Cybersecurity News

GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages

Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that's based on Apache Airflow. "This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account, which

5 Major Concerns With Employees Using The Browser

As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks. Keep Aware’s recent State of Browser Security report highlights major concerns security leaders face with employees using the web browser for most of their work.

Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials

In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and redirect message recipients to fraudulent sites that harvest their credentials. "The first thing to note is that this is a valid, signed email – it really was sent from no-reply@google.com," Nick Johnson

Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach

Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to

Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware

The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. "Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company," the Symantec Threat Hunter Team said in a new report

Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC). "In some systems, initial access was gained through

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to

5 Reasons Device Management Isn't Device Trust​

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose is significant, which is why device

⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps — like a misconfigured pipeline, a trusted browser feature,

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week.  "Net

APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures

The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - node-telegram-utils (132 downloads) node-telegram-bots-api (82 downloads) node-telegram-util (73 downloads) According to supply chain

ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware

ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0. "An improper authentication control vulnerability exists in certain ASUS router firmware series,"

Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States

Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical write-up of the campaign. The

[Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach

Your employees didn’t mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal—until it is. If this sounds familiar, you're not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And

Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence," Cisco Talos researcher Joey Chen said in a Thursday analysis. 

CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure

Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates

The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement

State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater),

Artificial Intelligence – What's all the fuss?

Talking about AI: Definitions Artificial Intelligence (AI) — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing various technologies and methodologies, including Machine Learning (ML) and Deep Learning. Machine

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0. "The vulnerability allows an attacker with network access to an Erlang/OTP SSH server

Blockchain Offers Security Benefits – But Don't Neglect Your Passwords

Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works  Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions.

Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like Binance or

CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection

Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks

Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-31200 (CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio

New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs

Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered in a binary named "schtasks.exe," which enables an administrator to create, delete, query, change,

Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024

Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with a majority of them identified and blocked by its systems before it could serve harmful ads to users. In all, the tech giant said it stopped 5.1 billion bad ads, restricted 9.1 billion ads, and blocked or restricted ads on 1.3 billion pages last year. It also suspended over 5 million accounts for

Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins

Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages. "Attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to a fraudulent Microsoft SharePoint login portal," Abnormal Security researchers Callie Hinman Baron and Piotr Wojtyla

From Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply Chains

Introduction Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these interconnected systems to launch attacks. By first infiltrating a third-party vendor with undetected

New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks

Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. "The controller could open a reverse shell," Trend Micro researcher Fernando Mercês said in a technical report published earlier in

Product Walkthrough: A Look Inside Wing Security's Layered SaaS Identity Defense

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and

Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users

Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024. While using malware-laced apps to steal financial information is not a new phenomenon, the new findings from Russian antivirus vendor Doctor Web point to

U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert

The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures (CVE) program will expire Wednesday, an unprecedented development that could shake up one of the foundational pillars of the global cybersecurity ecosystem. The 25-year-old CVE program is a valuable tool for vulnerability management, offering a de facto standard to

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. "Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save money and, in this case, plausibly blend in with the pool of

Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence

A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and including 6.1.4.

Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’ excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025, This report is the first and only report to merge

Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders

Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens. The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency eXchange Trading),

Crypto Developers Targeted by Python Malware Disguised as Coding Challenges

The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as Slow Pisces, which is also known as Jade Sleet, PUKCHONG,

Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability

A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks

Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval

Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, nearly a year after it paused its efforts due to data protection concerns from Irish regulators. "This training will better support millions of people and businesses in Europe, by teaching our generative AI models to better

ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading

Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. "The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients into clicking a malicious link," Morphisec Labs researcher Nadav Lorber said in a report shared with The

Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts. The technique has been codenamed precision-validating phishing by Cofense, which it said employs real-time email validation so that only a select set of high-value targets are served the fake login screens. "This tactic not

⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More

Attackers aren’t waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week’s events show a hard truth: it’s not enough to react after an attack. You have to assume that any system you trust today could fail tomorrow. In a world

Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind

AI is changing cybersecurity faster than many defenders realize. Attackers are already using AI to automate reconnaissance, generate sophisticated phishing lures, and exploit vulnerabilities before security teams can react. Meanwhile, defenders are overwhelmed by massive amounts of data and alerts, struggling to process information quickly enough to identify real threats. AI offers a way to

Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT

A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT. The activity, detected by SEQRITE in December 2024, targeted Indian entities under railway, oil and gas, and external affairs ministries, marking an expansion of the hacking crew's

Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit

Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched. The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762. "A threat actor used a known

Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors

The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday. Paper Werewolf, also known

Initial Access Brokers Shift Tactics, Selling More for Less

What are IABs? Initial Access Brokers (IABs) specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise: exploiting vulnerabilities through methods like social engineering and brute-force attacks.  By selling access, they significantly mitigate the

Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways

Palo Alto Networks has revealed that it's observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat hunters warned of a surge in suspicious login scanning activity targeting its appliances. "Our teams are observing evidence of activity consistent with password-related attacks, such as brute-force login attempts, which does not indicate exploitation of a

Whistleblower: DOGE Siphoned NLRB Case Data

A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk's Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account.

Funding Expires for Key Cyber Vulnerability Database

A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program -- which is traditionally funded each year by the Department of Homeland Security -- expires on April 16.

Trump Revenge Tour Targets Cyber Leaders, Elections

President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs's employer SentinelOne, comes as CISA is facing huge funding and staffing cuts.

China-based SMS Phishing Triad Pivots to Banks

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff.

Patch Tuesday, April 2025 Edition

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft's most-dire "critical" rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users.

Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe

A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to reopen a number of adjudicated cases in which the expert's testimony may have been pivotal.

How Each Pillar of the 1st Amendment is Under Attack

In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists, students, universities, government workers, lawyers and judges. This story explores a slew of recent actions by the Trump administration that threaten to undermine all five pillars of the First Amendment to the U.S. Constitution, which guarantees freedoms concerning speech, religion, the media, the right to assembly, and the right to petition the government and seek redress for wrongs.

When Getting Phished Puts You in Mortal Danger

Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life.

Arrests in Tap-to-Pay Scheme Powered by Phishing

Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on a custom Android app to relay tap-to-pay transactions from mobile devices located in China.

DOGE to Fired CISA Staff: Email Us Your Personal Data

A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration's continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their Social Security number or date of birth in a password-protected email attachment -- presumably with the password needed to view the file included in the body of the email.

Friday Squid Blogging: Live Colossal Squid Filmed

A live colossal squid was filmed for the first time in the ocean. It’s only a juvenile: a foot long.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Age Verification Using Facial Scans

Discord is testing the feature:

“We’re currently running tests in select regions to age-gate access to certain spaces or user settings,” a spokesperson for Discord said in a statement. “The information shared to power the age verification method is only used for the one-time age verification process and is not stored by Discord or our vendor. For Face Scan, the solution our vendor uses operates on-device, which means there is no collection of any biometric information when you scan your face. For ID verification, the scan of your ID is deleted upon verification.”...

CVE Program Almost Unfunded

Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute.

This is a big deal. The CVE program is one of those pieces of common infrastructure that everyone benefits from. Losing it will bring us back to a world where there’s no single way to talk about vulnerabilities. It’s kind of crazy to think that the US government might damage its own security in this way—but I suppose no crazier than any of the other ways the US is working against its own interests right now...

Slopsquatting

As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware, of course.

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak:

• I’m giving an online talk on AI and trust for the Weizenbaum Institute on April 24, 2025 at 2:00 PM CEST (8:00 AM ET).

The list is maintained on this page.

China Sort of Admits to Being Behind Volt Typhoon

The Wall Street Journal has the story:

Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate.

The Chinese delegation linked years of intrusions into computer networks at U.S. ports, water utilities, airports and other targets, to increasing U.S. policy support for Taiwan, the people, who declined to be named, said.

The admission wasn’t explicit:...

Friday Squid Blogging: Squid and Efficient Solar Tech

Researchers are trying to use squid color-changing biochemistry for solar tech.

This appears to be new and related research to a 2019 squid post.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

AI Vulnerability Finding

Microsoft is reporting that its AI systems are able to find new vulnerabilities in source code:

Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison.

Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered in U-Boot and Barebox, which require physical access to exploit.

The newly discovered flaws impact devices relying on UEFI Secure Boot, and if the right conditions are met, attackers can bypass security protections to execute arbitrary code on the device...

Reimagining Democracy

Imagine that all of us—all of society—have landed on some alien planet and need to form a government: clean slate. We do not have any legacy systems from the United States or any other country. We do not have any special or unique interests to perturb our thinking. How would we govern ourselves? It is unlikely that we would use the systems we have today. Modern representative democracy was the best form of government that eighteenth-century technology could invent. The twenty-first century is very different: scientifically, technically, and philosophically. For example, eighteenth-century democracy was designed under the assumption that travel and communications were both hard...

How to Leak to a Journalist

Neiman Lab has some good advice on how to leak a story to a journalist.

Tired of unsolicited nude pics? Google's new safety feature can help - how it works

The Sensitive Content Warnings feature shields you from images in Google Messages that may contain nudity and lets you easily block numbers - but you'll need to enable it.

New Google email scams are alarmingly convincing - how to spot them

Until Google rolls out a fix, you'll have to be on the lookout for this particularly convincing phishing scam.

I found the 15 best Mother's Day gifts for tech-loving moms

Forget flowers -- these top gadgets from smart rings to sleep gear will make the perfect gift for mom, no matter how tech-savvy she is (or isn't).

I found an AirTag alternative that beats Apple's model with one major safety feature

The new Chipolo Pop trackers can help you find your keys and phone and even take selfies.

I dropped a brick on this powerbank and it was unscathed. Here's my proof

The Poseidon Pro is a 10,000mAh power bank that shrugs off abuse that would destroy other tech, including full submersion, 50-foot drops, even explosives.

This $13 multitool is one of the best sellers on Amazon. Here's my verdict after a week of testing

The Amazon Basics 15-in-1 multitool has racked up thousands of positive reviews, so I put it to the ultimate test.

The best VPNs for Canada in 2025: Expert tested

Find the top VPN for Canada, with lightning-fast speeds across major cities and remote provinces, while maintaining impregnable security and online privacy.

The best Samsung tablets of 2025: Expert tested and reviewed

Looking beyond the iPad? We put Samsung's best tablets to the test featuring expandable storage, S Pen compatibility, and Android operating systems.

I switched to a color E Ink tablet for months, and it beats the ReMarkable in key ways

The Boox Note Air 4C tablet lets me replace my e-reader, notebook, calendar, and bullet journal with a single device.

NymVPN: Introducing a security-first decentralized VPN with a Mixnet flair

It's not often we see a VPN developed as more than just a way to hide your IP address and give you some online protection against tracking. So how does the open-source, Mixnet-based NymVPN project stack up?

7 simple things I always do on Android to protect my privacy - and why you should too

Your personal information is highly valuable to many threat actors. Here's how to keep it safe.

The Google TV Streamer pleasantly surprised this extreme cord cutter - and it's cheaper than ever

Whether you're upgrading an older setup or transforming a regular TV into a smart one, the Google TV Streamer is the best streaming device Android users can get.

The best noise-canceling earbuds of 2025: Expert tested and reviewed

Silence the world around you with the best noise-canceling earbuds from brands like Bose, Sony, and Apple.

This 360-degree camera is my ultimate travel accessory - with AI features that creatives would want

Insta360 continues to update its great 360-degree cameras offering an all-around great vlogging tool.

1Password extends enterprise credential management beyond humans to AI agents

The technology company has introduced three new agentic AI capabilities to its security platform. Here's what those additions mean for IT professionals.

