, will create further complexity and urgency for security and compliance teams

Under lock and key: Protecting corporate data from cyberthreats in 2025

Data breaches can cause a loss of revenue and market value as a result of diminished customer trust and reputational damage

UEFI Secure Boot: Not so secure

ESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems

PlushDaemon compromises supply chain of Korean VPN service

ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344

The story of a signed UEFI application allowing a UEFI Secure Boot bypass

Cybersecurity and AI: What does 2025 have in store?

In the hands of malicious actors, AI tools can enhance the scale and severity of all manner of scams, disinformation campaigns and other threats

Protecting children online: Where Florida’s new law falls short

Some of the state’s new child safety law can be easily circumvented. Should it have gone further?

Crypto is soaring, but so are threats: Here’s how to keep your wallet safe

As detections of cryptostealers surge across Windows, Android and macOS, it's time for a refresher on how to keep your bitcoin or other crypto safe

State-aligned actors are increasingly deploying ransomware – and that’s bad news for everyone

The blurring of lines between cybercrime and state-sponsored attacks underscores the increasingly fluid and multifaceted nature of today’s cyberthreats

AI moves to your PC with its own special hardware

Seeking to keep sensitive data private and accelerate AI workloads? Look no further than AI PCs powered by Intel Core Ultra processors with a built-in NPU.

Gary Marcus: Taming Silicon Valley | Starmus highlights

The prominent AI researcher explores the societal impact of artificial intelligence and outlines his vision for a future in which AI upholds human rights, dignity, and fairness

This month in security with Tony Anscombe – December 2024 edition

From attacks leveraging new new zero-day exploits to a major law enforcement crackdown, December 2024 was packed with impactful cybersecurity news

Chris Hadfield: The sky is falling – what to do about space junk? | Starmus highlights

The first Canadian to walk in space dives deep into the origins of space debris, how it’s become a growing problem, and how we can clean up the orbital mess

Unwrapping Christmas scams | Unlocked 403 cybersecurity podcast (special edition)

ESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud

ESET Research Podcast: Telekopye, again

Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths'

ESET Threat Report H2 2024: Key findings

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for staying secure in 2025

Cybersecurity is never out-of-office: Protecting your business anytime, anywhere

While you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of year

Black Hat Europe 2024: Hacking a car – or rather, its infotainment system

Our ‘computers on wheels’ are more connected than ever, but the features that enhance our convenience often come with privacy risks in tow

Black Hat Europe 2024: Why a CVSS score of 7.5 may be a 'perfect' 10 in your organization

Aggregate vulnerability scores don’t tell the whole story – the relationship between a flaw’s public severity rating and the specific risks it poses for your company is more complex than it seems

Black Hat Europe 2024: Can AI systems be socially engineered?

Could attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally?

ESET Threat Report H2 2024

A view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

How cyber-secure is your business? | Unlocked 403 cybersecurity podcast (ep. 8)

As cybersecurity is a make-or-break proposition for businesses of all sizes, can your organization's security strategy keep pace with today’s rapidly evolving threats?

Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks

Buying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost

Philip Torr: AI to the people | Starmus highlights

We’re on the cusp of a technological revolution that is poised to transform our lives – and we hold the power to shape its impact

Month in security with Tony Anscombe – November 2024 edition

Zero days under attack, a new advisory from 'Five Eyes', thousands of ICS units left exposed, and mandatory MFA for all – it's a wrap on another month filled with impactful cybersecurity news

Achieving cybersecurity compliance in 5 steps

Cybersecurity compliance may feel overwhelming, but a few clear steps can make it manageable and ensure your business stays on the right side of regulatory requirements

Bootkitty marks a new chapter in the evolution of UEFI threats

ESET researchers make a discovery that signals a shift on the UEFI threat landscape and underscores the need for vigilance against future threats

Richard Marko: Rethinking cybersecurity in the age of global challenges | Starmus highlights

ESET's CEO unpacks the complexities of cybersecurity in today’s hyper-connected world and highlights the power of innovation in stopping digital threats in their tracks

Firefox and Windows zero days chained to deliver the RomCom backdoor

The backdoor can execute commands and lets attackers download additional modules onto the victim’s machine, ESET research finds

Scams to look out for this holiday season

‘Tis the season to be wary – be on your guard and don’t let fraud ruin your shopping spree

Bootkitty: Analyzing the first UEFI bootkit for Linux

ESET researchers analyze the first UEFI bootkit designed for Linux systems

RomCom exploits Firefox and Windows zero days in the wild

ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit

Kathryn Thornton: Correcting Hubble's vision | Starmus highlights

The veteran of four space missions discusses challenges faced by the Hubble Space Telescope and how human ingenuity and teamwork made Hubble’s success possible

My information was stolen. Now what?

The slow and painful recovery process

ESET APT Activity Report Q2 2024–Q3 2024: Key findings

ESET Chief Security Evangelist Tony Anscombe highlights some of the most intriguing insights revealed in the latest ESET APT Activity Report

What is “Scam Likely”? Putting the phone down on unwanted calls

Tired of dodging all those 'Scam Likely' calls? Here's what’s behind the label and how to stay one step ahead of phone scammers.

Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine

ESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, and to Project Wood

ESET Research Podcast: Gamaredon

ESET researchers introduce the Gamaredon APT group, detailing its typical modus operandi, unique victim profile, vast collection of tools and social engineering tactics, and even its estimated geolocation

Beats by bot: The AI remix revolution

Artificial intelligence is reshaping the music landscape, turning listeners into creators and sparking new debates over creativity, copyright, and the future of music

Beyond the checkbox: Demystifying cybersecurity compliance

In an era of escalating digital threats, cybersecurity compliance goes beyond ticking a legal box – it’s a crucial shield safeguarding assets, reputation, and the very survival of your business

Jane Goodall: Reasons for hope | Starmus highlights

The trailblazing scientist shares her reasons for hope in the fight against climate change and how we can tackle seemingly impossible problems and keep going in the face of adversity

Life on a crooked RedLine: Analyzing the infamous infostealer’s backend

Following the takedown of RedLine Stealer by international authorities, ESET researchers are publicly releasing their research into the infostealer’s backend modules

ESET APT Activity Report Q2 2024–Q3 2024

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2024 and Q3 2024

Month in security with Tony Anscombe – October 2024 edition

Election interference, American Water and the Internet Archive breaches, new cybersecurity laws, and more – October saw no shortage of impactful cybersecurity news stories

How to remove your personal information from Google Search results

Have you ever googled yourself? Were you happy with what came up? If not, consider requesting the removal of your personal information from search results.

Tony Fadell: Innovating to save our planet | Starmus highlights

As methane emissions come under heightened global scrutiny, learn how a state-of-the-art satellite can pinpoint their sources and deliver the insights needed for targeted mitigation efforts

ESET Research Podcast: CosmicBeetle

Learn how a rather clumsy cybercrime group wielding buggy malicious tools managed to compromise a number of SMBs in various parts of the world

Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe

The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year

CloudScout: Evasive Panda scouting cloud services

ESET researchers discovered a previously undocumented toolset used by Evasive Panda to access and retrieve data from cloud services

Don't become a statistic: Tips to help keep your personal data off the dark web

You may not always stop your personal information from ending up in the internet’s dark recesses, but you can take steps to protect yourself from criminals looking to exploit it

Google Voice scams: What are they and how do I avoid them?

Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers

Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)

“Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online – and even be the start of a predatory relationship

Embargo ransomware: Rock’n’Rust

Novice ransomware group Embargo is testing and deploying a new Rust-based toolkit

GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe

ESET research dives deep into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities

Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes

Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details

Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships

The world needs more cybersecurity professionals – here are three great ways to give you an ‘in’ to the ever-growing and rewarding security industry

Cyber insurance, human risk, and the potential for cyber-ratings

Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people’s financial responsibility?

The complexities of attack attribution – Week in security with Tony Anscombe

Attributing a cyberattack to a specific threat actor is a complex affair, as evidenced by new ESET research published this week

Telekopye transitions to targeting tourists via hotel booking scam

ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms

Mind the (air) gap: GoldenJackal gooses government guardrails

ESET Research analyzed two separate toolsets for breaching air-gapped systems, used by a cyberespionage threat actor known as GoldenJackal

Why system resilience should mainly be the job of the OS, not just third-party applications

Building efficient recovery options will drive ecosystem resilience

Separating the bee from the panda: CeranaKeeper making a beeline for Thailand

ESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast Asia

Gamaredon's operations under the microscope – Week in security with Tony Anscombe

ESET research examines the group's malicious wares as used to spy on targets in Ukraine in the past two years

Cybersecurity Awareness Month needs a radical overhaul – it needs legislation

Despite their benefits, awareness campaigns alone are not enough to encourage widespread adoption of cybersecurity best practices

Don’t panic and other tips for staying safe from scareware

Keep your cool, arm yourself with the right knowledge, and other tips for staying unshaken by fraudsters’ scare tactics

FBI, CISA warning over false claims of hacked voter data – Week in security with Tony Anscombe

With just weeks to go before the US presidential election, the FBI and the CISA are warning about attempts to sow distrust in the electoral process

Time to engage: How parents can help keep their children safe on Snapchat

Here’s what parents should know about Snapchat and why you should take some time to ensure your children can stay safe when using the app

Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6)

How do analyst relations professionals sort through the noise to help deliver the not-so-secret sauce for a company's success? We spoke with ESET's expert to find out.

Understanding cyber-incident disclosure

Proper disclosure of a cyber-incident can help shield your business from further financial and reputational damage, and cyber-insurers can step in to help

CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe

ESET researchers also find that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends

Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023

ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine

ESET Research Podcast: EvilVideo

ESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos

AI security bubble already springing leaks

Artificial intelligence is just a spoke in the wheel of security – an important spoke but, alas, only one

6 common Geek Squad scams and how to defend against them

Learn about the main tactics used by scammers impersonating Best Buy’s tech support arm and how to avoid falling for their tricks

Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe

The schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scams

ESET Research Podcast: HotPage

ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver

CosmicBeetle steps up: Probation period at RansomHub

CosmicBeetle, after improving its own ransomware, tries its luck as a RansomHub affiliate

Stealing cash using NFC relay – Week in Security with Tony Anscombe

The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become

In plain sight: Malicious ads hiding in search results

Sometimes there’s more than just an enticing product offer hiding behind an ad

The key considerations for cyber insurance: A pragmatic approach

Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options

Analysis of two arbitrary code execution vulnerabilities affecting WPS Office

Demystifying CVE-2024-7262 and CVE-2024-7263

PWA phishing on Android and iOS – Week in security with Tony Anscombe

Phishing using PWAs? ESET Research's latest discovery might just ruin some users' assumptions about their preferred platform's security

Old devices, new dangers: The risks of unsupported IoT tech

In the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors

Exploring Android threats and ways to mitigate them | Unlocked 403 cybersecurity podcast (ep. 5)

The world of Android threats is quite vast and intriguing. In this episode, Becks and Lukáš demonstrate how easy it is to take over your phone, with some added tips on how to stay secure

How regulatory standards and cyber insurance inform each other

Should the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with

How to Build a Robust Cloud Security Strategy: Key Solutions and Tips

As businesses continue to shift their operations to the cloud, ensuring robust cloud security has never been more critical. While the cloud offers flexibility, scalability, and cost-effectiveness, it also introduces a host of new security challenges. Cloud security strategies must be adaptable, comprehensive, and proactive, especially in a constantly evolving cyber threat environment. In this […]

The post How to Build a Robust Cloud Security Strategy: Key Solutions and Tips first appeared on StrongBox IT.

The post How to Build a Robust Cloud Security Strategy: Key Solutions and Tips appeared first on Security Boulevard.

What is DNS Hijacking: Detection, Prevention, and Mitigation

Discover how DNS hijacking works, explore real-world examples and discover effective ways to detect, prevent, and fix DNS hijacking with actionable strategies.

The post What is DNS Hijacking: Detection, Prevention, and Mitigation appeared first on Security Boulevard.

Indictments of Chinese Cyber Spies Reveal Hacker-For-Hire Operation

The U.S. DOJ indicted a dozen Chinese nationals for their role in a years-long hacker-for-hire campaign that included the Chinese government using private companies and freelance hackers to steal data from U.S. and other governments while obscuring its role in the attacks.

The post Indictments of Chinese Cyber Spies Reveal Hacker-For-Hire Operation appeared first on Security Boulevard.

Unified Intelligence vs. Agent Sprawl: Rethinking AI-Powered Security Operations

Agentic AI excels when APIs are impractical, but enterprise SOCs usually have robust APIs. Learn why unified solutions like Morpheus AI outperform agentic approaches.

The post Unified Intelligence vs. Agent Sprawl: Rethinking AI-Powered Security Operations appeared first on D3 Security.

The post Unified Intelligence vs. Agent Sprawl: Rethinking AI-Powered Security Operations appeared first on Security Boulevard.

How can NHIs be incorporated into our overall security strategy?

Do Non-Human Identities Play a Significant Role in Our Security Strategy? Indeed, they do. Non-Human Identities (NHIs) are becoming increasingly crucial in the security scenario and their importance in corporate IT ecosystems can’t be overstressed. Incorporating them into your overall cybersecurity strategy has proven to help organizations fortify their infrastructure against potential threats and vulnerabilities, […]

The post How can NHIs be incorporated into our overall security strategy? appeared first on Entro.

The post How can NHIs be incorporated into our overall security strategy? appeared first on Security Boulevard.

What role do NHIs play in our organization’s security posture?

What Essential Role Do Non-Human Identities (NHIs) Play in Our Organization’s Security Posture? When our world increasingly moves towards digitalization, one quite critical question that could be floating around your mind is, “What is the significance of NHIs in enhancing our security posture?” The answer to this question lies deeply rooted in understanding NHIs and […]

The post What role do NHIs play in our organization’s security posture? appeared first on Entro.

The post What role do NHIs play in our organization’s security posture? appeared first on Security Boulevard.

How can I align NHI management with our digital transformation initiatives?

Why is Non-Human Identities Management Critical for Digital Transformation? Have you ever considered the sheer quantity of non-human identities (NHIs) that exist within your corporate network? These NHIs, also known as machine identities, play an integral role but are often overlooked. When organizations increasingly leverage cloud-based solutions in their digital transformation journey, the successful management […]

The post How can I align NHI management with our digital transformation initiatives? appeared first on Entro.

The post How can I align NHI management with our digital transformation initiatives? appeared first on Security Boulevard.

What are the key security controls for NHIs at the executive level?

Why Should CISOs Consider Non-Human Identities Security Controls? Did you know NHIs represent a significant portion of all entities in a typical network environment? A lack of robust Non-Human Identities (NHIs) security controls can pose significant threats to data integrity and system security in any organization. You must be wondering – What are the key […]

The post What are the key security controls for NHIs at the executive level? appeared first on Entro.

The post What are the key security controls for NHIs at the executive level? appeared first on Security Boulevard.

What Is Data Leak Prevention? Benefits and Best Practices

Today’s organizations work with incredible quantities of data. From corporate trade secrets to customers’ and employees’ personal information, much of this data is not fit for public consumption. But with growing volumes and complex IT environments, the potential for leakage is immense.

The post What Is Data Leak Prevention? Benefits and Best Practices appeared first on Security Boulevard.

What Is an Identity Provider (IdP) and How Does It Work?

Managing online accounts shouldn’t feel like a chore. But when so many websites and systems require credentials, it’s hard to keep track.

The post What Is an Identity Provider (IdP) and How Does It Work? appeared first on Security Boulevard.

Microsoft: North Korean hackers join Qilin ransomware gang

Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of attacks. [...]

Microsoft says malvertising campaign impacted 1 million PCs

​Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. [...]

Ransomware gang encrypted network from a webcam to bypass EDR

The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. [...]

US seizes domain of Garantex crypto exchange used by ransomware gangs

The U.S. Secret Service has seized the domain of the sanctioned Russian cryptocurrency exchange Garantex in collaboration with the Department of Justice's Criminal Division, the FBI, and Europol. [...]

Cybercrime 'crew' stole $635,000 in Taylor Swift concert tickets

New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online. [...]

Ethereum private key stealer on PyPI downloaded over 1,000 times

A malicious Python Package Index (PyPI)  package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain. [...]

Microsoft 365 apps will prompt users to back up files in OneDrive

Starting mid-March 2025, Microsoft will start prompting users of its Microsoft 365 apps for Windows to back up their files to OneDrive. [...]

Over 37,000 VMware ESXi servers vulnerable to ongoing attacks

Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. [...]

Free vCISO Course: Turning MSPs and MSSPs into Cybersecurity Powerhouses

The vCISO Academy is a free learning platform to equip service providers with training needed to build and expand their vCISO offerings. Learn more from Cynomi on how the Academy helps you launch or expand your vCISO services. [...]

Malicious Chrome extensions can spoof password managers in new attack

A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into other browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. [...]

Open-source tool 'Rayhunter' helps users detect Stingray attacks

The Electronic Frontier Foundation (EFF) has released a free, open-source tool named Rayhunter that is designed to detect cell-site simulators (CSS), also known as IMSI catchers or Stingrays. [...]

Silk Typhoon hackers now target IT supply chains to breach networks

Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. [...]

FBI says scammers are targeting US executives with fake BianLian ransom notes

The FBI is warning that scammers are impersonating the BianLian ransomware gang using fake ransom notes sent to U.S. corporate executives. The fake ransom notes, first reported by U.S. cybersecurity company GuidePoint Security, claim that hackers have gained access to an organization’s network to steal sensitive data, and threaten to publish the stolen data unless […]

© 2024 TechCrunch. All rights reserved. For personal use only.

UK quietly scrubs encryption advice from government websites

The UK is no longer recommending the use of encryption for at-risk groups following its iCloud backdoor demands

© 2024 TechCrunch. All rights reserved. For personal use only.

Broadcom urges VMware customers to patch ‘emergency’ zero-day bugs under active exploitation

Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape

© 2024 TechCrunch. All rights reserved. For personal use only.

US said to halt offensive cyber operations against Russia

The reported policy shift comes as the U.S. government signals a change in its threat assessment of Russia

© 2024 TechCrunch. All rights reserved. For personal use only.

‘Uber for guns’ app Protector lets you hire armed bodyguards like you would an Uber — but does anyone need this?

In a TikTok video with over 3 million views, a woman in a fluffy, maximalist coat sits in the back seat of a luxury SUV, parked in the middle of a New York City street. Atop the 6-second video, a line of text reads, “our bodyguards got us matcha.” The camera zooms in on two […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Belgium investigating alleged cyberattack on intelligence agency by China-linked hackers

The hackers reportedly exploited a flaw in US cybersecurity firm Barracuda’s software to access VSSE's email server

© 2024 TechCrunch. All rights reserved. For personal use only.

Archipelo comes out of stealth with $12M funding to secure human and AI-driven code

When it comes to AI software, you can build something clever, but that’s not always the same as building something that is secure. With so much software now getting written by AI, having a window into its security can be a challenge. That’s the premise of Archipelo, a San Francisco-based cybersecurity startup that is today […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Hackers publish sensitive patient data allegedly stolen from Australian IVF provider Genea

Genea gets a court injunction after ransomware gang Termite claims to have leaked patient information

© 2024 TechCrunch. All rights reserved. For personal use only.

Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot

Data exposed even briefly can live on in generative AI chatbots long after the data is made private.

© 2024 TechCrunch. All rights reserved. For personal use only.

US employee screening giant DISA says hackers accessed data of more than 3M people

The Texas-based company said hackers accessed applicants’ SSNs and financial information

© 2024 TechCrunch. All rights reserved. For personal use only.

Australia bans government use of Kaspersky software due to ‘unacceptable security risk’

The Australian government followed the U.S., Canada, and the United Kingdom in taking action against the Russian cybersecurity giant

© 2024 TechCrunch. All rights reserved. For personal use only.

A huge trove of leaked Black Basta chat logs expose the ransomware gang’s key members and victims

A leaker allegedly published the leaked internal messages after the group allegedly targeted Russian banks

© 2024 TechCrunch. All rights reserved. For personal use only.

UK healthcare giant HCRG confirms hack after ransomware gang claims theft of sensitive data

The prolific Medusa ransomware group claims to have stolen troves of data from HCRG, including patients’ sensitive health data

© 2024 TechCrunch. All rights reserved. For personal use only.