My favorite electric screwdriver manufacturer just released the ultimate toolkit for tinkerers

Hoto's Snapbloq toolkits, which include a precision screwdriver set, a mini cordless rotary toolkit, and a mini drill pen kit, are on sale now as a bundle.

This Garmin smartwatch is the model I recommend to most people. Here's why

The Vivoactive 6 hits all the right notes with its sleek, compact design, vibrant AMOLED display, and deep integration with Garmin's robust ecosystem.

3 clever ChatGPT tricks that prove it's still the AI to beat

OpenAI's been busy adding some seriously cool features to ChatGPT recently to take it to the next level. Here are a few I love.

OpenAI's most capable models hallucinate more than earlier ones

Researchers say the hallucinations make o3 'less useful'.

These backyard solar panels are saving me $30 a month - Here's how

The EcoFlow 125W portable solar panels come in a four-pack for up to 500W capacity. The best part? They're lightweight and modular.

Cloud Data Security Play Sentra Raises $50 Million Series B

Sentra has now raised north of $100 million for controls technology to keep sensitive data out of misconfigured AI workflows.

The post Cloud Data Security Play Sentra Raises $50 Million Series B  appeared first on SecurityWeek.

Industry Moves for the week of April 21, 2025 - SecurityWeek

Explore industry moves and significant changes in the industry for the week of April 21, 2025. Stay updated with the latest industry trends and shifts.

DataKrypto Launches Homomorphic Encryption Framework to Secure Enterprise AI Models

DataKrypto’s FHEnom for AI combines real-time homomorphic encryption with trusted execution environments to protect enterprise data and models from leakage, exposure, and tampering.

The post DataKrypto Launches Homomorphic Encryption Framework to Secure Enterprise AI Models appeared first on SecurityWeek.

Cyberattack Knocks Texas City’s Systems Offline

The city of Abilene, Texas, is scrambling to restore systems that have been taken offline in response to a cyberattack.

The post Cyberattack Knocks Texas City’s Systems Offline appeared first on SecurityWeek.

SSL.com Scrambles to Patch Certificate Issuance Vulnerability

A vulnerability in SSL.com has resulted in nearly a dozen certificates for legitimate domains being wrongly issued.

The post SSL.com Scrambles to Patch Certificate Issuance Vulnerability  appeared first on SecurityWeek.

Open Source Security Firm Hopper Emerges From Stealth With $7.6M in Funding

Hopper has emerged from stealth mode with a solution designed to help organizations manage open source software risk.

The post Open Source Security Firm Hopper Emerges From Stealth With $7.6M in Funding appeared first on SecurityWeek.

Many Malware Campaigns Linked to Proton66 Network

Security researchers detail various malware campaigns that use bulletproof services linked to Proton66 ASN.

The post Many Malware Campaigns Linked to Proton66 Network appeared first on SecurityWeek.

Legacy Google Service Abused in Phishing Attacks

A sophisticated phishing campaign abuses weakness in Google Sites to spoof Google no-reply addresses and bypass protections.

The post Legacy Google Service Abused in Phishing Attacks appeared first on SecurityWeek.

UN Researchers Warn That Asian Scam Operations Are Spreading Across the Rest of the World

Transnational organized crime groups in East and Southeast Asia are spreading their lucrative scam operations across the globe, according to a UN report.

The post UN Researchers Warn That Asian Scam Operations Are Spreading Across the Rest of the World appeared first on SecurityWeek.

Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000

Bell Ambulance and Alabama Ophthalmology Associates have suffered data breaches affecting over 100,000 people after being targeted in ransomware attacks.

The post Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000 appeared first on SecurityWeek.

Microsoft Purges Dormant Azure Tenants, Rotates Keys to Prevent Repeat Nation-State Hack

Microsoft security chief Charlie Bell says the SFI's 28 objectives are “near completion” and that 11 others have made “significant progress.”

The post Microsoft Purges Dormant Azure Tenants, Rotates Keys to Prevent Repeat Nation-State Hack  appeared first on SecurityWeek.

UN says Asian scam call center epidemic expanding globally amid political heat

What used to be a serious issue mainly in Southeast Asia is now the world’s problem

Scam call centers are metastasizing worldwide "like a cancer," according to the United Nations, which warns the epidemic has reached a global inflection point as syndicates scale up and spread out.…

Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps

10 other certificates 'were mis-issued and have now been revoked'

Certificate issuer SSL.com’s domain validation system had an unfortunate bug that was exploited by miscreants to obtain, without authorization, digital certs for legit websites.…

Today's LLMs craft exploits from patches at lightning speed

Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours

The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours, thanks to generative AI models.…

Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days

It's now hitting govt, enterprise targets

On March 11 - Patch Tuesday - Microsoft rolled out its usual buffet of bug fixes. Just eight days later, miscreants had weaponized one of the vulnerabilities, using it against government and private sector targets in Poland and Romania.…

Hacking US crosswalks to talk like Zuck is as easy as 1234

AI-spoofed Mark joins fellow billionaires as the voice of the street – here's how it was probably done

Video  Crosswalk buttons in various US cities were hijacked over the past week or so to – rather than robotically tell people it's safe to walk or wait – instead emit the AI-spoofed voices of Jeff Bezos, Elon Musk, and Mark Zuckerberg.…

Dems fret over DOGE feeding sensitive data into random AI

Using LLMs to pick programs, people, contracts to cut is bad enough – but doing it with Musk's Grok? Yikes

A group of 48 House Democrats is concerned that Elon Musk's cost-trimmers at DOGE are being careless in their use of AI to help figure out where to slash, creating security risks and giving the oligarch's artificial intelligence lab an inside track to train its models on government info.…

Oracle hopes talk of cloud data theft dies off. CISA just resurrected it for Easter

Some in the infosec world definitely want to see Big Red crucified

CISA – the US government's Cybersecurity and Infrastructure Security Agency – has issued an alert for those who missed Oracle grudgingly admitting some customer data was stolen from the database giant's public cloud infrastructure.…

CVE fallout: The splintering of the standard vulnerability tracking system has begun

MITRE, EUVD, GCVE … WTF?

Comment  The splintering of the global system for identifying and tracking security bugs in technology products has begun.…

Krebs throws himself on the grenade, resigns from SentinelOne after Trump revokes clearances

Illegitimi non carborundum? Nice password, Mr Ex-CISA

Chris Krebs, the former head of the US Cybersecurity and Infrastructure Security Agency (CISA) and a longtime Trump target, has resigned from SentinelOne following a recent executive order that targeted him and revoked the security clearances of everybody at the company.…

Brit soldiers tune radio waves to fry drone swarms for pennies

Truck-mounted demonstration weapon costs 10p a pop, says MOD

British soldiers have successfully taken down drones with a radio-wave weapon.…

Whistleblower describes DOGE IT dept rampage at America's labor watchdog

Ignored infosec rules, exfiltrated data … then the mysterious login attempts from a Russian IP address began – claim

Democratic lawmakers are calling for an investigation after a tech staffer at the US National Labor Relations Board (NLRB) blew the whistle on the cost-trimming DOGE's activities at the employment watchdog – which the staffer claims included being granted superuser status in contravention of standard operating procedures, exfiltrating data, and seemingly leaking credentials to someone with a Russian IP address.…

Free Blue Screens of Death for Windows 11 24H2 users

Microsoft rewards those who patch early with bricks hurled through its operating system

Keeping with its rich history of updates that break Windows in unexpected ways, Microsoft has warned that two recent patches for Windows 11 24H2 are triggering blue screen crashes.…

Signalgate chats vanish from CIA chief phone

Extraordinary rendition of data, or just dropped it out of a helicopter?

CIA Director John Ratcliffe's smartphone has almost no trace left of the infamous Signalgate chat – the one in which he and other top US national security officials discussed a secret upcoming military operation in a group Signal conversation a journalist was inadvertently added to.…

Identifying the cyber risks that matter

From noise to clarity: Why CISOs are shifting to adversarial exposure validation

Partner content  A vast majority of security teams are overwhelmed by the large number of security alerts and vulnerabilities.…

CVE program gets last-minute funding from CISA – and maybe a new home

Uncertainty is the new certainty

In an 11th-hour reprieve, the US government last night agreed to continue funding the globally used Common Vulnerabilities and Exposures (CVE) program.…

Law firm 'didn't think' data theft was a breach, says ICO. Now it's nursing a £60K fine

DPP Law is appealing against data watchdog's conclusions

A law firm is appealing against a £60,000 fine from the UK's data watchdog after 32 GB of personal information was stolen from its systems.…

Russians lure European diplomats into malware trap with wine-tasting invite

Vintage phishing varietal has improved with age

Russia never stops using proven tactics, and its Cozy Bear, aka APT 29, cyber-spies are once again trying to lure European diplomats into downloading malware with a phony invitation to a lux event.…

Guess what happens when ransomware fiends find 'insurance' 'policy' in your files

It involves a number close to three or six depending on the pickle you're in

Ransomware operators jack up their ransom demands by a factor of 2.8x if they detect a victim has cyber-insurance, a study highlighted by the Netherlands government has confirmed.…

Uncle Sam kills funding for CVE program. Yes, that CVE program

Because vulnerability management has nothing to do with national security, right?

Updated  US government funding for the world's CVE program – the centralized Common Vulnerabilities and Exposures database of product security flaws – ends Wednesday.…

Now 1.6M people had SSNs, life chapter and verse stolen from insurance IT biz

800K? Make that double, and we'll need a double, too, for the pain

A Texas firm that provides backend IT and other services for American insurers has admitted twice as many people had their info stolen from it than previously disclosed.…

4chan, the 'internet’s litter box,' appears to have been pillaged by rival forum

Source code, moderator info, IP addresses, more allegedly swiped and leaked

Thousands of 4chan users reported outages Monday night amid rumors on social media that the edgy anonymous imageboard had been ransacked by an intruder, with someone on a rival forum claiming to have leaked its source code, moderator identities, and users' IP addresses.…

China names alleged US snoops over Asian Winter Games attacks

Beijing claims NSA went for gold in offensive cyber, got caught in the act

China's state-run press has taken its turn in trying to highlight alleged foreign cyber offensives, accusing the US National Security Agency of targeting the 2025 Asian Winter Games.…

All right, you can have one: DOGE access to Treasury IT OK'd judge

Login green-lit for lone staffer if he’s trained, papered up, won’t pull an Elez

A federal judge has partly lifted an injunction against Elon Musk's Trump-blessed cost-trimming DOGE unit, allowing one staff member to access sensitive US Treasury payment systems. This access includes personally identifiable financial information tied to millions of Americans.…

Chinese snoops use stealth RAT to backdoor US orgs – still active last week

Let the espionage and access resale campaigns begin (again)

A cyberspy crew or individual with ties to China's Ministry of State Security has infected global organizations with a remote access trojan (RAT) that's "even better" than Cobalt Strike, using this stealthy backdoor to enable its espionage and access resale campaigns.…

ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK?

Stopping users shooting themselves in the foot with last century's tech

Microsoft has twisted the knife into ActiveX once again, setting Microsoft 365 to disable all controls without so much as a prompt.…

Where it Hertz: Customer data driven off in Cleo attacks

Car hire biz takes your privacy seriously, though

Car hire giant Hertz has confirmed that customer information was stolen during the zero-day data raids on Cleo file transfer products last year.…

EU gives staff 'burner phones, laptops' for US visits

That would put America on the same level as China for espionage

The European Commission is giving staffers visiting the US on official business burner laptops and phones to avoid espionage attempts, according to the Financial Times.…

Don't delete that mystery empty folder. Windows put it there as a security fix

Copilot vibe coding for OS development? Why not

Canny Windows users who've spotted a mysterious folder on hard drives after applying last week's security patches for the operating system can rest assured – it's perfectly benign. In fact, it's recommended you leave the directory there.…

New SSL/TLS certs to each live no longer than 47 days by 2029

IT admins, get ready to grumble

CA/Browser Forum – a central body of web browser makers, security certificate issuers, and friends – has voted to cut the maximum lifespan of new SSL/TLS certs to just 47 days by March 15, 2029.…

Cyber congressman demands answers before CISA gets cut down to size

What's the goal here, Homeland Insecurity or something?