Australian IVF giant Genea confirms hackers ‘accessed data’ during cyberattack

The company said an "unauthorized third party" accessed Genea data, but won’t say if sensitive health information was stolen

© 2024 TechCrunch. All rights reserved. For personal use only.

Palo Alto Networks warns of another firewall vulnerability under attack by hackers

The US cybersecurity giant says hackers are exploiting the high-severity flaw to break into unpatched customer networks.

© 2024 TechCrunch. All rights reserved. For personal use only.

VC giant Insight Partners confirms January cyberattack

The VC firm has $90 billion in assets under management and invested in several unicorn cybersecurity startups

© 2024 TechCrunch. All rights reserved. For personal use only.

Sophos lays off 6% of workforce following Secureworks acquisition

The layoffs come soon after Sophos completed its $859 million acquisition of Secureworks.

© 2024 TechCrunch. All rights reserved. For personal use only.

CISA election security officials placed on leave, DHS confirms

A senior DHS official confirmed CISA employees involved in election security were put on leave.

© 2024 TechCrunch. All rights reserved. For personal use only.

Authorities arrest four suspected 8base ransomware operators in global takedown

The Russian nationals are accused of launching more than 1,000 ransomware attacks worldwide to steal $16 million

© 2024 TechCrunch. All rights reserved. For personal use only.

Global police operation seizes 8base ransomware gang leak site

The U.S. government previously said 8base indiscriminately targeted multiple sectors across the United States, including healthcare

© 2024 TechCrunch. All rights reserved. For personal use only.

KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

KoDDoS recently strengthened its commitment to the European tech scene by participating in several major events in France. Our team was honored to be invited to key gatherings in the tech industry, highlighting the importance of innovation and cybersecurity in the evolving digital ecosystem. This strategic tour in Paris allowed us to meet top-tier partners, … Continue reading KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

The post KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris. appeared first on KoDDoS Blog.

KoDDos Will be at CyberShow 2025 in Paris!

The post KoDDos Will be at CyberShow 2025 in Paris! appeared first on KoDDoS Blog.

Technological innovation in the heart of Los Angeles at the CES 2025 🚀

🚀 Cutting-Edge Services KoDDoS has established itself as a key player in the field of high-performance hosting. Specializing in anti-DDoS protection, we ensure unmatched service continuity for our clients in the face of growing threats targeting digital infrastructures. We also invest in groundbreaking technologies, including Web3, blockchain, and the Internet of Things (IoT), providing tailored … Continue reading Technological innovation in the heart of Los Angeles at the CES 2025 🚀

The post Technological innovation in the heart of Los Angeles at the CES 2025 🚀 appeared first on KoDDoS Blog.

Recruitment Announcement: B2B Sales Representatives and Business Introducers

To meet growing demand and accelerate our growth, we are launching a new sales team. Weare looking for talented, ambitious, and motivated B2B sales representatives and businessintroducers who share our vision of a safer and more resilient internet. Job Profile:Position: B2B Sales Representatives and Business IntroducersAs a key member of our Sales Team, you will … Continue reading Recruitment Announcement: B2B Sales Representatives and Business Introducers

The post Recruitment Announcement: B2B Sales Representatives and Business Introducers appeared first on KoDDoS Blog.

⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃

The countdown has begun! There are only 3 days left to take advantage of our Halloween special and enjoy 10% off on all our hosting and DDoS protection services. Don’t miss this limited-time offer to secure your website with KoDDoS’s high-performance solutions at a great price! 🎃 Promo Code: HALLOWEEN2024 🎃 Use code HALLOWEEN2024 at … Continue reading ⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃

The post ⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃 appeared first on KoDDoS Blog.

Understanding and Preventing DDoS Attacks with KoDDoS

Distributed Denial of Service (DDoS) attacks represent one of the most formidable threats to modern businesses and organizations whose information systems are connected to the internet. These attacks aim to render a service unavailable by overwhelming the target server’s resources with a massive volume of malicious traffic from multiple sources. In the face of this … Continue reading Understanding and Preventing DDoS Attacks with KoDDoS

The post Understanding and Preventing DDoS Attacks with KoDDoS appeared first on KoDDoS Blog.

Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃

Halloween is just around the corner, and at KoDDoS, we’re celebrating this spooky season with an exclusive offer that will make you smile! To mark the occasion, we’re giving you 10% off all our hosting and DDoS protection services. Whether you’re launching a new project or looking to enhance the security of your existing site, … Continue reading Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃

The post Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃 appeared first on KoDDoS Blog.

Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃

🎃 Exclusive Halloween Promo – 10% Off on All Services From October 18, 2024, to October 31, 2024, enjoy our limited-time Halloween offer with the promo code: 👉 HALLOWEEN2024 👈 Simply apply this code at checkout to receive your discount. Whether you’re a small business owner, a content creator, or managing a large e-commerce platform, … Continue reading Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃

The post Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃 appeared first on KoDDoS Blog.

Discover the Benefits of KoDDoS and Its New Infrastructures in Japan and Sweden

Secure Hosting to Support Your Business KoDDoS, your expert in secure hosting and DDoS protection, continues to innovate by providing its customers with the best hosting solutions worldwide. We are proud to announce the deployment of new ultra-efficient infrastructures in Japan and Sweden. With this strategic expansion, KoDDoS not only strengthens its global reach but … Continue reading Discover the Benefits of KoDDoS and Its New Infrastructures in Japan and Sweden

The post Discover the Benefits of KoDDoS and Its New Infrastructures in Japan and Sweden appeared first on KoDDoS Blog.

The Return of the Internet Archive After a Cyberattack: The Challenge of Cybersecurity

“The Internet Archive, renowned for its vast digital library and its web preservation tool, the Wayback Machine, recently fell victim to a major cyberattack that disrupted its services. On October 9, a combined attack involving a data breach and a distributed denial-of-service (DDoS) attack took the site offline. This incident also led to the theft … Continue reading The Return of the Internet Archive After a Cyberattack: The Challenge of Cybersecurity

The post The Return of the Internet Archive After a Cyberattack: The Challenge of Cybersecurity appeared first on KoDDoS Blog.

Cactus Ransomware: What You Need To Know

What is the Cactus ransomware? Cactus is a ransomware-as-a-service (RaaS) group that encrypts victim's data and demands a ransom for a decryption key. Hundreds of organisations have found themselves the victim of Cactus since it was first discovered in March 2023, with their stolen data published on the dark web as an "incentive" to give in to the extortionists' demands. So far, so sadly normal. What makes Cactus different? Cactus made a name for itself by exploiting vulnerabilities in VPN appliances to gain access to corporate networks and encrypting its own code in an attempt to avoid...

Tripwire Patch Priority Index for February 2025

Tripwire's February 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. Up first on the list are patches for Microsoft Edge (Chromium-based) that resolve 4 remote code execution and 2 spoofing vulnerabilities. Next on the list are patches for Microsoft Office and Excel. These patches resolve 8 issues such as remote code execution and information disclosure vulnerabilities. Next are patches that affect components of the core Windows operating system. These patches resolve over 30 vulnerabilities, including elevation of privilege, information disclosure, and...

Understanding the Abu Dhabi Healthcare Information and Cyber Security Standard

Abu Dhabi is boosting its healthcare system with the introduction of the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS). This initiative, driven by the Department of Health—Abu Dhabi (DoH)—has been put in place to protect sensitive healthcare data, improve cybersecurity resilience, and keep healthcare services running smoothly. At a time when cyber threats are skyrocketing in frequency and sophistication, this new standard is a giant step toward protecting healthcare entities and citizens in the emirate. The Key Features of the ADHICS ADHICS is a comprehensive framework...

ICS Environments and Patch Management: What to Do If You Can’t Patch

The evolution of the cyber threat landscape highlights the need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Criminals often exploit known unpatched vulnerabilities to penetrate Industrial Control Systems (ICS) environments and disrupt critical operations. Although patch management seems like the obvious answer to this problem, it is easier said than done in ICS settings. CIA Triad: IT vs. OT Although patching is a fundamental security practice in both the IT and the OT (Operational Technology) worlds...

Enhancing Security Monitoring with Tripwire's Change Audit: New Rules for Firewalls, WFP, and Microsoft Store Applications

What is it? The Tripwire Enterprise Change Audit rules provide customers with the ability to monitor for change events that could have an impact on a system. Monitoring for change events can help administrators identify malicious and/or unexpected changes within their environment. Changes to CA Additional rules were added to the Change Audit rule set. These rules provide customers the ability to monitor for changes to the firewall, Windows Filtering Platform, and Microsoft Store. Firewall Firewalls monitor network traffic and use rules to block or allow traffic. Allowing services that are not...

What is SaaS Security Posture Management (SSPM)?

Over 80% of businesses use at least one Software-as-a-Service (SaaS) application in their operations, per a report by SaaS Academy. It’s easy to see why SaaS applications are the fulcrum of many businesses today. From collaboration tools to CRMs, SaaS platforms enable flexibility, scalability, and operational efficiency. However, this convenience also comes with several security risks. According to a report by Gartner, “99% of cloud security failures will be the customer's fault”. Two factors that contribute to this are misconfigurations and overlooked vulnerabilities. As SaaS adoption...

Agentic AI: Redefining the Future of Autonomy in Business

The evolution of artificial intelligence (AI) agents signals a profound transformation in how businesses operate. Unlike traditional AI models that process and respond to queries, Google defines that “Agents are autonomous and can act independently of human intervention.” At the same time, the World Economic Forum explains that an agent is “an entity that perceives its environment through sensors and acts on it through effectors.” AI agents have evolved from rule-based systems to advanced models capable of complex decision-making and independent operation, set to redefine industries. The shift...

Are Your VM Scans Testing the Entirety of the Network?

Many organizations have a vulnerability management (VM) problem without knowing it. Vulnerability management is a crucial component of any organization’s cybersecurity program and is required by most major compliance standards because of its sink-or-swim impact on network security. One of the biggest issues in VM is that organizations aren’t testing the entirety of their networks. Could yours be among them? We already know vulnerability exploitation is on the rise, with a nearly threefold increase from 2023 to 2024 according to the latest Verizon Data Breach Investigations Report. Luckily...