As drastic cuts to the US govt's Cybersecurity and Infrastructure Security Agency loom, Rep Eric Swalwell (D-CA), the ranking member of the House's cybersecurity subcommittee, has demanded that CISA brief the subcommittee "prior to any significant changes to CISA's workforce or organizational structure."…

Official abuse of state security has always been bad, now it's horrifying

UK holds onto oversight by a whisker, but it's utterly barefaced on the other side of the pond

Opinion  The UK government's attempts to worm into Apple's core end-to-end encryption were set back last week when the country's Home Office failed in its bid to keep them secret on national security grounds.…

CIO and digi VP to depart UK retail giant Asda as Walmart divorce woes settle

Brit retailer says troubled breakup with tech platform of former US owner nearing conclusion

Exclusive  Two of the top team behind Asda's £1 billion ($1.31 billion) tech divorce from US retail giant Walmart — which has seen a number of setbacks — are departing the company.…

Old Fortinet flaws under attack with new method its patch didn't prevent

PLUS: Chinese robodogs include backdoor; OpenAI helps spammer; A Dutch data disaster; And more!

Infosec In Brief  Fortinet last week admitted that attackers have found new ways to exploit three flaws it thought it had fixed last year.…

China reportedly admitted directing cyberattacks on US infrastructure

PLUS: India's new electronics subsidies; Philippines unplugs a mobile carrier; Alibaba Cloud expands

Asia In Brief  Chinese officials admitted to directing cyberattacks on US infrastructure at a meeting with their American counterparts, according to The Wall Street Journal.…

Hacktivism resurges – but don't be fooled, it's often state-backed goons in masks

Military units, government nerds appear to join the fray, with physical infra in sights

Feature  From triggering a water tank overflow in Texas to shutting down Russian state news services on Vladimir Putin's birthday, self-styled hacktivists have been making headlines.…

LLMs can't stop making up software dependencies and sabotaging everything

Hallucinated package names fuel 'slopsquatting'

The rise of LLM-powered code generation tools is reshaping how developers write software - and introducing new risks to the software supply chain in the process.…

Microsoft total recalls Recall totally to Copilot+ PCs

Redmond hopes you’ve forgotten or got over why everyone hated it the first time

After temporarily shelving its controversial Windows Recall feature amid a wave of backlash, Microsoft is back at it - now quietly slipping the screenshotting app into the Windows 11 Release Preview channel for Copilot+ PCs, signaling its near-readiness for general availability.…

Ransomware crims hammering UK more than ever as British techies complain the board just doesn't get it

Issues at the very top continue to worsen

The UK government's latest annual data breach survey shows the number of ransomware attacks on the isles is on the increase – and many techies are forced to constantly informally request company directors for defense spending because there's no security people on the board.…

Ex-Meta exec tells Senate Zuck dangled US citizen data in bid to enter China

Former policy boss claims Facebook cared little about national security as it chased the mighty Yuan

Facebook's former director of global public policy told a Senate committee that Meta CEO Mark Zuckerberg was willing to do almost anything to get the social network into China - including, she alleged, offering up Americans' data.…

US sensor giant Sensata admits ransomware derailed ops

Props for the transparency though

US sensor maker Sensata has told regulators that a ransomware attack caused an operational disruption, and that it's still working to fully restore affected systems.…

Infosec experts fear China could retaliate against tariffs with a Typhoon attack

Scammers are already cashing in with fake invoices for import costs

World War Fee  As the trade war between America and China escalates, some infosec and policy experts fear Beijing will strike back in cyberspace.…

Europol: Five pay-per-infect suspects cuffed, some spill secrets to cops

Officials teased more details to come later this year

Following the 2024 takedown of several major malware operations under Operation Endgame, law enforcement has continued its crackdown into 2025, detaining five individuals linked to the Smokeloader botnet.…

The Reg translates the letter in which Oracle kinda-sorta tells customers it was pwned

TL;DR: Move along, still nothing to see here - an idea that leaves infosec pros aghast

Oracle's letter to customers about an intrusion into part of its public cloud empire - while insisting Oracle Cloud Infrastructure was untouched - has sparked a mix of ridicule and outrage in the infosec community.…

Trump kills clearances for infosec's SentinelOne, ex-CISA boss Chris Krebs

Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories

Updated  The Trump administration on Wednesday ordered a criminal investigation into alleged censorship conducted by the USA’s Cybersecurity and Infrastructure Security Agency, aka CISA, plus revocation of any security clearances held by the agency's ex-head Chris Krebs and anyone else at SentinelOne, the cybersecurity company where he now works.…

April's Patch Tuesday leaves unlucky Windows Hello users unable to login

Can't Redmond ask its whizz-bang Copilot AI to fix it?

Updated  Those keen to get their Microsoft PCs patched up as soon as possible have been getting an unpleasant shock when they try to get in using Windows Hello.…

Wyden blocks Trump's CISA boss nominee, blames cyber agency for 'actively hiding info' about telecom insecurity

It worked for in 2018 with Chris Krebs. Will it work again?

Uncle Sam's Cybersecurity and Infrastructure Security Agency, aka CISA, has been "actively hiding information" about American telecommunications networks' weak security for years, according to Senator Ron Wyden.…

Someone compromised US bank watchdog to access sensitive financial files

OCC mum on who broke into email, but Treasury fingered China in similar hack months ago

A US banking regulator says sensitive financial oversight data was accessed by one or more system intruders for more than a year in what's been described as "a major information security incident."…

Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz

How Chocolate Factory hopes to double down on enterprise-sec

Cloud Next  Google will today reveal a new unified security platform that analysts think can help it battle Microsoft for a bigger chunk of the enterprise infosec market.…

Pharmacist accused of using webcams to spy on women in intimate moments at work, home

Lawsuit claims sick cyber-voyeurism went undetected for years, using hundreds of PCs, due to lax infosec

A now-former pharmacist at the University of Maryland Medical Center (UMMC) has been accused of compromising the US healthcare organization's IT systems to ogle female clinicians using webcams at their workplace and at their homes.…

Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug

A novel way to encourage upgrades? Microsoft would never stoop so low

Patch Tuesday  Patch Tuesday has arrived, and Microsoft has revealed one flaw in its products under active exploitation and 11 critical issues in its code to fix.…

SuperCard X Enables Contactless ATM Fraud in Real-Time

A new malware campaign utilizing NFC-relay techniques has been identified carrying out unauthorized transactions through POS systems and ATMs

Billbug Espionage Group Deploys New Tools in Southeast Asia

Billbug, a China-linked espionage group, has been observed targeting critical sectors in Southeast Asia with new tools

New Cryptojacking Malware Targets Docker with Novel Mining Technique

Darktrace and Cado said the new campaign highlights a shift towards alternative methods of mining cryptocurrencies

Scalllywag Ad Fraud Network Generates 1.4 Billion Bid Requests Daily

Security firm Human lifts the lid on prolific new ad fraud scheme dubbed “scallywag”

$40bn Southeast Asian Scam Sector Growing “Like a Cancer”

The UN has warned that Southeast Asian fraud groups are expanding their operations

Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure

Russian state actor Midnight Blizzard is using fake wine tasting events as a lure to spread malware for espionage purposes, according to Check Point

NTLM Hash Exploit Targets Poland and Romania Days After Patch

An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild

Senators Urge Cyber-Threat Sharing Law Extension Before Deadline

Bipartisan support grows in Congress to extend Cybersecurity Information Sharing Act for 10 years

Identity Attacks Now Comprise a Third of Intrusions

IBM warns of infostealer surge as attackers automate credential theft and adopt AI to generate highly convincing phishing emails en masse

Microsoft Thwarts $4bn in Fraud Attempts

Microsoft has blocked fraud worth $4bn as threat actors ramp up AI use

CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension

MITRE will be able to keep running the CVE program for at least the next 11 months

Network Edge Devices the Biggest Entry Point for Attacks on SMBs

Sophos found that compromise of network edge devices, such as VPN appliances, accounted for 30% of incidents impacted SMBs in 2024

54% of tech hiring managers expect layoffs in 2025

54% of tech hiring managers say their companies are likely to conduct layoffs within the next year, and 45% say employees whose roles can be replaced by AI are most likely to be let go, according to a new study by General Assembly. “We’re on the precipice of an unprecedented skills crisis,” said Daniele Grassi, CEO of General Assembly. “Businesses are ramping up AI investments and reducing headcount in the name of productivity, but they … More →

The post 54% of tech hiring managers expect layoffs in 2025 appeared first on Help Net Security.

Perforce Puppet update accelerates vulnerability remediation

Perforce Software announced its latest platform update for Puppet Enterprise Advanced, designed to streamline DevSecOps practices and fortify enterprise security postures. This release incorporates more advanced and proactive remediation options, allowing organizations to accelerate their response to security vulnerabilities by fostering greater collaboration between platform and security teams. A 2024 study by Statista reported that the average age of cyber vulnerabilities is 229 days, leaving companies and their customers vulnerable to security breaches and being … More →

The post Perforce Puppet update accelerates vulnerability remediation appeared first on Help Net Security.

Ketch Data Sentry uncovers hidden privacy risks

Ketch launched Data Sentry, a frontend data map for detecting website privacy risks. Designed for privacy and security teams, Data Sentry provides real-time visibility into website data flows—pinpointing hidden vulnerabilities before they lead to lawsuits or regulatory action. Most businesses lack visibility into the total scope of data collection happening on their websites and digital properties. Hundreds of demand letters are sent each month by plaintiffs’ attorneys, alleging violations of laws such as the California … More →

The post Ketch Data Sentry uncovers hidden privacy risks appeared first on Help Net Security.

Proofpoint Prime unifies multistage attack protection across digital channels

Proofpoint has unveiled the global availability of Proofpoint Prime Threat Protection, the human-centric cybersecurity solution that brings together previously disparate critical threat defense capabilities—protection against multistage attacks across digital channels, impersonation protection, and risk-based employee guidance and education—in a single integrated solution. As organizations face an overwhelming array of fragmented, siloed and reactive cybersecurity tools, Proofpoint Prime is the integrated solution that unifies threat defense and human risk management into seamless workflows that span the … More →

The post Proofpoint Prime unifies multistage attack protection across digital channels appeared first on Help Net Security.

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)

There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All users running an SSH server based on the Erlang/OTP SSH library are likely to be affected by this vulnerability. If your application uses Erlang/OTP SSH to provide remote access, assume you are affected,” Ruhr University Bochum researchers, who discovered and reported the flaw, said. About CVE-2025-32433 Erlang/OTP SSH is a set of libraries … More →

The post PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) appeared first on Help Net Security.

Stellar Cyber boosts security operations with human-augmented Autonomous SOC

At the upcoming RSAC 2025 Conference in San Francisco, Stellar Cyber will unveil the next evolution of modern SecOps: the human-augmented Autonomous SOC, powered by its breakthrough Agentic AI framework. See the human-augmented Autonomous SOC in action at Booth 343 in the South Hall, or book a personalized demo here. See everything. Know everything. Act fast Security isn’t about man vs. machine—it’s about man with machine. Stellar Cyber’s new Autonomous SOC brings clarity to chaos … More →

The post Stellar Cyber boosts security operations with human-augmented Autonomous SOC appeared first on Help Net Security.