Beware of Fake Cybersecurity Audits: Cybercriminals Use Scams to Breach Corporate Systems

Companies are being warned that malicious hackers are using a novel technique to break into businesses - by pretending to offer audits of the company's cybersecurity. With ransomware and other cybersecurity threats high in the mind of many business owners, it is all too easy to imagine how many companies might react positively to an invitation to have the security of their networks tested. But computer crime fighters in Belgium and Ukraine have warned that your business could be falling for a scam if it is duped into granting access to someone with malicious intent. Safeonweb, an initiative...

CIS Controls Version 8.1: What you need to know

The latest version of the CIS Controls was released in June 2024. The new version, 8.1, introduces some minor updates via design principles. Context New asset classes are updated to better match the specific parts of an enterprise’s infrastructure that each Safeguard applies to. New classes require new definitions, so CIS has also enhanced the descriptions of several Safeguards for greater detail, practicality, and clarity. Coexistence CIS Controls has always maintained alignment with evolving industry standards and frameworks and will continue to do so. This assists all users of the Controls...

Multiple Jenkins Vulnerabilities Allow Attackers to Expose Secrets

Jenkins, the widely-used open-source automation server, issued a high-priority security advisory on March 5, 2025, disclosing four medium-severity vulnerabilities affecting its core platform. The flaws—tracked as CVE-2025-27622 through CVE-2025-27625—impact secrets management, cross-site request forgery (CSRF) protections, and URL validation. Immediate upgrades to Jenkins 2.500 (weekly) or 2.492.2 (LTS) are recommended to mitigate risks. Exposure of […]

The post Multiple Jenkins Vulnerabilities Allow Attackers to Expose Secrets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

YouTube Alerts Creators About Phishing Emails Targeting Login Credentials

YouTube has issued a critical security advisory following a widespread phishing campaign exploiting private video sharing to distribute AI-generated deepfakes of CEO Neal Mohan. The fraudulent videos falsely claim changes to the platform’s monetization policies, urging creators to click malicious links. This sophisticated attack vector combines social engineering tactics with advanced generative AI tools, targeting […]

The post YouTube Alerts Creators About Phishing Emails Targeting Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers Jailbreak 17 Popular LLM Models to Reveal Sensitive Data

In a recent study published by Palo Alto Networks’ Threat Research Center, researchers successfully jailbroke 17 popular generative AI (GenAI) web products, exposing vulnerabilities in their safety measures. The investigation aimed to assess the effectiveness of jailbreaking techniques in bypassing the guardrails of large language models (LLMs), which are designed to prevent the generation of […]

The post Researchers Jailbreak 17 Popular LLM Models to Reveal Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Phantom Goblin Uses Social Engineering Tactics to Deploy Stealer Malware

A sophisticated malware operation, dubbed “Phantom Goblin,” has been identified by cybersecurity researchers, highlighting the increasing use of social engineering tactics to deploy information-stealing malware. This operation leverages deceptive techniques to trick users into executing malicious files, leading to unauthorized access and data theft. Malware Distribution and Execution The Phantom Goblin malware is distributed via […]

The post Phantom Goblin Uses Social Engineering Tactics to Deploy Stealer Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

GitHub Explains How Security Professionals Can Use Copilot for Log Analysis

GitHub Copilot, once a developer-centric tool, is now revolutionizing workflows across technical and non-technical roles. With features like Agent Mode, CLI integration, and Project Padawan, Copilot is emerging as a universal productivity enhancer. This article explores three key developments reshaping collaboration in 2025. 1. From Pair Programmer to Cross-Functional Assistant GitHub Copilot now extends beyond […]

The post GitHub Explains How Security Professionals Can Use Copilot for Log Analysis appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Introduces 365 E5 Security Add-On for Business Premium Customers

Microsoft has launched Microsoft 365 E5 Security as an add-on to its Business Premium suite, providing small and medium-sized businesses (SMBs) with advanced tools to combat escalating cyber threats. The offering integrates enterprise-grade security features at a 57% cost savings compared to standalone purchases, addressing evolving regulatory and cyber insurance demands1. Enhanced Identity Protection and […]

The post Microsoft Introduces 365 E5 Security Add-On for Business Premium Customers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

AMD Microcode Vulnerability Allows Attackers to Load Malicious Patches

A critical vulnerability in AMD’s Zen 1 through Zen 4 processors allows attackers to bypass microcode signature validation, potentially undermining hardware-based security mechanisms. The flaw stems from AMD’s use of AES-CMAC as a hash function during microcode patch verification – a design decision that enables collision attacks and forged RSA keys. Vulnerability Rooted in Cryptographic […]

The post AMD Microcode Vulnerability Allows Attackers to Load Malicious Patches appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Activating Incognito Mode in RDP to Erase All Traces

The Remote Desktop Protocol (RDP) is a widely used tool for remote access, but it often leaves behind traces of user activity, which can be a concern for privacy and security. Recently, the use of the “/public” command-line option in MSTSC, the RDP client, has gained attention for its ability to activate a “public mode,” […]

The post Activating Incognito Mode in RDP to Erase All Traces appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Medusa Ransomware Attacks Surge 42% with Advanced Tools & Tactics

Medusa ransomware attacks have seen a significant increase, rising by 42% between 2023 and 2024, with a further escalation in early 2025. This surge is attributed to the group Spearwing, which operates Medusa as a ransomware-as-a-service (RaaS) model. Spearwing and its affiliates are known for conducting double extortion attacks, where they steal data before encrypting […]

The post Medusa Ransomware Attacks Surge 42% with Advanced Tools & Tactics appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Peaklight Malware Targets Users to Steal Credentials, Browser History, and Financial Data

Peaklight malware has emerged as a significant threat, designed to steal sensitive information from compromised endpoints. This information stealer is often distributed through underground channels and is sometimes offered as a Malware-as-a-Service (MaaS), making it a continuously evolving and potent threat capable of bypassing conventional security measures. Peaklight’s primary goal is to exfiltrate sensitive data, […]

The post Peaklight Malware Targets Users to Steal Credentials, Browser History, and Financial Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Silk Typhoon shifted to specifically targeting IT management companies

The Chinese state-backed espionage group started targeting third-party IT services in late 2024, Microsoft researchers said.

The post Silk Typhoon shifted to specifically targeting IT management companies appeared first on CyberScoop.

US indicts 12 Chinese nationals for vast espionage attack spree

A flurry of unsealed indictments reveal China’s alleged well-coordinated effort to use a hacker-for-hire ecosystem to conduct espionage while obscuring the government’s direct involvement.

The post US indicts 12 Chinese nationals for vast espionage attack spree appeared first on CyberScoop.

Cybercriminals picked up the pace on attacks last year

Ransomware groups last year achieved lateral movement within an average of 48 minutes after gaining initial access to targeted environments, threat intelligence experts said.

The post Cybercriminals picked up the pace on attacks last year appeared first on CyberScoop.

Anorexia coaches, self-harm buddies and sexualized minors: How online communities are using AI chatbots for harmful behavior

Research from Graphika details how a range of online communities are creating AI personalities that can blur reality for lonely individuals, particularly teenagers.

The post Anorexia coaches, self-harm buddies and sexualized minors: How online communities are using AI chatbots for harmful behavior  appeared first on CyberScoop.

Chainguard’s FIPS-compliant Cassandra addresses security demand of federal and regulated markets

The new offering paves the way for orgs to use the widely popular open-source software with their highly sensitive data.

The post Chainguard’s FIPS-compliant Cassandra addresses security demand of federal and regulated markets appeared first on CyberScoop.

Former top NSA cyber official: Probationary firings ‘devastating’ to cyber, national security

Rob Joyce emphasized during a House hearing how important probationary employees are to NSA efforts to counter China and other threats in cyberspace.

The post Former top NSA cyber official: Probationary firings ‘devastating’ to cyber, national security appeared first on CyberScoop.

Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement

Competing agencies and districts are another hurdle for prosecutions, an investigator said in a recent speech.

The post Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement appeared first on CyberScoop.

Congress eyes bigger cyber role for NTIA amid telecom attacks

A pair of cyber-focused bills tied to the National Telecommunications and Information Administration advanced out of a House committee Tuesday.

The post Congress eyes bigger cyber role for NTIA amid telecom attacks appeared first on CyberScoop.

House passes bill requiring federal contractors to have vulnerability disclosure policies

The legislation to make contractors implement VDPs aligned with NIST guidelines is aimed at protecting Americans’ data, co-sponsor Rep. Nancy Mace says.

The post House passes bill requiring federal contractors to have vulnerability disclosure policies appeared first on CyberScoop.

Android security update contains 2 actively exploited vulnerabilities

Google’s monthly batch of security fixes addressed 43 vulnerabilities.

The post Android security update contains 2 actively exploited vulnerabilities appeared first on CyberScoop.

International law enforcement operation seized the domain of the Russian crypto exchange Garantex

The U.S. Secret Service and global law enforcement seized the domain of sanctioned Russian crypto exchange Garantex. An international law enforcement operation led by U.S. Secret Service seized the website (“garantex[.]org”) of the sanctioned Russian crypto exchange Garantex. In April 2022, the US Treasury Department sanctioned the virtual currency exchange. Garantex has been active since 2019, […]

Medusa Ransomware targeted over 40 organizations in 2025

Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024. The Symantec Threat Hunter Team reported that the Medusa ransomware operators have claimed nearly 400 victims since January 2023. Experts observed a 42% increase in attacks carried out by the group between 2023 and 2024. Experts […]

Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine

Qilin Ransomware group claims to have breached the Ministry of Foreign Affairs of Ukraine, marking a significant cybersecurity attack. The Russian-speaking Qilin Ransomware group claims responsibility for an attack on the Ministry of Foreign Affairs of Ukraine. The group stated that it stole sensitive data such as private correspondence, personal information, and official decrees. The […]

Elastic patches critical Kibana flaw allowing code execution

Elastic fixed a critical flaw in the Kibana data visualization dashboard software for Elasticsearch that could lead to arbitrary code execution. Elastic released security updates to address a critical vulnerability, tracked as CVE-2025-25012 (CVSS score of 9.9), impacting the Kibana data visualization dashboard software for Elasticsearch. Kibana provides visualization capabilities on top of the content indexed on an Elasticsearch cluster. Users can create bar, line […]

The U.S. DoJ charges 12 Chinese nationals for state-linked cyber operations

The U.S. Department of Justice (DoJ) charges 12 Chinese nationals for their alleged involvement in state-linked cyber operations. The U.S. DoJ charged 12 Chinese nationals, including PRC security officers, employees of the hacking firm i-Soon, and members of the APT27 group (aka Emissary Panda, TG-3390, Bronze Union, and Lucky Mouse), for data theft and suppressing dissent worldwide. “The Justice […]

Chinese Lotus Blossom APT targets multiple sectors with Sagerunex backdoor

China-linked Lotus Blossom APT targets governments and industries in Asian countries with new Sagerunex backdoor variants. Talos researchers linked China-backed Lotus Blossom APT (also known as Elise and Esile) to multiple campaigns targeting organizations in sectors such as government, manufacturing, telecommunications and media with the Sagerunex backdoor. The victims of the attacks are in the […]

China-linked APT Silk Typhoon targets IT Supply Chain

Microsoft warns that China-backed APT Silk Typhoon linked to US Treasury hack, is now targeting global IT supply chains, using IT firms to spy and move laterally. Microsoft reported that China-linked APT group Silk Typhoon has shifted tactics to target IT solutions like remote management tools and cloud apps for initial access. Silk Typhoon is […]

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 TB of stolen data. The Hunters International ransomware group claimed to have breached the Indian multinational technology company Tata Technologies, a Tata Motors subsidiary. The group claims the theft of 1.4 terabytes of data and is threatening to leak it. The […]

New Eleven11bot botnet infected +86K IoT devices

The Eleven11bot botnet has infected over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs). Researchers from Nokia Deepfield Emergency Response Team (ERT) discovered a new botnet named Eleven11bot that has already infected over 86,000 IoT devices. Most infected devices are security cameras and network video recorders (NVRs), which are used to launch […]

Polish Space Agency POLSA disconnected its network following a cyberattack

The Polish space agency POLSA announced it has disconnected its network from the internet following a cyberattack. The Polish space agency POLSA was forced to disconnect its network from the internet in response to a cyberattack. The agency revealed that it has disconnected its infrastructure to contain the attack and secure data, a circumstance that […]

KnowBe4 Wins Cybersecurity Company of the Year at the 2025 teissAwards

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today announced that it has been awarded first place in this year’s teissAwards Cybersecurity Company of the Year category for enterprise organisations. The teissAwards celebrate excellence in cyber and information security, recognising the outstanding contributions of vendors and technologies over the past year. Winning first place […]

The post KnowBe4 Wins Cybersecurity Company of the Year at the 2025 teissAwards appeared first on IT Security Guru.

SandboxAQ Joins UN AI Hub to Bolster Cybersecurity and Drive AI Innovation

SandboxAQ has joined the United Nations International Computing Centre (UNICC) as a founding member of its newly launched AI Hub, a global initiative designed to provide AI-driven solutions and expertise to more than 100 UN entities and international organisations. The UNICC, the UN system’s leading strategic partner for digital solutions and cybersecurity, has launched the […]

The post SandboxAQ Joins UN AI Hub to Bolster Cybersecurity and Drive AI Innovation appeared first on IT Security Guru.

Enhancing security with Microsoft’s expanded cloud logs

Nation-state-sponsored hacking stories are a big part of everyone’s favourite Hollywood movies — that is, until it becomes a real-life story of our own compromised personal or corporate sensitive data ending up on the dark web or in hackers’ hands. In real life, cyber espionage groups’ activities trigger stringent security enforcement. First in the government sector, then […]

The post Enhancing security with Microsoft’s expanded cloud logs appeared first on IT Security Guru.

Winners of Most Inspiring Women in Cyber Awards 2025 Revealed

The 20 winners of the Most Inspiring Women in Cyber Awards were announced at a ceremony held at the iconic BT Tower in London on the 26th February 2025. The awards celebrated the achievements of women working in cybersecurity around the globe – whether recognising personal achievements, efforts to close the gender divide in the industry […]

The post Winners of Most Inspiring Women in Cyber Awards 2025 Revealed appeared first on IT Security Guru.

Almost All Organisations Experienced API Security Issues in Past Year

The latest State of API Security Report by Salt Security has highlighted the ongoing challenges faced by organisations in securing their application programming interfaces (APIs). The Salt Labs State of API Security Report Q1 2025 draws on survey responses from over 200 IT and security professionals, alongside anonymised data from Salt Security’s customer base, to […]

The post Almost All Organisations Experienced API Security Issues in Past Year appeared first on IT Security Guru.

Tarlogic Discovers Security Flaw Allowing Eavesdropping on Private Conversations Via Bluetooth Headset Microphone

The popularity of Bluetooth devices has surged over the years thanks to their convenience and wireless connectivity. The Bluetooth protocol allows and streamlines the setup and discovery of services between a wide range of devices. Bluetooth technology allows users to connect wirelessly to headphones, speakers, smartwatches, keyboards, mice, TVs, cameras, and many other appliances.  Despite […]

The post Tarlogic Discovers Security Flaw Allowing Eavesdropping on Private Conversations Via Bluetooth Headset Microphone  appeared first on IT Security Guru.

How to Protect Your Digital Identity While Gaming Online

Playing games online provides entertainment but exposes you to specific dangers during gameplay. Hackers and scammers specifically target your personal data, payment specifics, and gaming account information. Cybercriminals steal money and account credentials through phishing attacks, malware, and unsecured systems. Gaming carelessly can lead to possible profile loss and the threat of identity theft. Protecting […]

The post How to Protect Your Digital Identity While Gaming Online appeared first on IT Security Guru.

Cybersecurity Leaders Convene in Belfast to Tackle Evolving Digital Threats

Cybersecurity professionals from across Northern Ireland gathered at Titanic Belfast on February 13 for Check Point Software‘s second Cyber Leader Summit, a high-profile event aimed at strengthening Ireland’s digital defences. The summit brought together government officials, business leaders, and security experts to address pressing cyber threats, explore cutting-edge resilience strategies, and discuss the future of […]

The post Cybersecurity Leaders Convene in Belfast to Tackle Evolving Digital Threats appeared first on IT Security Guru.

ACDS Unveils New Updates to EASM Platform, Enhancing Security For Enterprises

Advanced Cyber Defence Systems (ACDS) has unveiled various updates to its EASM tool, Observatory. Its new capabilities include an ability to monitor for leaked AWS access and secret keys, as well as a new detection feature for software supply chain vulnerabilities, including known compromised products with backdoors like Polyfill.  As the threat landscape becomes more […]

The post ACDS Unveils New Updates to EASM Platform, Enhancing Security For Enterprises appeared first on IT Security Guru.

How Safe Are Online Entertainment Platforms?

The shift towards online entertainment services in the US can be explained by the proliferation of mobile devices and improved internet access. It is estimated that more than 97% of the US population currently has online access, with 96% owning smartphones, resulting in the ability for consumers to access the top streaming, gaming, and social […]

The post How Safe Are Online Entertainment Platforms? appeared first on IT Security Guru.

Three Zero-Day Vulnerabilities Discovered in VMware Products

Key Takeaways

• Three zero-day vulnerabilities have been discovered in VMware products, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226.
• Nearly all supported and unsupported VMware products are impacted, including VMware ESXi, VMware Workstation Pro / Player (Workstation), VMware Fusion, VMware Cloud Foundation, and VMware Telco Cloud Platform.
• Chaining these 3 vulnerabilities together allows an attacker to escape or “break out” of a “child” Virtual Machine (VM), gain access to the “parent” ESXi Hypervisor, and potentially access any other accessible VM as well as gain access to the management network of the exposed VMware cluster.
• We recommend upgrading to “fixed versions” indicated in the VMware by Broadcom matrix immediately.

Deceptive Signatures: Advanced Techniques in BEC Attacks

KEY TAKEAWAYS

• Sophistication of BEC Attacks: Business Email Compromise (BEC) attacks are becoming increasingly sophisticated, leveraging advanced social engineering, AI-driven personalization, and phishing kits in order to overcome MFA protections.
• Exploitation of Trust: Some threat actor groups have been discovered levering a technique that involves embedding phishing lures within email signature blocks on user accounts. This deceptive tactic exploits recipients’ trust and attention to the benign nature of signature sections by replacing it with a formatted email. It can also remain undetected during certain investigative steps as it's not considered an inbox rule change which could be associated with specific audit logging and alerting.
• Cascading Impact: Once initial credentials are compromised, attackers often use these accounts to launch secondary phishing campaigns, expanding their reach and escalating financial and reputational damage to organizations. Additionally, even after a password change and a threat actor has lost access to a previously compromised account, if the signature block alteration is not caught and remediated quickly, then normal sending of emails by the user may unknowingly perpetuate the attack forward.

Business email compromise attacks have become increasingly common in recent years, driven by sophisticated social engineering tactics that make it easier to dupe victims. This is in part to the believability that the threat actors are able to achieve by collecting sensitive information from publicly available sources, including corporate websites and social media. Criminals leverage this information to pose as trusted colleagues or business partners, using stolen or spoofed email accounts to deliver convincing messages that prompt recipients to transfer funds or disclose confidential information. The evolving nature of these schemes is characterized by their high success rate, low technological barriers to entry for threat actors, and the substantial financial losses incurred by victim organizations. Advancements in automation, AI-driven personalization, and ready-to-use phishing kits have further accelerated the proliferation of BEC attacks, creating a lucrative marketplace for cybercriminals.

Enhancing Business Email Compromise Incident Response: New Email & Cloud Security Configuration Snapshot

KEY TAKEAWAYS

• Email & Cloud Security Configuration Snapshot can be delivered free as part of BEC investigations, in automated fashion  
• Snapshot condenses frontline threat intelligence from 1000s of BEC investigations to identify configuration weakness allowing most common BEC attack patterns
• Requires no additional client involvement to run
• Available for M365 and Google Workspace

Business Email Compromise (BEC) remains one of the most financially devastating forms of cybercrime, with the FBI reporting over $55 billion in BEC losses worldwide over the past 10 years. Requiring little technical expertise, BECs are relatively simple to execute and attackers have found clever ways to bypass most defenses, contributing to the high rate of incidents. Though attackers leverage various intrusion vectors to compromise email accounts, most BEC incidents are worsened by poor email and cloud security configurations, making it easier for attackers to move laterally, exfiltrate data, and increase the overall impact of the attack.