StrikeReady Security Command Center v2 accelerates threat response

For years, security teams have operated in reactive mode, contending with siloed tools, fragmented intelligence, and a never-ending backlog of alerts. Traditional Security Operations platforms were supposed to unify data and streamline response—but they often introduced their own complexity, requiring heavy customization and manual oversight. ‘Hyper automation’ delivered much of the same empty promises, leaving most security teams firefighting today’s incidents with limited bandwidth to proactively manage tomorrow’s risks. StrikeReady is introducing its next-generation Security Command … More →

The post StrikeReady Security Command Center v2 accelerates threat response appeared first on Help Net Security.

BigID unveils AI Privacy Risk Posture Management

BigID launched AI Privacy Risk Posture Management to help organizations manage data privacy risks across the AI lifecycle. With automated assessments and actionable privacy controls, BigID empowers enterprises to govern AI responsibly while staying ahead of fast-evolving regulations. As AI adoption accelerates, so do the risks. New frameworks like the EU AI Act, NIST AI RMF, and U.S. state-level laws are reshaping expectations around transparency, accountability, and privacy protections in AI systems. Organizations must now … More →

The post BigID unveils AI Privacy Risk Posture Management appeared first on Help Net Security.

CSI announces two AI-powered AML compliance and fraud detection solutions

CSI launched its AI-powered AML compliance and fraud detection solutions: TruDetect and TruProtect. The solutions are powered by DATASEERS, a data-driven B2B SaaS company specialized in harnessing data, automating manual processes and providing real-time insight for risk, fraud, compliance and operations. According to Celent, over 95% of AML alerts are false positives, leading to wasted time and inefficiency in investigations. AML analysts can also spend between 30 and 70 minutes per alert, according to a … More →

The post CSI announces two AI-powered AML compliance and fraud detection solutions appeared first on Help Net Security.

The legal blind spot of shadow IT

Shadow IT isn’t just a security risk, it’s a legal one. When teams use unsanctioned tools, they can trigger compliance violations, expose sensitive data, or break contracts. Let’s look at where the legal landmines are and what CISOs can do to stay ahead of them. Understanding the legal risks of shadow IT When employees use unapproved tools, they may inadvertently violate laws and regulations designed to protect sensitive information. For instance, the GDPR mandates strict … More →

The post The legal blind spot of shadow IT appeared first on Help Net Security.

CapCut copycats are on the prowl

Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead

They’re coming for your data: What are infostealers and how do I stay safe?

Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data

Attacks on the education sector are surging: How can cyber-defenders respond?

Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk?

Watch out for these traps lurking in search results

Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results

So your friend has been hacked: Could you be next?

When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe.

1 billion reasons to protect your identity online

Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t.

The good, the bad and the unknown of AI: A Q&A with Mária Bieliková

The computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us

This month in security with Tony Anscombe – March 2025 edition

From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news

Resilience in the face of ransomware: A key to business survival

Your company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage

Making it stick: How to get the most out of cybersecurity training

Security awareness training doesn’t have to be a snoozefest – games and stories can help instill ‘sticky’ habits that will kick in when a danger is near

RansomHub affiliates linked to rival RaaS gangs

ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions

FamousSparrow resurfaces to spy on targets in the US, Latin America

Once thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time

Shifting the sands of RansomHub’s EDRKillShifter

ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play

You will always remember this as the day you finally caught FamousSparrow

ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor

Operation FishMedley

ESET researchers detail a global espionage operation by FishMonger, the APT group run by I‑SOON

MirrorFace updates toolset, expands targeting to Europe

The group's Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo 2025 in Osaka, Japan, as a lure

Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor

ESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor

AI's biggest surprises of 2024 | Unlocked 403 cybersecurity podcast (S2E1)

Here's what's been hot on the AI scene over the past 12 months, how it's changing the face of warfare, and how you can fight AI-powered scams

When IT meets OT: Cybersecurity for the physical world

While relatively rare, real-world incidents impacting operational technology highlight that organizations in critical infrastructure can’t afford to dismiss the OT threat

Don’t let cybercriminals steal your Spotify account

Listen up, this is sure to be music to your ears – a few minutes spent securing your account today can save you a ton of trouble tomorrow

AI-driven deception: A new face of corporate fraud

Malicious use of AI is reshaping the fraud landscape, creating major new risks for businesses

Kids behaving badly online? Here's what parents can do

By taking time to understand and communicate the impact of undesirable online behavior, you can teach your kids an invaluable set of life lessons for a new digital age

Martin Rees: Post-human intelligence – a cosmic perspective | Starmus highlights

Take a moment to think beyond our current capabilities and consider what might come next in the grand story of evolution

Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani

Big shifts in the infostealer scene, novel attack vector against iOS and Android, and a massive surge in investment scams on social media

Bernhard Schölkopf: Is AI intelligent? | Starmus highlights

With AI's pattern recognition capabilities well-established, Mr. Schölkopf's talk shifts the focus to a pressing question: what will be the next great leap for AI?

This month in security with Tony Anscombe – February 2025 edition

Ransomware payments trending down, the cyber-resilience gap facing SMBs, and APT groups embracing generative AI – it's a wrap on another month filled with impactful security news

Laurie Anderson: Building an ARK | Starmus highlights

The pioneering multi-media artist reveals the creative process behind her stage show called ARK, which challenges audiences to reflect on some of the most pressing issues of our times

Fake job offers target software developers with infostealers

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers

DeceptiveDevelopment targets freelance developers

ESET researchers analyzed a campaign delivering malware bundled with job interview challenges

No, you’re not fired – but beware of job termination scams

Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff

Katharine Hayhoe: The most important climate equation | Starmus highlights

The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action

Gaming or gambling? Lifting the lid on in-game loot boxes

The virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down

What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)

Ever wondered what it's like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.

How AI-driven identify fraud is causing havoc

Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here's how to fight back

Neil Lawrence: What makes us unique in the age of AI | Starmus highlights

As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human?

Patch or perish: How organizations can master vulnerability management

Don’t wait for a costly breach to provide a painful reminder of the importance of timely software patching

Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights

Left unchecked, AI's energy and carbon footprint could become a significant concern. Can our AI systems be far less energy-hungry without sacrificing performance?

How scammers are exploiting DeepSeek's rise

As is their wont, cybercriminals waste no time launching attacks that aim to cash in on the frenzy around the latest big thing – plus, what else to know before using DeepSeek

This month in security with Tony Anscombe – January 2025 edition

DeepSeek’s bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacy

Untrustworthy AI: How to deal with data poisoning

You should think twice before trusting your AI assistant, as database poisoning can markedly alter its output – even dangerously so

Brian Greene: Until the end of time | Starmus highlights

The renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanity

Going (for) broke: 6 common online betting scams and how to avoid them

Don’t roll the dice on your online safety – watch out for bogus sports betting apps and other traps commonly set by scammers

The evolving landscape of data privacy: Key trends to shape 2025

Incoming laws, combined with broader developments on the threat landscape, will create further complexity and urgency for security and compliance teams

PlushDaemon compromises supply chain of Korean VPN service

ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon

Under lock and key: Protecting corporate data from cyberthreats in 2025

Data breaches can cause a loss of revenue and market value as a result of diminished customer trust and reputational damage

UEFI Secure Boot: Not so secure

ESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344

The story of a signed UEFI application allowing a UEFI Secure Boot bypass

Cybersecurity and AI: What does 2025 have in store?

In the hands of malicious actors, AI tools can enhance the scale and severity of all manner of scams, disinformation campaigns and other threats

Protecting children online: Where Florida’s new law falls short

Some of the state’s new child safety law can be easily circumvented. Should it have gone further?

Crypto is soaring, but so are threats: Here’s how to keep your wallet safe

As detections of cryptostealers surge across Windows, Android and macOS, it's time for a refresher on how to keep your bitcoin or other crypto safe

State-aligned actors are increasingly deploying ransomware – and that’s bad news for everyone

The blurring of lines between cybercrime and state-sponsored attacks underscores the increasingly fluid and multifaceted nature of today’s cyberthreats

AI moves to your PC with its own special hardware

Seeking to keep sensitive data private and accelerate AI workloads? Look no further than AI PCs powered by Intel Core Ultra processors with a built-in NPU.

Gary Marcus: Taming Silicon Valley | Starmus highlights

The prominent AI researcher explores the societal impact of artificial intelligence and outlines his vision for a future in which AI upholds human rights, dignity, and fairness

This month in security with Tony Anscombe – December 2024 edition

From attacks leveraging new new zero-day exploits to a major law enforcement crackdown, December 2024 was packed with impactful cybersecurity news

Chris Hadfield: The sky is falling – what to do about space junk? | Starmus highlights

The first Canadian to walk in space dives deep into the origins of space debris, how it’s become a growing problem, and how we can clean up the orbital mess

ESET Research Podcast: Telekopye, again

Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths'

Unwrapping Christmas scams | Unlocked 403 cybersecurity podcast (special edition)

ESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud

Cybersecurity is never out-of-office: Protecting your business anytime, anywhere

While you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of year

ESET Threat Report H2 2024: Key findings

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for staying secure in 2025

ESET Threat Report H2 2024

A view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Black Hat Europe 2024: Hacking a car – or rather, its infotainment system

Our ‘computers on wheels’ are more connected than ever, but the features that enhance our convenience often come with privacy risks in tow

Black Hat Europe 2024: Why a CVSS score of 7.5 may be a 'perfect' 10 in your organization

Aggregate vulnerability scores don’t tell the whole story – the relationship between a flaw’s public severity rating and the specific risks it poses for your company is more complex than it seems

Black Hat Europe 2024: Can AI systems be socially engineered?

Could attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally?

How cyber-secure is your business? | Unlocked 403 cybersecurity podcast (ep. 8)

As cybersecurity is a make-or-break proposition for businesses of all sizes, can your organization's security strategy keep pace with today’s rapidly evolving threats?

Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks

Buying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost

Philip Torr: AI to the people | Starmus highlights

We’re on the cusp of a technological revolution that is poised to transform our lives – and we hold the power to shape its impact

Achieving cybersecurity compliance in 5 steps

Cybersecurity compliance may feel overwhelming, but a few clear steps can make it manageable and ensure your business stays on the right side of regulatory requirements

Richard Marko: Rethinking cybersecurity in the age of global challenges | Starmus highlights

ESET's CEO unpacks the complexities of cybersecurity in today’s hyper-connected world and highlights the power of innovation in stopping digital threats in their tracks

Month in security with Tony Anscombe – November 2024 edition

Zero days under attack, a new advisory from 'Five Eyes', thousands of ICS units left exposed, and mandatory MFA for all – it's a wrap on another month filled with impactful cybersecurity news

Scams to look out for this holiday season

‘Tis the season to be wary – be on your guard and don’t let fraud ruin your shopping spree

Bootkitty marks a new chapter in the evolution of UEFI threats

ESET researchers make a discovery that signals a shift on the UEFI threat landscape and underscores the need for vigilance against future threats

Bootkitty: Analyzing the first UEFI bootkit for Linux

ESET researchers analyze the first UEFI bootkit designed for Linux systems

Firefox and Windows zero days chained to deliver the RomCom backdoor

The backdoor can execute commands and lets attackers download additional modules onto the victim’s machine, ESET research finds

RomCom exploits Firefox and Windows zero days in the wild

ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit

Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine

ESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, and to Project Wood

Kathryn Thornton: Correcting Hubble's vision | Starmus highlights

The veteran of four space missions discusses challenges faced by the Hubble Space Telescope and how human ingenuity and teamwork made Hubble’s success possible

My information was stolen. Now what?