RSAC 2025 - Key Trends from 100s of ‘Hackers & Threats’ Talk Submissions

Just before the end of 2024, the Hackers & Threats Program Committee met to review hundreds of submissions for the track for RSAC 2025 Conference.

Phorpiex - Downloader Delivering Ransomware

Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.

In this Threat Analysis report, Cybereason Security Services investigate the Phorpiex botnet which is then able to deliver LockBit Black Ransomware (aka LockBit 3.0).

CVE-2025-23006: Critical Vulnerability Discovered in SonicWall SMA 1000 Series

Key Takeaways

• Critical vulnerability discovered in SonicWall’s SMA 1000 series appliances, tracked as CVE-2025-23006.
• Impacted products include Appliance Management Console (AMC) and Central Management Console (CMC) products, versions 12.4.3-02804 and earlier.
• This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary commands.
• We recommend upgrading to version 12.4.3-02854 (platform-hotfix) or later immediately.

From Noise to Clarity: The Value of MalOp™ Technology in Modern Cyber Defense

"Out-of-the-Box" Detection Coverage: A Critical Metric for Endpoint Security

Back in the summer I wrote a blog around capability versus usability, in which I highlighted that typically industry testing focuses on capability, despite one of the key challenges in the industry being skills. EDR by its nature, is a technical capability and as such the skills gap in this space is even greater. I will always remember a good friend sharing in his keynote, a number of years ago, that there is little point in buying a best of breed solution if you don’t have the people powers to actually use it.

In our recent SoC optimizationresearch we saw that on average only 50-80% of alerts are processed the same day, false positives being a significant challenge and distraction for SoC analysts.

CVE-2024-55956: Zero-Day Vulnerability in Cleo Software Could Lead to Data Theft

Key Takeaways

• Zero-day vulnerability was discovered in 3 Cleo products, tracked as CVE-2024-55956
• Cleo is the developer of various managed file transfer platforms with approximately 4,000 customers, mostly mid-sized organizations
• CVE-2024-55956 could allow unauthenticated users to import and execute arbitrary Bash or PowerShell commands on host systems by leveraging default settings of the Autorun directory
• Threat actor group, CL0P, has claimed responsibility for vulnerability exploitation with the goal of data theft
• We recommend upgrading to version 5.8.0.24 immediately

Your Data Is Under New Lummanagement: The Rise of LummaStealer

Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.

In this Threat Analysis report, Cybereason Security Services investigate the rising activity of the malware LummaStealer.

How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Soon�

Posted by Sean @ 12:52 GMT

Our "construction project" is progressing nicely.



And it should resolve this…



Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.

On 18/08/15 At 12:52 PM

Work In Progress

Posted by Sean @ 13:25 GMT

Regular readers will have noticed it's been slow here of late.


Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.

On 13/08/15 At 01:25 PM

"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT

Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:



And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.



We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.

On 23/07/15 At 09:53 AM

Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT

Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.


An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.


A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.


A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".


Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.


The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP

On 22/07/15 At 11:59 AM

'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT

VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.



The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.

On 20/07/15 At 12:40 PM

IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT

The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:



Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:



Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.



The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)

On 17/07/15 At 10:15 AM

Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT

After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.




Here are the stats for each exploit kit:




The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:




Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:




We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:




HanJuan Flash Exploit:




There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.

On 13/07/15 At 12:29 PM

The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT

When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):



Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:





Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.


Post by – Su Gim

On 08/07/15 At 02:31 AM

Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT

The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.


(Source)


So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.

On 09/06/15 At 01:25 PM

Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT

I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.



Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean

On 08/06/15 At 01:27 PM

SMS Exploit Messages

Posted by Sean @ 13:56 GMT

There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.


S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:


Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:


Effective Power Unicode iOS hack vs Twitter

On 28/05/15 At 01:56 PM

Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT

In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:



When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:



So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:



Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:



If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:



And then to the malware itself:



This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor

On 19/05/15 At 03:17 AM

Mac Hack Demonstration

Posted by Sean @ 12:46 GMT

Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.



Don't worry, it's an authorized hack, she asked her mom for permission.

On 15/05/15 At 12:46 PM

Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

GMX (Global Mail eXchange) Mail is an email service where users may register up to 10 individual email addresses at no cost. As a result, threat actors are leveraging this service to easily spin up new email addresses and effectively delivering phishing attacks that bypass Microsoft o365 and Google Workspace, landing in an organization’s email […]

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries.  As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

Next-Gen Phishing Techniques – How Back-End Tech Made Scams More Effective

Phishing scams are no longer just poorly written emails full of typos. The era of messages from long-lost, wealthy relatives leaving fortunes to unknown heirs has passed its peak.   Today’s sophisticated back-end technologies take phishing and social engineering to the next level. Hackers are now able to create not only better messages but also more […]

The post Next-Gen Phishing Techniques – How Back-End Tech Made Scams More Effective appeared first on Heimdal Security Blog.

Top 9 Arctic Wolf Competitors and Alternatives

Managed security services like Arctic Wolf and its competitors help companies boost cybersecurity without the hassle of an in-house IT team. It’s a practical way to stay secure while focusing on your core business. Arctic Wolf is popular, but many other MDR providers offer excellent features and services. Here are nine top Arctic Wolf alternatives […]

The post Top 9 Arctic Wolf Competitors and Alternatives appeared first on Heimdal Security Blog.

8 Essential Steps for DORA Compliance and Effective Reporting

In 2024, every major European financial service (FS) firm suffered some kind of security breach. These shocking findings come from a study of cyber incidents in Europe last year. It found that 18% of large FS companies suffered direct breaches (where hackers broke into their systems). The rest were exposed through third- or fourth-party breaches […]

The post 8 Essential Steps for DORA Compliance and Effective Reporting appeared first on Heimdal Security Blog.

5 Best NIS2 Compliance Software and Solution Providers

The European Union’s Network and Information Systems Directive 2 (NIS2) is now in effect. And, throughout 2025, governments across the continent will be transposing it into national law. Complying with the regulation involves a combination of changes to workflows, employee behavior, and technology. There isn’t a single ‘turnkey’ solution that will make you compliant on […]

The post 5 Best NIS2 Compliance Software and Solution Providers appeared first on Heimdal Security Blog.

9 Best Endpoint Management Software in 2025

Keeping track of laptops, phones, and IoT devices can feel like herding cats, especially with remote work on the rise. That’s where endpoint management software steps in making it easier to protect data, stay compliant, and manage your tech. In this article, I’ll dive into what endpoint management is and share 9 standout tools to […]

The post 9 Best Endpoint Management Software in 2025 appeared first on Heimdal Security Blog.

DORA Compliance for MSPs – How to Help Your Clients

In January 2025, the European Union’s new Digital Operational Resilience Act (DORA) came into effect. If you’re an MSP and you have clients in the financial services sector, they will likely be turning to you for help with DORA compliance So, where should you begin? In this article, we provide some pointers for MSPs operating […]

The post DORA Compliance for MSPs – How to Help Your Clients appeared first on Heimdal Security Blog.

Best Automated Patch Management Software in 2025

Did you know? — Recent research shows that 80% of cyberattacks happen due to unpatched software vulnerabilities. This highlights the critical role of automated patch management software in safeguarding systems. These tools not only streamline updates but also fortify your systems against evolving cyber threats. In this article, we’ll talk about the best automated patch […]

The post Best Automated Patch Management Software in 2025 appeared first on Heimdal Security Blog.

Heimdal and Interbel Partner to Secure Spanish Businesses Against Rising Cyber Threats

BARCELONA, Spain, and COPENHAGEN, Denmark, January 20, 2025 — Heimdal, a leading cybersecurity company, has partnered with Interbel, a Spanish cybersecurity and Email value added distributor with over 27 years of experience. Together, they will deliver powerful and user-friendly cybersecurity solutions to businesses across Spain, addressing the rising challenges of sophisticated cyber threats and complex […]

The post Heimdal and Interbel Partner to Secure Spanish Businesses Against Rising Cyber Threats appeared first on Heimdal Security Blog.

How to Prepare for NIS2 Audits – A Compliance Expert’s View

Third-party security questionnaires and the number of audits that are growing every year are killing everybody’s soul! – Larisa Mihai, Cyber Compliance Expert In October 2024, European Union member states had a deadline to transpose the NIS2 Directive into national law. Although not all countries have begun enforcing the rules, it will eventually become the […]

The post How to Prepare for NIS2 Audits – A Compliance Expert’s View appeared first on Heimdal Security Blog.

Best 8 Endpoint Protection Software in 2025

Endpoint protection software works like a security system for a digital hotel. They equip each ‘room’ – in our case work device – with a lock, alarms, video surveillance, etc. This way they make sure each visitor or hotel employee uses the private or common spaces safely and legit. Endpoint protection tools act like digital […]

The post Best 8 Endpoint Protection Software in 2025 appeared first on Heimdal Security Blog.

How to Negotiate Your NIS2 Fine or Completely Avoid the Risk

In the next few years, a growing number of organizations across Europe will face investigations for non-compliance with the NIS2 Directive. If they are found to have poor cybersecurity practices, they may well be forced to pay multi-million Euro fines and other penalties. The best way to manage the risk of NIS2 penalties is, of […]

The post How to Negotiate Your NIS2 Fine or Completely Avoid the Risk appeared first on Heimdal Security Blog.

NIS2 Compliance Checklist

The NIS2 Compliance Directive is a pivotal regulation aimed at enhancing cybersecurity within critical sectors across the European Union. With its stringent requirements for managing cyber risks, securing supply chains, and reporting incidents, it’s essential for organizations to ensure compliance. This article outlines the crucial steps for aligning with NIS2 standards, drawn from our comprehensive […]

The post NIS2 Compliance Checklist appeared first on Heimdal Security Blog.

Heimdal and Watsoft Team Up to Strengthen MSP Cybersecurity in France

COPENHAGEN, Denmark, and PARIS, France, January 13, 2025 — Heimdal, a top European cybersecurity company, is teaming up with Watsoft, a French IT distributor focused on Managed Service Providers (MSPs). This partnership will help MSPs in France deal with today’s growing cybersecurity challenges by simplifying how they manage security and offering reliable tools from a […]

The post Heimdal and Watsoft Team Up to Strengthen MSP Cybersecurity in France appeared first on Heimdal Security Blog.

Best 10 Unified Endpoint Management Software

Managing laptops, smartphones, and IoT devices is no easy task – especially with remote work on the rise. The best Unified Endpoint Management (UEM) software turns chaos into control. By bringing endpoint management into a single platform, UEM simplifies IT operations, boosts security, and keeps devices up to date effortlessly. Whether you’re dealing with device sprawl […]

The post Best 10 Unified Endpoint Management Software appeared first on Heimdal Security Blog.

Top 10 Managed Service Providers in New York for 2025

Managed Service Providers (MSPs) play a pivotal role in supporting businesses by managing their IT needs.   This article will shine a spotlight on the top Managed Service Providers  in New York, those that offer exceptional services and stand out from their peers.   Our selection is based on a mix of client reviews, range […]

The post Top 10 Managed Service Providers in New York for 2025 appeared first on Heimdal Security Blog.

ISC Stormcast For Friday, March 7th, 2025 https://isc.sans.edu/podcastdetail/9354, (Fri, Mar 7th)

No summary available.

ISC Stormcast For Thursday, March 6th, 2025 https://isc.sans.edu/podcastdetail/9352, (Thu, Mar 6th)

No summary available.

DShield Traffic Analysis using ELK, (Thu, Mar 6th)

Using the Kibana interface, sometimes it can be difficult to find traffic of interest since there can be so much of it. The 3 logs used for traffic analysis are cowrie, webhoneypot and the firewall logs. Other options to add to the honeypot are packet capture, netflow and Zeek.

ISC Stormcast For Wednesday, March 5th, 2025 https://isc.sans.edu/podcastdetail/9350, (Wed, Mar 5th)

No summary available.

Romanian Distillery Scanning for SMTP Credentials, (Tue, Mar 4th)

Lately, attackers have gotten more creative and aggressive in trying to find various credential files on exposed web servers. Our "First Seen" page each day shows many new versions of scans for secrets files like ".env".

Tool update: mac-robber.py, (Tue, Mar 4th)

Just a quick update. I fixed a big bug in my mac-robber.py script about 2 weeks ago, but realized I hadn&#;x26;#;39;t published a diary about it. I didn&#;x26;#;39;t go back and figure out how this one slipped in because I&#;x26;#;39;m sure it worked originally, but it was generating bad output for soft/symbolic links. If. you are using the script, please update immediately.

ISC Stormcast For Tuesday, March 4th, 2025 https://isc.sans.edu/podcastdetail/9348, (Tue, Mar 4th)

No summary available.

Mark of the Web: Some Technical Details, (Mon, Mar 3rd)

The Mark of the Web (MoTW) is file metadata in Windows that marks a file that was obtained from an untrusted source.

ISC Stormcast For Monday, March 3rd, 2025 https://isc.sans.edu/podcastdetail/9346, (Mon, Mar 3rd)

No summary available.

Wireshark 4.4.5 Released, (Sun, Mar 2nd)

Wireshark release 4.4.5 was released soon after 4.4.4 : it fixes a bug that makes Wireshark crash when clicking on a column title/header.

AI Literacy: A New Mandate Under the EU AI Act - What Your Organization Needs to Know

The European Union's AI Act is ushering in a new era of workplace requirements, with AI literacy taking center stage. Under Article 4, organizations must now ensure their workforce is sufficiently AI-literate - but what does this really mean for your organization?

Data at Risk: 96% of Ransomware Attacks Involve Data Theft

A new report from Arctic Wolf has found that 96% of ransomware attacks now involve data theft as criminals seek to force victims to pay up.

Alert: Phishing Attacks Use New JavaScript Obfuscation Technique

Researchers at Juniper Threat Labs warn that phishing attacks are utilizing a new obfuscation technique to hide malicious JavaScript.

Q&A with Martin Kraemer on Information Sharing in Cybersecurity

Recently, Dr. Martin J. Kraemer, Security Awareness Advocate at KnowBe4, and Dr. William Seymour, Lecturer in Cybersecurity at King’s College London released a Whitepaper called: “Cybersecurity Information Sharing as an Element of Sustainable Security Culture,” which examines how people consume and share cybersecurity information, revealing the role that workplace training plays in fostering information sharing among colleagues.

Primary Refresh Tokens Aren’t Your Parent’s Browser Token

If you haven’t been paying attention closely enough, a new type of access control token, like a super browser token on steroids, is becoming hackers' theft target of choice.

Schools in Session: Surge in Phishing Attacks Targeting the Education Sector

A KnowBe4 Threat Lab Publication
Authors: Jeewan Singh Jalal, Anand Bodke, Daniel Netto and Martin Kraemer

CyberheistNews Vol 15 #09 [NEW] KnowBe4 Interviews a Fake North Korean Employee

Announcing: Audiocasts - A New Podcast-Like Training Content Type

We are very excited to announce the addition of audiocasts, a new content type now available in the ModStore to help strengthen your security culture through an engaging audio format.

Protect Yourself from Job Termination Scams

ESET warns of a wave of phishing attacks informing employees that they’ve been fired or let go. The emails are designed to make the user panic and act quickly to see if they’ve actually lost their job.

Protect Your Devices: Mobile Phishing Attacks Bypass Desktop Security Measures

Zimperium warns of a surge in phishing attacks specifically tailored for mobile devices. These attacks are designed to evade desktop security measures in order to breach organizations through employees’ smartphones.

News alert: Hunters announces ‘Pathfinder AI’ to enhance detection and response in SOC workflows

Boston and Tel Aviv, Mar. 4, 2025, CyberNewswire — Hunters, the leader in next-generation SIEM, today announced Pathfinder AI, a major step toward a more AI-driven SOC.

Building on Copilot AI, which is already transforming SOC workflows with LLM-powered … (more…)

The post News alert: Hunters announces ‘Pathfinder AI’ to enhance detection and response in SOC workflows first appeared on The Last Watchdog.

News alert: Bubba AI launches Comp AI to help 100,000 startups get SOC 2 compliant by 2032

San Francisco, Calif., Mar. 3, 2025, CyberNewswire — With the growing importance of security compliance for startups, more companies are seeking to achieve and maintain compliance with frameworks like SOC 2, ISO 27001 & GDPR.

Bubba AI, Inc. is building … (more…)

The post News alert: Bubba AI launches Comp AI to help 100,000 startups get SOC 2 compliant by 2032 first appeared on The Last Watchdog.

GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must

The rise of AI co-pilots is exposing a critical security gap: sensitive data sprawl and excessive access permissions.

Related: Weaponizing Microsoft’s co-pilot

Until now, lackluster enterprise search capabilities kept many security risks in check—employees simply couldn’t find much of the … (more…)

The post GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must first appeared on The Last Watchdog.

News alert: INE secures spot in G2’s 2025 Top 50 education software rankings

Cary, NC, Feb. 25, 2025, CyberNewswire — INE, the leading provider of networking and cybersecurity training and certifications, today announced its recognition as an enterprise and small business leader in online course providers and cybersecurity professional development, along with … (more…)

The post News alert: INE secures spot in G2’s 2025 Top 50 education software rankings first appeared on The Last Watchdog.

News alert: INE Security’s focus on practical security training enhances career stability in tech

Cary, NC, Feb. 19, 2025, CyberNewswire — 2025 marks a time of unprecedented volatility in the technology job market.

On one hand, dependence on technology is soaring. The growth of AI and machine learning is propelling a surge in new … (more…)

The post News alert: INE Security’s focus on practical security training enhances career stability in tech first appeared on The Last Watchdog.

My Take: Will decentralizing connected systems redistribute wealth or reinforce Big Tech’s grip?

For the past 25 years, I’ve watched the digital world evolve from the early days of the Internet to the behemoth it is today.

Related: Self-healing devices on the horizon

What started as a decentralized, open platform for innovation has … (more…)

The post My Take: Will decentralizing connected systems redistribute wealth or reinforce Big Tech’s grip? first appeared on The Last Watchdog.

News alert: Gcore Radar reveals 56% rise in DDoS attacks – gaming industry targeted the most

Luxembourg, Luxembourg, Feb. 11, 2025, CyberNewswire — Gcore, the global edge AI, cloud, network, and security solutions provider, today announced the findings of its Q3-Q4 2024 Radar report into DDoS attack trends.

DDoS attacks have reached unprecedented scale and … (more…)

The post News alert: Gcore Radar reveals 56% rise in DDoS attacks – gaming industry targeted the most first appeared on The Last Watchdog.

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

We’re just getting started down the road to the Internet of Everything (IoE.)

Related: IoT growing at a 24% clip

To get there – to fully tap the potential of a hyper-interconnected ecosystem where devices, data, AI and humans converge … (more…)

The post MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier first appeared on The Last Watchdog.

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

Austin, TX, Feb. 4, 2025, CyberNewswire — SpyCloud’s Identity Threat Protection solutions spearhead a holistic identity approach to security, illuminating correlated hidden identity exposures and facilitating fast, automated remediation.

SpyCloud, a leading identity threat protection company, announced key innovations … (more…)

The post News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection first appeared on The Last Watchdog.

News alert: Doppler announces integration with Datadog to streamline credential security

San Francisco, Calif., Jan. 30, 2025, CyberNewswire — Doppler, the leading provider of secrets management solutions, announced a new integration with Datadog, a cloud application monitoring and security platform..

This collaboration provides engineering and operations teams with … (more…)

The post News alert: Doppler announces integration with Datadog to streamline credential security first appeared on The Last Watchdog.

Ransomware threat mailed in letters to business owners

CEOs and business owners received personal, customized ransomware threats in a series of letters sent in the mail through USPS.

Android botnet BadBox largely disrupted

Removing 24 malicious apps from the Google Play store and silencing some servers has almost halved the BadBox botnet.

I spoke to a task scammer. Here’s how it went

Task scams are increasing in volume. We followed up on an invitation by a task scammer to get a first hand look on how they work.

Android zero-day vulnerabilities actively abused. Update as soon as you can

Android's March 2025 security update includes two zero-days which are under active exploitation in targeted attacks.

PayPal scam abuses Docusign API to spread phishy emails

Phishers are once again using the Docusign API to send out fake documents, this time looking as if they come from PayPal.