The slow and painful recovery process

“Scam Likely” calls: What are they and how do I block them?

Tired of dodging all those 'Scam Likely' calls? Here's what’s behind the label and how to stay one step ahead of phone scammers.

ESET APT Activity Report Q2 2024–Q3 2024: Key findings

ESET Chief Security Evangelist Tony Anscombe highlights some of the most intriguing insights revealed in the latest ESET APT Activity Report

ESET Research Podcast: Gamaredon

ESET researchers introduce the Gamaredon APT group, detailing its typical modus operandi, unique victim profile, vast collection of tools and social engineering tactics, and even its estimated geolocation

Beats by bot: The AI remix revolution

Artificial intelligence is reshaping the music landscape, turning listeners into creators and sparking new debates over creativity, copyright, and the future of music

Beyond the checkbox: Demystifying cybersecurity compliance

In an era of escalating digital threats, cybersecurity compliance goes beyond ticking a legal box – it’s a crucial shield safeguarding assets, reputation, and the very survival of your business

Life on a crooked RedLine: Analyzing the infamous infostealer’s backend

Following the takedown of RedLine Stealer by international authorities, ESET researchers are publicly releasing their research into the infostealer’s backend modules

ESET APT Activity Report Q2 2024–Q3 2024

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2024 and Q3 2024

Jane Goodall: Reasons for hope | Starmus highlights

The trailblazing scientist shares her reasons for hope in the fight against climate change and how we can tackle seemingly impossible problems and keep going in the face of adversity

Month in security with Tony Anscombe – October 2024 edition

Election interference, American Water and the Internet Archive breaches, new cybersecurity laws, and more – October saw no shortage of impactful cybersecurity news stories

How to remove your personal information from Google Search results

Have you ever googled yourself? Were you happy with what came up? If not, consider requesting the removal of your personal information from search results.

Don't become a statistic: Tips to help keep your personal data off the dark web

You may not always stop your personal information from ending up in the internet’s dark recesses, but you can take steps to protect yourself from criminals looking to exploit it

Tony Fadell: Innovating to save our planet | Starmus highlights

As methane emissions come under heightened global scrutiny, learn how a state-of-the-art satellite can pinpoint their sources and deliver the insights needed for targeted mitigation efforts

CloudScout: Evasive Panda scouting cloud services

ESET researchers discovered a previously undocumented toolset used by Evasive Panda to access and retrieve data from cloud services

ESET Research Podcast: CosmicBeetle

Learn how a rather clumsy cybercrime group wielding buggy malicious tools managed to compromise a number of SMBs in various parts of the world

Embargo ransomware: Rock’n’Rust

Novice ransomware group Embargo is testing and deploying a new Rust-based toolkit

Google Voice scams: What are they and how do I avoid them?

Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers

Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe

The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year

Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)

“Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online – and even be the start of a predatory relationship

Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes

Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details

Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships

The world needs more cybersecurity professionals – here are three great ways to give you an ‘in’ to the ever-growing and rewarding security industry

GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe

ESET research dives deep into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities

Telekopye transitions to targeting tourists via hotel booking scam

ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms

Cyber insurance, human risk, and the potential for cyber-ratings

Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people’s financial responsibility?

Building a Smarter, Safer Grid with IEEE 2030.5 and Certificate Lifecycle Management Automation

The renewable energy landscape is evolving fast—bringing smarter, more sustainable ways to generate, distribute, and use power. At the heart of this transformation is a lesser-known but vital standard: IEEE 2030.5—a foundational protocol that helps smart energy devices and the power grid communicate safely and reliably. Dive into this blog for a breakdown of what […]

The post Building a Smarter, Safer Grid with IEEE 2030.5 and Certificate Lifecycle Management Automation appeared first on Security Boulevard.

A Comparative Analysis of Anthropic’s Model Context Protocol and Google’s Agent-to-Agent Protocol

As AI agents transform enterprise technology, two critical protocols are emerging as industry standards: Anthropic's MCP for connecting AI to data sources and Google's A2A for agent collaboration. This analysis breaks down how these frameworks will define the future of integrated AI systems.

The post A Comparative Analysis of Anthropic’s Model Context Protocol and Google’s Agent-to-Agent Protocol appeared first on Security Boulevard.

1Password Extends Reach of IAM Platform to AI Agents and Unmanaged Devices

1Password today extended the reach of its Extended Access Management (XAM) platform to include an ability to secure artificial intelligence (AI) agents.

The post 1Password Extends Reach of IAM Platform to AI Agents and Unmanaged Devices appeared first on Security Boulevard.

Augmented, Not Replaced – Humans Outpace AI in Simbian’s SOC Hackathon Championship – Results and Winners Announced!

Simbian's industry-first AI SOC Hackathon Championship has concluded, bringing with it an exciting glimpse into the future of cybersecurity operations.

The post Augmented, Not Replaced – Humans Outpace AI in Simbian’s SOC Hackathon Championship – Results and Winners Announced! appeared first on Security Boulevard.

ConfusedComposer: A Privilege Escalation Vulnerability Impacting GCP Composer

Tenable Research discovered a privilege-escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ConfusedComposer. The vulnerability could have allowed an identity with permission (composer.environments.update) to edit a Cloud Composer environment to escalate privileges to the default Cloud Build service account. The default Cloud Build service account includes permissions to Cloud Build itself, as well as to Cloud Storage, Artifact Registry, and more.

What are Cloud Composer and Cloud Build?

Cloud Composer is a fully managed workflow-orchestration service in GCP based on Apache Airflow that is used for scheduling and automating data pipelines.

Cloud Build is a fully managed continuous integration and delivery (CI/CD) service in GCP that builds, tests and deploys applications and containers at scale.

Cloud Composer uses Cloud Build to build packages, and that is exactly where attackers could have abused the process to escalate privileges.

ConfusedComposer vulnerability details

Cloud Composer allows users to install custom PyPI packages in their environments. However, this functionality introduced a privilege escalation vulnerability due to how Composer interacts with Cloud Build. When a user specifies a custom PyPI package, Composer initiates a behind-the-scenes build process, and the Cloud Composer service account automatically provisions a Cloud Build instance in the user's project. This instance is attached to the default Cloud Build service account, a highly privileged identity with broad permissions to GCP services including to Cloud Build itself, as well as to Cloud Storage, Artifact Registry or Container Registry, and more. (Click here to learn more about the default Cloud Build service account permissions).

An attacker with the composer.environments.update permission could have abused the Cloud Composer service orchestration process to escalate privileges. The attack would have been executed by injecting an attacker-controlled malicious PyPI package into the victim’s Composer custom-package configuration: 

When Cloud Build installs this package in an attempt to build the environment, it uses Pip. 

But how would one have executed remote code by adding a package to the Composer service? Turns out that Pip automatically runs pre- and post-package installation scripts. This would have allowed an attacker to execute arbitrary code within the correlated Cloud Build environment by using installation scripts inside their malicious package, despite lacking direct control over Composer’s underlying service account. 

The privilege escalation would have occurred when an attacker injected code that accessed the Cloud Build’s metadata API. Because the build instance runs with the default Cloud Build service account, an attacker could have extracted and exfiltrated its token. With this token, the attacker would have gained control over a privileged service account, allowing further escalation across the victim’s GCP project. This attack was particularly dangerous because the attacker did not need direct access to the Composer’s service account or to Cloud Build’s service account—only the ability to update a Composer environment. By simply adding a PyPI package to Composer, they could have manipulated the trusted automation pipeline to escalate privileges beyond their original access level. To clarify the impact of the now-fixed vulnerability: gaining full ownership of the project from the default Cloud Build service account was well within reach. 

The vulnerability fix and extra steps taken by GCP to enhance overall security

Previously, during update operations to perform PyPI module installations, Composer used the Cloud Build service account, which might have had broader permissions than the user performing the operation. After implementing the fix, Composer stopped using the Cloud Build service account and instead will use the Composer environment service account for performing PyPI module installations.

The fix has been rolled out to new Composer instances already (rel. notes), and existing instances should be updated to exhibit this behavior by April 2025 (rel. notes).

In addition, our findings led GCP to update parts of Composer’s documentation, such as the sections on Access Control, Installing Python Dependencies and Accessing the Airflow CLI.

A new attack class: Following the ConfusedFunction vulnerability

The ConfusedComposer privilege-escalation vulnerability in GCP builds upon a broader attack class of vulnerabilities in cloud services that we call "Jenga®" . This attack vector is a variant of ConfusedFunction, another GCP privilege-escalation vulnerability we discovered last year, and exploits the somewhat-hidden cloud provider misconfigurations related to cloud services permissions to escalate privileges beyond intended access levels. This variant highlights how attackers can abuse interconnected services the cloud provider automatically deploys behind the scenes, as part of a service-orchestration process.

(JENGA® is a registered trademark owned by Pokonobe Associates.)

The post ConfusedComposer: A Privilege Escalation Vulnerability Impacting GCP Composer appeared first on Security Boulevard.

Beyond Firewalls: Why Phishing Demands a People-First, Trust-Centric Response

Phishing attacks are not only more frequent but also more sophisticated, leveraging AI to craft highly convincing messages that bypass traditional security measures.​ 

The post Beyond Firewalls: Why Phishing Demands a People-First, Trust-Centric Response  appeared first on Security Boulevard.

Survey Surfaces Challenges Securing SaaS Applications

A survey of 420 responses from IT and security professionals finds 86% now view securing software-as-a-service (SaaS) applications as a top priority, with more than three-quarters (76%) having increased budget allocations.

The post Survey Surfaces Challenges Securing SaaS Applications appeared first on Security Boulevard.

COGNNA Adds AI Agents to SOC Platform

COGNNA today unveiled a security operations center (SOC) platform infused with artificial intelligence (AI) agents trained to detect, analyze and respond to threats in a way that promises to dramatically reduce alert fatigue.

The post COGNNA Adds AI Agents to SOC Platform appeared first on Security Boulevard.

Morphing Meerkat Phishing Kit: A Deep Dive into Its Threats & Tactics

Discover how the Morphing Meerkat phishing kit powers phishing-as-a-service (PhaaS) attacks, evades detection, and how you can detect and stop it.

The post Morphing Meerkat Phishing Kit: A Deep Dive into Its Threats & Tactics appeared first on Security Boulevard.

The Expand, Enhance, Expire (3E Framework) for Successful Product Innovation

Product leaders often think about growth in a linear fashion — more features, more markets, more users. But true innovation requires a more strategic and...Read More

The post The Expand, Enhance, Expire (3E Framework) for Successful Product Innovation appeared first on ISHIR | Software Development India.

The post The Expand, Enhance, Expire (3E Framework) for Successful Product Innovation appeared first on Security Boulevard.

Cookie-Bite attack PoC uses Chrome extension to steal session tokens

A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams. [...]

Microsoft Entra account lockouts caused by user token logging mishap

Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. [...]

WordPress ad-fraud plugins generated 1.4 billion ad requests per day

A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests. [...]

Phishers abuse Google OAuth to spoof Google in DKIM replay attack

In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google's systems, passing all verifications but pointing to a fraudulent page that collected logins. [...]

State-sponsored hackers embrace ClickFix social engineering tactic

ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia utilizing the tactic to breach networks. [...]

Widespread Microsoft Entra lockouts tied to new security feature rollout

Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app called MACE. [...]

New Android malware steals your credit cards for NFC relay attacks

A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data. [...]