TikTok: Major investigation launched into platform’s use of children’s data

The UK's ICO has started an investgation into how TikTok and other platforms assess age information and compliance with the children’s code for online privacy.

A week in security (February 24 – March 2)

A list of topics we covered in the week of February 24 to March 2 of 2025

Millions of stalkerware users exposed again

Three more stalkerware apps have been found to leak data of both victims and customers alike: Spyzie, Cocospy, and Spyic

PayPal’s “no-code checkout” abused by scammers

Malicious Google ads are redirecting PayPal users looking for assistance to fraudulent pay links embedding scammers' phone numbers.

Countries and companies are fighting at the expense of our data privacy

While countries and companies are fighting over access to encrypted files and chats, our data privacy may get crushed.

Roblox called “real-life nightmare for children” as Roblox and Discord sued

Roblox and Discord are charged with the facilitation of child predators, and misleading parents into believing the platforms are safe to use for their children.

Android happy to check your nudes before you forward them

The Android app SafetyCore was silently installed and looks at incoming and outgoing pictures to check their decency.

Background check provider data breach affects 3 million people who may not have heard of the company

Background check provider DISA has disclosed a major data breach which may have affected over 3 million people.

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

The stolen information included listed contacts, call logs, text messages, photos, and the device’s location.

Surveillance pricing is “evil and sinister,” explains Justin Kloczko (Lock and Code S06E04)

This week on the Lock and Code podcast… Insurance pricing in America makes a lot of sense so long as you’re...

A week in security (February 17 – February 23)

A list of topics we covered in the week of February 17 to February 23 of 2025

Healthcare security lapses keep piling up

Healthcare security is failing patients time and again. This week DM Clinical Research and Helath Net Federal Services take the spotlight

SecTopRAT bundled in Chrome installer distributed via Google Ads

Beware before downloading Google Chrome from a Google search, you might get more than you expected.

Google Docs used by infostealer ACRStealer as part of attack

An infostealer known as ACRStealer is using legitimate platforms like Google Docs and Steam as part of an attack.

DeepSeek found to be sharing user data with TikTok parent company ByteDance

South Korea says it's uncovered evidence that DeepSeek has secretly been sharing data with ByteDance, the parent company of popular social media app TikTok.

What It Takes to Be Your Organisation’s DPO or Data Privacy Lead

‘GDPR’ has become a familiar term. We recognise the visible and consumer-facing aspects of the General Data Protection Regulation in our everyday lives – when consumers exercise their right to withdraw consent to their data being processed via ‘opt out’ or ‘unsubscribe’ buttons, for example. What’s less evident is whether organisations are keeping their practices fully up to date and in line with the GDPR and other applicable data protection laws. For instance: So, how sure are you that your organisation is fully compliant with the relevant data protection legislation? In this blog ‘Once compliant’ does not mean ‘still compliant’

The post What It Takes to Be Your Organisation’s DPO or Data Privacy Lead appeared first on IT Governance Blog.

Free Expert Insights: Index of Interviews

We regularly sit down with experts from within GRC International Group to get their insights on a technical topic or business area. Here are all our Q&As to date, grouped by broad topic: To get new expert insights straight to your inbox, sign up to our weekly newsletter, the Security Spotlight. Last updated: 15 January 2025. Interviews added: Andrew Pattison on DORA, how it compares to NIS 2, and how it’ll be regulated (DORA); Damian Garcia on transitioning to ISO 27001:2022 (ISO 27001); Louise Brooks on cookie audits (PECR); and Leon Teale on ethical hacking as a career (security testing). 

The post Free Expert Insights: Index of Interviews appeared first on IT Governance Blog.

How Can Organisations Transition to ISO 27001:2022?

Addressing the new Annex A control set Organisations with ISO/IEC 27001:2013 certification must transition to ISO/IEC 27001:2022 by 31 October 2025. The biggest change for organisations is Annex A, which has been overhauled and includes 11 new controls. How can organisations best approach this new control set? What changes to the main clauses of the Standard tend to get overlooked? And what are common mistakes to avoid when transitioning? Our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explains. In this interview Are the new controls in ISO 27001:2022 applicable? Where do organisations start when transitioning from ISO

The post How Can Organisations Transition to ISO 27001:2022? appeared first on IT Governance Blog.

The Benefits of Becoming an Ethical Hacker

Q&A with senior penetration tester Leon Teale Have you ever thought about getting paid to break into organisations’ networks? That’s precisely what ethical hackers (also known as ‘penetration testers’ or ‘pen testers’) do. But what exactly does this career involve? Why would you pursue it? And what knowledge and skills do you need to kick-start your career? We put these questions to our senior penetration tester Leon Teale, who’s been a qualified ethical hacker since 2012. In this interview Why pursue ethical hacking as a career What made you choose penetration testing as a career, and what do you enjoy

The post The Benefits of Becoming an Ethical Hacker appeared first on IT Governance Blog.

Step-by-Step Guide to Achieving GDPR Compliance

The data breaches that continue to make the headlines show the importance of data protection and laws like the GDPR (General Data Protection Regulation). If you’re only beginning to look at compliance, the Regulation may seem overwhelming. The good news is that many of the GDPR requirements reflect efficient business activities or practices – things that’ll help you as an organisation irrespective of compliance. This blog explains further, as we take you through eight steps towards becoming compliant with the GDPR and similar data protection laws. In this blog 1. Secure management buy-in Board or senior management support is a

The post Step-by-Step Guide to Achieving GDPR Compliance appeared first on IT Governance Blog.

How You Can Continually Improve Your ISO 27001 ISMS (Clause 10)

Your ISO 27001 journey doesn’t end once you’ve implemented your ISMS (information security management system) and controls. You must check your measures are doing what they’re supposed to do by: This reflects what you’re trying to address: information security risks. In this blog Your information security risks evolve over time All recent ISO management system standards, including ISO 27001:2022, require you to continually improve your management system. Risks evolve over time – particularly in a cyber security context. Cyber criminals are, unfortunately, innovative. They’re constantly coming up with new tools and exploits, meaning that organisations need to be pro-active about

The post How You Can Continually Improve Your ISO 27001 ISMS (Clause 10) appeared first on IT Governance Blog.

How ISO 27001 Helps You Comply With DORA

From 17 January 2025, DORA (Digital Operational Resilience Act) will, as an EU regulation, directly apply throughout the EU. Though the Regulation is primarily concerned with the operational resilience of critical and important functions of EU financial entities, UK organisations may also be in scope – particularly if they supply ICT services to EU financial institutions. As we conduct DORA gap analyses, we’ve noticed how the organisations with an ISO 27001 ISMS (information security management system) tend to have a higher degree of DORA compliance. In this blog How ISO 27001 helps with DORA compliance ISO 27001 provides the ‘building

The post How ISO 27001 Helps You Comply With DORA appeared first on IT Governance Blog.

Why You Need Cyber Resilience and Defence in Depth

And how to become resilient with ISO 27001 and ISO 22301 Unfortunately, even the most secure organisation can suffer an incident. The odds are simply stacked against you: While you need to protect all your assets from all types of threat, an attacker needs only one exploitable weakness to get into your systems. Plus, any security measure you implement is only designed to stop, at most, a handful of threats – and that’s assuming it was both correctly implemented and still doing its job. Regardless of implementation, single measures aren’t enough – because no measure is foolproof. The consequences of

The post Why You Need Cyber Resilience and Defence in Depth appeared first on IT Governance Blog.

How a GDPR Gap Analysis Helps Secure Support From Senior Management

GDPR gap analysis data shows compliance in the UK is “quite low” When implementing a GDPR (General Data Protection Regulation) compliance programme, a key challenge is securing the required resources and support – particularly from top management. Yet GDPR compliance brings business benefits beyond mitigating the risk of data breaches and fines: The value of a gap analysis But how can you get management to understand these benefits, and more to the point, understand how far away the organisation is from compliance? GDPR gap analysis offers a useful tool here – particularly if conducted by an independent third party. A

The post How a GDPR Gap Analysis Helps Secure Support From Senior Management appeared first on IT Governance Blog.

How to Select Effective Security Controls

Risk–benefit analysis, defence in depth, information security objectives and proportionality Looking to mitigate your information security risks but not sure how to choose effective controls while staying on budget? Risk–benefit analysis is key, as is defence in depth. You also want to set information security objectives that are aligned to your business objectives, and be proportionate in your control selections. Our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explains further. In this interview Risk–benefit analysis How do you choose appropriate security controls? You need to be clear on two things: Then hopefully, the benefit outweighs the risk.

The post How to Select Effective Security Controls appeared first on IT Governance Blog.

Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity

Kaspersky experts have discovered campaigns distributing stealers, malicious PowerShell scripts, and backdoors through web pages mimicking the DeepSeek and Grok websites.

Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool

Attackers blackmail YouTubers with complaints and account blocking threats, forcing them to distribute a miner disguised as a bypass tool.

Mobile malware evolution in 2024

The most notable mobile threats of 2024, and statistics on Android-specific malware, adware and potentially unwanted software.

The SOC files: Chasing the web shell

Kaspersky SOC analysts discuss a recent incident where the well-known Behinder web shell was used as a post-exploitation backdoor, showing how web shells have evolved.

Exploits and vulnerabilities in Q4 2024

This report provides statistics on vulnerabilities and exploits and discusses the most frequently exploited vulnerabilities in Q4 2024.

The GitVenom campaign: cryptocurrency theft using GitHub

Kaspersky researchers discovered GitVenom campaign distributing stealers and open-source backdoors via fake GitHub projects.

Angry Likho: Old beasts in a new forest

Kaspersky experts analyze the Angry Likho APT group's attacks, which use obfuscated AutoIt scripts and the Lumma stealer for data theft.

Managed detection and response in 2024

The Kaspersky Managed Detection and Response report includes trends and statistics based on incidents identified and mitigated by Kaspersky's SOC team in 2024.

Spam and phishing in 2024

We analyze 2024's key spam and phishing statistics and trends: the hunt for crypto wallets, Hamster Kombat, online promotions via neural networks, fake vacation schedules, and more.

StaryDobry ruins New Year’s Eve, delivering miner instead of presents

Kaspersky GReAT experts have discovered a new campaign distributing the XMRig cryptominer through popular games such as BeamNG.drive and Dyson Sphere Program on torrent trackers.