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now

Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. [...]

Google Gemini AI is getting ChatGPT-like Scheduled Actions feature

Google Gemini is testing a ChatGPT-like scheduled tasks feature called "Scheduled Actions," which will allow you to create tasks that Gemini will execute later. [...]

Interlock ransomware gang pushes fake IT tools in ClickFix attacks

The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. [...]

OpenAI details ChatGPT-o3, o4-mini, o4-mini-high usage limits

OpenAI has launched three new reasoning models - o3, o4-mini, and o4-mini-high for Plus and Pro subscribers, but as it turns out, these models do not offer 'unlimited' usage. [...]

FBI: Scammers pose as FBI IC3 employees to 'help' recover lost funds

The FBI warns that scammers posing as FBI IC3 employees are offering to "help" fraud victims recover money lost to other scammers. [...]

A 25-year-old police drone founder just raised $75M led by Index

If you ever call 911 from an area that’s hard to get to, you might hear the buzz of a drone well before a police cruiser pulls up. And there’s a good chance that it will be one made by Brinc Drones, a Seattle-based startup founded by 25-year-old Blake Resnick, who dropped out of college […]

A new security fund opens up to help protect the fediverse

A new security fund aims to help apps in the fediverse — like Mastodon, Threads, and Pixelfed — to pay researchers for disclosing security bugs.

How to tell if your online accounts have been hacked

This is a guide on how to check whether someone compromised your online accounts.

Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems

Threat intelligence startup GreyNoise says it has observed a ‘notable resurgence’ in attack activity

US teachers’ union says hackers stole sensitive personal data on over 500,000 members

PSEA says it "took steps to ensure" its stolen data was deleted, suggesting a ransom demand was paid

CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’

Federal court rules U.S. cybersecurity agency must re-hire over 100 former employees

DOGE axes CISA ‘red team’ staffers amid ongoing federal cuts

Affected staff say more than 100 employees working to protect U.S. government networks were ‘axed’ with no prior warning

What PowerSchool won’t say about its data breach affecting millions of students

New details have emerged about PowerSchool's data breach — but here's what PowerSchool still isn't saying.

Hacker accessed PowerSchool’s network months before massive December breach

CrowdStrike says a hacker had access to PowerSchool's internal system as far back as August.

Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations

Unidentified hackers breached NTT Com’s network to steal personal information of employees at thousands of corporate customers

FBI says scammers are targeting US executives with fake BianLian ransom notes

The FBI is warning that scammers are impersonating the BianLian ransomware gang using fake ransom notes sent to U.S. corporate executives. The fake ransom notes, first reported by U.S. cybersecurity company GuidePoint Security, claim that hackers have gained access to an organization’s network to steal sensitive data, and threaten to publish the stolen data unless […]

UK quietly scrubs encryption advice from government websites

The UK is no longer recommending the use of encryption for at-risk groups following its iCloud backdoor demands

Broadcom urges VMware customers to patch ‘emergency’ zero-day bugs under active exploitation

Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape

US said to halt offensive cyber operations against Russia

The reported policy shift comes as the U.S. government signals a change in its threat assessment of Russia

‘Uber for guns’ app Protector lets you hire armed bodyguards like you would an Uber — but does anyone need this?

In a TikTok video with over 3 million views, a woman in a fluffy, maximalist coat sits in the back seat of a luxury SUV, parked in the middle of a New York City street. Atop the 6-second video, a line of text reads, “our bodyguards got us matcha.” The camera zooms in on two […]

Belgium investigating alleged cyberattack on intelligence agency by China-linked hackers

The hackers reportedly exploited a flaw in US cybersecurity firm Barracuda’s software to access VSSE's email server

Archipelo comes out of stealth with $12M funding to secure human and AI-driven code

When it comes to AI software, you can build something clever, but that’s not always the same as building something that is secure. With so much software now getting written by AI, having a window into its security can be a challenge. That’s the premise of Archipelo, a San Francisco-based cybersecurity startup that is today […]

Hackers publish sensitive patient data allegedly stolen from Australian IVF provider Genea

Genea gets a court injunction after ransomware gang Termite claims to have leaked patient information

Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot

Data exposed even briefly can live on in generative AI chatbots long after the data is made private.

US employee screening giant DISA says hackers accessed data of more than 3M people

The Texas-based company said hackers accessed applicants’ SSNs and financial information

KoDDoS at the InCyber ​​Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

From April 1st to 3rd, 2025, KoDDoS, a provider of specialized services in DDoS protection and secure offshore hosting, marked its presence at the InCyber ​​Europe Forum, held at the Lille Grand Palais. A true crossroads of cyber innovation and cooperation, the event is the largest cybersecurity event in Europe. A benchmark event on an … Continue reading KoDDoS at the InCyber ​​Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

The post KoDDoS at the InCyber ​​Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem appeared first on KoDDoS Blog.

Looking back at CloudFest 2025: An essential event for the future of the cloud!

CloudFest is one of the world’s largest cloud computing events. Every year, it brings together the industry’s leading players to discuss the latest technological advancements, emerging trends, and market challenges. In 2025, the event once again cemented its leadership status by providing a dynamic platform for professional exchange and cloud innovation. This edition featured captivating … Continue reading Looking back at CloudFest 2025: An essential event for the future of the cloud!

The post Looking back at CloudFest 2025: An essential event for the future of the cloud! appeared first on KoDDoS Blog.

KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

KoDDoS recently strengthened its commitment to the European tech scene by participating in several major events in France. Our team was honored to be invited to key gatherings in the tech industry, highlighting the importance of innovation and cybersecurity in the evolving digital ecosystem. This strategic tour in Paris allowed us to meet top-tier partners, … Continue reading KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

The post KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris. appeared first on KoDDoS Blog.

KoDDos Will be at CyberShow 2025 in Paris!

The post KoDDos Will be at CyberShow 2025 in Paris! appeared first on KoDDoS Blog.

Technological innovation in the heart of Los Angeles at the CES 2025 🚀

🚀 Cutting-Edge Services KoDDoS has established itself as a key player in the field of high-performance hosting. Specializing in anti-DDoS protection, we ensure unmatched service continuity for our clients in the face of growing threats targeting digital infrastructures. We also invest in groundbreaking technologies, including Web3, blockchain, and the Internet of Things (IoT), providing tailored … Continue reading Technological innovation in the heart of Los Angeles at the CES 2025 🚀

The post Technological innovation in the heart of Los Angeles at the CES 2025 🚀 appeared first on KoDDoS Blog.

Recruitment Announcement: B2B Sales Representatives and Business Introducers

To meet growing demand and accelerate our growth, we are launching a new sales team. Weare looking for talented, ambitious, and motivated B2B sales representatives and businessintroducers who share our vision of a safer and more resilient internet. Job Profile:Position: B2B Sales Representatives and Business IntroducersAs a key member of our Sales Team, you will … Continue reading Recruitment Announcement: B2B Sales Representatives and Business Introducers

The post Recruitment Announcement: B2B Sales Representatives and Business Introducers appeared first on KoDDoS Blog.

⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃

The countdown has begun! There are only 3 days left to take advantage of our Halloween special and enjoy 10% off on all our hosting and DDoS protection services. Don’t miss this limited-time offer to secure your website with KoDDoS’s high-performance solutions at a great price! 🎃 Promo Code: HALLOWEEN2024 🎃 Use code HALLOWEEN2024 at … Continue reading ⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃

The post ⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃 appeared first on KoDDoS Blog.

Understanding and Preventing DDoS Attacks with KoDDoS

Distributed Denial of Service (DDoS) attacks represent one of the most formidable threats to modern businesses and organizations whose information systems are connected to the internet. These attacks aim to render a service unavailable by overwhelming the target server’s resources with a massive volume of malicious traffic from multiple sources. In the face of this … Continue reading Understanding and Preventing DDoS Attacks with KoDDoS

The post Understanding and Preventing DDoS Attacks with KoDDoS appeared first on KoDDoS Blog.

Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃

Halloween is just around the corner, and at KoDDoS, we’re celebrating this spooky season with an exclusive offer that will make you smile! To mark the occasion, we’re giving you 10% off all our hosting and DDoS protection services. Whether you’re launching a new project or looking to enhance the security of your existing site, … Continue reading Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃

The post Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃 appeared first on KoDDoS Blog.

Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃

🎃 Exclusive Halloween Promo – 10% Off on All Services From October 18, 2024, to October 31, 2024, enjoy our limited-time Halloween offer with the promo code: 👉 HALLOWEEN2024 👈 Simply apply this code at checkout to receive your discount. Whether you’re a small business owner, a content creator, or managing a large e-commerce platform, … Continue reading Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃

The post Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃 appeared first on KoDDoS Blog.

The Cyber War on Democracy: Lessons from the 2024 RNC Email Hack

In July 2024, as the Republican National Committee (RNC) geared up for its national convention in Milwaukee, Chinese hackers infiltrated the RNC's email system. According to The Wall Street Journal, attackers maintained access for several months, trying to get their hands on intelligence on how the GOP planned to address Taiwan in its party platform. Microsoft alerted top party officials about the breach, yet RNC leadership, including Trump campaign co-chair Chris LaCivita, chose not to inform the FBI, fearing leaks in the media. The previously unreported incident, says the WSJ, will be...

Latest PCI DSS Standards: Use Third Parties – But at Your Own Risk

Third parties have long been the hidden heroes of the payment card industry, providing specialized, streamlined support to merchants looking to host a website or spin up an app. But that convenience is not without a cost. According to PCI DSS 4.0 compliance standards, although merchants are free to use third parties, the responsibility for any incurred security liability will be all theirs. When a merchant takes on an outside provider, they are taking on their cybersecurity risk as well. This, along with other policies, will shape the direction of PCI DSS 4.0 compliance for all involved...

Digital Hygiene in Healthcare: Where Cybersecurity Is a Matter of Life and Death

The healthcare industry is a prime target for cyberattacks due to the significant value of medical data and the critical nature of patient care. Unlike other sectors, healthcare organizations must balance cybersecurity with the need for immediate access to life-saving information. Ransomware attacks, in particular, have surged, with cybercriminals exploiting outdated systems, unpatched vulnerabilities, and human error to disrupt operations. A single breach can not only compromise patient privacy but also delay urgent treatments, putting lives at risk. This is where the human component comes in...

US Senators Push for Stronger Cybercrime and Computer Fraud Legislation

It’s been a pretty divisive few months in US politics. The Trump administration has made sweeping changes in almost all areas of policy, ranging from international relations to domestic regulations and everything in between. However, some areas of American politics aren’t so contentious; in fact, a few cybersecurity policies have received bipartisan support. The  Cyber Conspiracy Modernization Act, introduced by Senators Mike Rounds, R-S.D., and Kirsten Gillibrand, D-N.Y, aims to implement harsher punishments for cybercrimes by amending the US criminal code on computer fraud. In an America...

APT Rogues’ Gallery: The World’s Most Dangerous Cyber Adversaries

Advanced Persistent Threat (APT) groups are not a new scourge. These sophisticated, state-sponsored cyber adversaries, with deep pockets and highly advanced technical skills, conduct prolonged and targeted attacks to infiltrate networks, exfiltrate sensitive data, and disrupt critical infrastructure. The stakes have never been higher, so in this blog, we’ll look at some of the most notorious APT actors, their unique Tactics, Techniques, and Procedures (TTPs), and attacks attributed to them, and offer a few tips on how to defend against them. The Lazarus Group Originating from North Korea, the...

CNSS Instruction: Why It’s Critical for National Security and Your Organization

As cyber threats evolve, so must the strategies and frameworks that protect the data and systems that are at the heart of national defense, intelligence, and security. At a time when cyber threats are becoming more sophisticated, the need to protect national security systems (NSS) has never been more critical. With this in mind, the Committee on National Security Systems (CNSS) was formed to oversee cybersecurity standards for some of the most vital and sensitive U.S. government infrastructures. Introducing the Committee on National Security Systems The CNSS is an intergovernmental body...

Best Practices for Transitioning from Security to Privacy

As global privacy requirements evolve, many information security professionals are called upon to enhance or lead information privacy programs. While this transition may seem like a natural progression, I learned five important lessons when I moved from a focus on security and audit to the field of information privacy. What Constitutes PII? Understanding PII is essential to your team's success. Although the term may be mentioned in discussions, its meaning may not be evident to everyone. Collaboration is most effective when these expectations are established from the outset. When I initiated...

Energy Under Siege: How the Industry is Fighting Against Cyber Attacks

The energy sector has become a prime target for cyberattacks, with successful breaches posing severe risks to national security, economic stability, and public safety. Luckily, the industry is standing up and taking notice, with two-thirds of energy professionals (65%) now saying their leadership now sees cybersecurity as the greatest risk to their business. This was one of the findings from the latest Energy Cyber Priority report from DNV Cyber, which revealed not only a growing awareness among energy professionals but also a significant uptick in cybersecurity investment. But what is driving...

Article 7 of GDPR: Preserving Data Integrity in Image Publication

For all the tremendous opportunities that the digitization of business operations has unlocked, there are also complex security and data privacy challenges that organizations have to navigate. In the interests of business privacy and security, legislation exists to hold organizations and policymakers to account. None are perhaps more influential and necessary than the EU’s General Data Protection Regulation (GDPR). Just the other day, a new safety report was published urging widespread organizational policy changes in the wake of rapid AI advancement. With data ostensibly one of the most...

Ransomware Reaches A Record High, But Payouts Are Dwindling

Shed a tear, if you can, for the poor, misunderstood cybercriminals hard at work trying to earn a dishonest crust by infecting organisations with ransomware. Newly released research has revealed that the riches to be made from encrypting a company's data and demanding a ransom are not proving so easy to come by as they once were. Because, although the number of ransomware attacks are reported to have reached record-breaking heights in the first months of 2025, gangs' profits are thought to be plummeting. BlackFog's "State of Ransomware" report, details over 100 publicly-disclosed attacks in...

Threat Actors Leverage npm and PyPI with Impersonated Dev Tools for Credential Theft

The Socket Threat Research Team has unearthed a trio of malicious packages, two hosted on the Python Package Index (PyPI) and one on the npm registry, designed to silently pilfer cryptocurrency secrets, including mnemonic seed phrases and private keys. Released between 2021 and 2024, these packages, under the guise of harmless developer tools, have been […]

The post Threat Actors Leverage npm and PyPI with Impersonated Dev Tools for Credential Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers Exploit Legitimate Microsoft Utility to Deliver Malicious DLL Payload

Hackers are now exploiting a legitimate Microsoft utility, mavinject.exe, to inject malicious DLLs into unsuspecting systems. This utility, intended for injecting DLLs in Application Virtualization (App-V) environments, has become a tool of choice for cyber attackers due to its signed nature by Microsoft, which makes it appear benign to security systems. The Mechanism of Exploitation […]

The post Hackers Exploit Legitimate Microsoft Utility to Deliver Malicious DLL Payload appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs

Small and midsized businesses (SMBs) continue to be prime targets for cybercriminals, with network edge devices playing a critical role in initial attacks, according to the latest annual threat report by Sophos. The report highlights the persistent threat of ransomware, which despite a slight year-over-year decline in frequency, has seen an increase in the cost […]

The post Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Criminal IP to Showcase Advanced Threat Intelligence at RSAC™ 2025

Joining Criminal IP at Booth S-634 | South Expo, Moscone Center | April 28 – May 1, 2025 Criminal IP, the global cybersecurity platform specializing in AI-powered threat intelligence and OSINT-based data analytics, will exhibit at RSAC 2025 Conference, held from April 28 to May 1 at the Moscone Center in San Francisco. The company […]

The post Criminal IP to Showcase Advanced Threat Intelligence at RSAC™ 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

TP-Link Router Vulnerabilities Allow Attackers to Execute Malicious SQL Commands

Cybersecurity researchers have uncovered critical SQL injection vulnerabilities in four TP-Link router models, enabling attackers to execute malicious commands, bypass authentication, and potentially hijack devices. The flaws, discovered by researcher The Veteran between February and March 2025, highlight ongoing security risks in widely used networking hardware. The vulnerabilities impact both enterprise and consumer routers, including mobile Wi-Fi […]

The post TP-Link Router Vulnerabilities Allow Attackers to Execute Malicious SQL Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Faster Vulnerability Patching Reduces Risk and Lowers Cyber Risk Index

Trend Micro’s Cyber Risk Exposure Management (CREM) solution has highlighted the critical role that timely patching plays in reducing an organization’s cyber risk exposure. The report, which scrutinizes the Cyber Risk Index (CRI) a metric quantifying an organization’s security risk based on the aggregation of individual asset and risk factor scores underscores a direct link […]

The post Faster Vulnerability Patching Reduces Risk and Lowers Cyber Risk Index appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Malicious npm Packages Target Linux Developers with SSH Backdoor Attacks

In a sophisticated onslaught targeting the open-source ecosystem, reports have emerged detailing several malicious npm packages that are nefariously exploiting the Telegram Bot API to install backdoors on unsuspecting developers’ Linux systems. This alarming trend has escalated concerns over the integrity of software supply chains, particularly in light of the platform’s open development architecture. Cybercriminals […]

The post Malicious npm Packages Target Linux Developers with SSH Backdoor Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Samsung One UI Vulnerability Leaks Sensitive Data in Plain Text With No Expiration!

A glaring vulnerability has come to light within Samsung’s One UI interface: the clipboard history function stores all copied text, including sensitive data like passwords and personal information, in plain text and retains it indefinitely, unless users manually delete it. For countless smartphone users, copying and pasting is a daily activity. Complex passwords, banking information, […]

The post Samsung One UI Vulnerability Leaks Sensitive Data in Plain Text With No Expiration! appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

New Rust-Based Botnet Hijacks Routers to Inject Remote Commands

A new malware named “RustoBot” has been discovered exploiting vulnerabilities in various router models to gain unauthorized access and initiate Distributed Denial of Service (DDoS) attacks. This advanced cyber-threat, first observed in January to February 2025, targets TOTOLINK and DrayTek devices, showcasing sophisticated techniques unlike previously known malware. Exploitation and Spread Strategy The botnet leverages […]

The post New Rust-Based Botnet Hijacks Routers to Inject Remote Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Latest Lumma InfoStealer Variant Found Using Code Flow Obfuscation

Researchers have uncovered a sophisticated new variant of the notorious Lumma InfoStealer malware, employing advanced code flow obfuscation techniques to evade detection. This new development marks a significant escalation in cybercrime methodologies, potentially making it more challenging for traditional security measures to intercept or mitigate the impact of these theft-oriented attacks. Advanced Evasion Techniques This […]

The post Latest Lumma InfoStealer Variant Found Using Code Flow Obfuscation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Attackers stick with effective intrusion points, valid credentials and exploits

Infostealers fueled the staying power of identity-based attacks, increasing 84% on a weekly average last year, according to IBM X-Force.

The post Attackers stick with effective intrusion points, valid credentials and exploits appeared first on CyberScoop.

Rebuilding Maritime Cybersecurity Resilience: Charting an America First Course to Secure the U.S. Homeland

While the homeland security discussion has focused on the Southern Border, there is more than 95,000 miles of expansive U.S. coastline and over 360 ports that are the backbone to $5.4 trillion in economic activity and over 10 million jobs.

The post Rebuilding Maritime Cybersecurity Resilience: Charting an America First Course to Secure the U.S. Homeland appeared first on CyberScoop.

Judge limits evidence about NSO Group customers, victims in damages trial

The ruling strikes at NSO Group’s fundamental strategy in the case, one observer noted.

The post Judge limits evidence about NSO Group customers, victims in damages trial appeared first on CyberScoop.

Multiple top CISA officials behind ‘Secure by Design’ resign

In a statement to CyberScoop, acting Director Bridget Bean said that encouraging the private sector to build more secure products will continue to be a priority at the agency. 

The post Multiple top CISA officials behind ‘Secure by Design’ resign  appeared first on CyberScoop.

House investigation into DeepSeek teases out funding, security realities around Chinese AI tool

A new report fleshes out the resources that went into building DeepSeek’s R1 reasoning model and potential risks to U.S. economic and national security.

The post House investigation into DeepSeek teases out funding, security realities around Chinese AI tool appeared first on CyberScoop.

Chris Krebs resigns from SentinelOne to focus on fighting Trump’s executive order

The former CISA director departed the cybersecurity company in response to the order, which directs DOJ to investigate him.

The post Chris Krebs resigns from SentinelOne to focus on fighting Trump’s executive order appeared first on CyberScoop.

35 countries use Chinese networks for transporting mobile user traffic, posing cyber risks

An analysis from iVerify found U.S. allies on the list where mobile providers employ China-based networks.

The post 35 countries use Chinese networks for transporting mobile user traffic, posing cyber risks appeared first on CyberScoop.

CISA reverses course, extends MITRE CVE contract

While the last-minute extension averts an immediate lapse in support, rival organizations are being stood up to supplant the global vulnerability system. 

The post CISA reverses course, extends MITRE CVE contract appeared first on CyberScoop.

Exclusive: Peters, Rounds tee up bill to renew expiring cyber threat information sharing law

The law is due to lapse in September, something cyber experts and industry officials say would be a huge loss.

The post Exclusive: Peters, Rounds tee up bill to renew expiring cyber threat information sharing law appeared first on CyberScoop.

Chinese law enforcement places NSA operatives on wanted list over alleged cyberattacks

The allegations, supported by the foreign ministry, are more specific and aggressive than usual and say the U.S. sought to disrupt the Asian Winter Games.

The post Chinese law enforcement places NSA operatives on wanted list over alleged cyberattacks appeared first on CyberScoop.

Abilene city, Texas, takes systems offline following a cyberattack

Abilene, Texas, shut down systems after a cyberattack caused server issues. IT staff and experts are investigating the security incident. Abilene, Texas, shut down systems after a cyberattack caused server issues. The incident occurred on April 18, 2025, emergency services remained operational, and no financial irregularities were found. “On April 18, 2025, City officials received […]

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Japan ’s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. Japan ’s Financial Services Agency (FSA) reported that the damage caused by unauthorized access to and transactions on internet trading services is increasing. “There has been a sharp increase in the number of cases of unauthorized […]

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Researchers spotted a new North Korea-linked group Kimsuky ‘s campaign, exploiting a patched Microsoft Remote Desktop Services flaw to gain initial access. While investigating a security breach, the AhnLab SEcurity intelligence Center (ASEC) researchers discovered a North Korea-linked group Kimsuky ‘s campaign, tracked as Larva-24005. Attackers exploited an RDP vulnerability to gain initial access to […]

New sophisticate malware SuperCard X targets Androids via NFC relay attacks

‘SuperCard X’ – a new MaaS – targets Androids via NFC relay attacks, enabling fraudulent POS and ATM transactions with stolen card data. Cleafy researchers discovered a new malware-as-a-service (MaaS) called SuperCard X targeting Android devices with NFC relay attacks for fraudulent cash-outs. Attackers promote the MaaS through Telegram channels, analysis shows SuperCard X builds […]

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. Check Point Research team reported that Russia-linked cyberespionage group APT29 (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) is behind a sophisticated phishing campaign targeting European diplomatic entities, using a new WINELOADER variant and a previously unknown malware called GRAPELOADER. “While the […]

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze       Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?   BPFDoor’s Hidden Controller Used Against Asia, Middle East […]

Security Affairs newsletter Round 520 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers exploited SonicWall SMA appliances since January 2025 ASUS routers with AiCloud vulnerable to auth bypass exploit U.S. […]

Attackers exploited SonicWall SMA appliances since January 2025

Threat actors are actively exploiting a remote code execution flaw in SonicWall Secure Mobile Access (SMA) appliances since January 2025. Arctic Wolf researchers warn that threat actors actively exploit a vulnerability, tracked as CVE-2021-20035 (CVSS score of 7.1), in SonicWall Secure Mobile Access (SMA) since at least January 2025. The vulnerability is an OS Command […]

ASUS routers with AiCloud vulnerable to auth bypass exploit

ASUS warns of an authentication bypass vulnerability in routers with AiCloud enabled that could allow unauthorized execution of functions on the device. ASUS warns of an authentication bypass vulnerability, tracked as CVE-2025-2492 (CVSS v4 score: 9.2), which impacts routers with AiCloud enabled. A remote attacker can trigger the flaw to perform unauthorized execution of functions on the […]

U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple products and Microsoft Windows NTLM vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions of the flaws: This week Apple released out‑of‑band […]

Entrust Announces all-in-one Cryptographic Security Platform

Entrust has announced the Entrust Cryptographic Security Platform, for release in May. The platform is a unified, end-to-end cryptographic security management solution for keys, secrets, and certificates. Cyberattacks on data security and identity systems are exploding in scale and sophistication. Traditional approaches to securing data and identities aren’t working, and in digital-first environments every connected […]

The post Entrust Announces all-in-one Cryptographic Security Platform appeared first on IT Security Guru.

ISACA and Chartered IIA pen open letter to UK Government urging swift audit reform to build digital resilience

ISACA and the Chartered Institute of Internal Auditors (Chartered IIA), have sent a letter to Rt Hon Jonathan Reynolds MP, Secretary of State for Business and Trade, stressing the urgent need for audit reform legislation to boost digital resilience. The letter underlines strong stakeholder support for the Audit Reform and Corporate Governance Bill promised in […]

The post ISACA and Chartered IIA pen open letter to UK Government urging swift audit reform to build digital resilience appeared first on IT Security Guru.

9 Modern Ways You Can Use Bitcoin in 2025

Cryptocurrency is slowly becoming a regular way to pay for something, with new uses popping up every day. Many people choose Bitcoin, among others, because it’s easy to use, quick, secure, private, and more affordable than traditional methods. 1. Gaming, Virtual Worlds, and Entertainment If you’re into gaming, Bitcoin is already part of the action, […]

The post 9 Modern Ways You Can Use Bitcoin in 2025 appeared first on IT Security Guru.

MIWIC25: Sochima Okoye, Cybersecurity Consultant at CSA Cyber

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are […]

The post MIWIC25: Sochima Okoye, Cybersecurity Consultant at CSA Cyber appeared first on IT Security Guru.

Bridewell research finds UK Financial Services under pressure from cyber security challenges and mounting regulatory requirements

Research from Bridewell, a leading UK-based cyber security services provider, has found compliance with regulation as the chief challenge, as well as the main stimulus, for increasing cyber security maturity in the financial services sector. The study, entitled Cyber Security in Financial Services: 2025, also shows that response times to cyber threats like ransomware are […]

The post Bridewell research finds UK Financial Services under pressure from cyber security challenges and mounting regulatory requirements appeared first on IT Security Guru.

MIWIC25: Anastasiia Ostrovska, co-founder & CEO Women’s Leadership and Strategic Initiatives Foundation (WLSIF)

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are […]

The post MIWIC25: Anastasiia Ostrovska, co-founder & CEO Women’s Leadership and Strategic Initiatives Foundation (WLSIF) appeared first on IT Security Guru.

MIWIC25: Katie Beecroft, Associate Director Risk & Security, Fidelity International

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are […]

The post MIWIC25: Katie Beecroft, Associate Director Risk & Security, Fidelity International appeared first on IT Security Guru.

Check Point Cloud Firewalls Achieve Industry Best 100% Block Rate and Accuracy: CyberRatings.Org Test Results Confirm

Organisations demand uncompromising protection against today’s most pressing threats while ensuring minimal disruption to legitimate business operations. Check Point CloudGuard Network Security has just set a new industry benchmark by achieving a 100% exploit block rate including evasions in independent testing conducted by CyberRatings.org (Fig 1.). Check Point also leads in reducing alert fatigue with […]

The post Check Point Cloud Firewalls Achieve Industry Best 100% Block Rate and Accuracy: CyberRatings.Org Test Results Confirm appeared first on IT Security Guru.

MIWIC25: Lisa Landau, CEO and Co-Founder of ThreatLight

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are […]

The post MIWIC25: Lisa Landau, CEO and Co-Founder of ThreatLight appeared first on IT Security Guru.

From $2M to $750M: Phaneesh Murthy’s Blueprint for Exponential Growth in Technology Services

  In the competitive landscape of global technology services, few executives can claim the kind of transformative growth that Phaneesh Murthy has orchestrated throughout his career. His most remarkable achievement came during his tenure at Infosys, where he helped scale the company’s revenue from less than $2 million to an impressive $750 million. Even more […]

The post From $2M to $750M: Phaneesh Murthy’s Blueprint for Exponential Growth in Technology Services appeared first on IT Security Guru.

Virtual Client Computing Market: Tapping on the Domain of Innumerable Opportunities

VCC or virtual client computing is an advanced IT approach with a comprehensive application and desktop virtualization solution. The system is fabricated to aid businesses in reducing IT costs and support a...

The post Virtual Client Computing Market: Tapping on the Domain of Innumerable Opportunities appeared first on Cyber Defense Magazine.

Using Risk to Prove the Value of Cyber Threat Intelligence

Beyond Silos By Dan Cole, VP of Product Marketing, ThreatConnect We know that attackers are outpacing defenders: we’ve all heard the cliche that “attackers only need to get it right...

The post Using Risk to Prove the Value of Cyber Threat Intelligence appeared first on Cyber Defense Magazine.

Why The Seceon Platform Is A Must-Have To Tackle Today’s Threat Landscape

Delivering Security Without Complexity in an Era of Sophisticated Cyber Threats Let’s face it—today’s cybersecurity landscape is a battlefield. Ransomware gangs target critical infrastructure, insider threats bypass perimeter defenses, supply...

The post Why The Seceon Platform Is A Must-Have To Tackle Today’s Threat Landscape appeared first on Cyber Defense Magazine.

AI-powered Vishing

First, there was phishing. The goal: To trick targets into revealing information or completing unauthorized actions. Around since the 1990s, this attack vector remains the top internet crime reported to the...

The post AI-powered Vishing appeared first on Cyber Defense Magazine.

Staying Ahead of AI-Powered Threats: Insights from Delinea Labs’ Inaugural Cybersecurity Report

The cybersecurity landscape is rapidly evolving, with Artificial Intelligence (AI) driving both innovation and risk. While AI enhances security by improving threat detection and response, it also equips cybercriminals with...

The post Staying Ahead of AI-Powered Threats: Insights from Delinea Labs’ Inaugural Cybersecurity Report appeared first on Cyber Defense Magazine.

Hyver by CYE: Transformative Cyber Exposure Management for Modern Enterprises

Rating: 10 out of 10 Introduction Today’s enterprise security teams face an overwhelming problem: they are inundated with thousands of vulnerabilities, alerts, and findings from dozens of tools, yet still...

The post Hyver by CYE: Transformative Cyber Exposure Management for Modern Enterprises appeared first on Cyber Defense Magazine.

Addressing The Need for Integrated FICO-DT Scoring for All Digital Services

INTRODUCING DIGITAL TRUST SCORE (FICO-DT) The Digital Trust (FICO-DT) framework is an attempt by DigitalXForce to bridge a critical gap: the absence of a standard metric for measuring and validating...

The post Addressing The Need for Integrated FICO-DT Scoring for All Digital Services appeared first on Cyber Defense Magazine.

The Future of Third-Party Risk Management: Seven Key Predictions for 2025

As organizations gear up for 2025, third-party risk management (TPRM) remains a top priority. The need to manage risks associated with vendors and partners has grown more urgent, driven by...

The post The Future of Third-Party Risk Management: Seven Key Predictions for 2025 appeared first on Cyber Defense Magazine.

Déjà Vu: What Cloud Adoption Can Teach Us About AI in Cybersecurity

The launch of ChatGPT undeniably marked a turning point in the technological landscape, ushering in the era of readily accessible and powerful Large Language Models (LLMs). This new age has...

The post Déjà Vu: What Cloud Adoption Can Teach Us About AI in Cybersecurity appeared first on Cyber Defense Magazine.

The Significance of Cybersecurity within AI Governance

In everyday life, AI integration rapidly changes traditional consumers’ shopping experiences, changes work scenarios at work spots, and health provision. With the impacts that AI strikes to the world, many...

The post The Significance of Cybersecurity within AI Governance appeared first on Cyber Defense Magazine.

CVE-2025-32433: Unauthenticated RCE Vulnerability in Erlang/OTP’s SSH Implementation

Key Takeaways

• A critical vulnerability has been discovered in Erlang/OTP, tracked as CVE-2025-32433,  and has a CVSS score of 10 (critical). 
• This critical remote code execution (RCE) vulnerability affects the SSH server within the Erlang/OTP software platform.
• This vulnerability allows unauthenticated attackers to gain full system access by sending crafted SSH packets before any login or credentials are provided. 
• Systems running Erlang/OTP’s native SSH server are at risk and may be embedded in telecom, IoT, cloud platforms, databases, etc.
• We recommend patching impacted systems immediately. 

From Shadow to Spotlight: The Evolution of LummaStealer and Its Hidden Secrets

This article is a continuation of the previous research published on the malware LummaStealer: "Your Data Is Under New Lummanagement: The Rise of LummaStealer".

A Class Above: Expert Support for Data Breach Class Action Defense

Between 2022 and 2024, data breach-related class actions in the United States surged by over 146%, with the top 10 settlements in 2024 averaging 15% higher than in 2023. As organizations grapple with increasingly aggressive litigation stemming from cybersecurity incidents, class action lawsuits have become a major risk vector—one that now rivals the breach itself in terms of financial, operational, and reputational impact, underscoring the importance of both proactive cybersecurity posture and a strong defensive strategy in litigation. Whether it’s demonstrating reasonable security practices or disputing claims of harm resulting from cybersecurity incidents, the involvement of technical experts has become critical.

The Curious Case of PlayBoy Locker

Cybereason issues Threat Analysis reports to investigate emerging threats and provide practical recommendations for protecting against them. In this Threat Analysis report, Cybereason investigates the new Ransomware-as-a-Service (RaaS) known as PlayBoy Locker and how to defend against it through the Cybereason Defense Platform.

Are you keeping pace with Cyber Security AI innovation?

Skip ahead if you have heard this story, but when I started in anti-virus at Dr Solomon’s, Alan Solomon would share how he moved from doing hard disk data recoveries into antivirus because he received a drive to recover and recognized the corruption was logical. As such to fix the damage he wrote an algorithm (he was a mathematician by education) to undo the corruption. A few months later he was recovering another drive and recognized the same logical corruption, which led him to write a new algorithm to detect this corruption; this was how he started Dr Solomon’s antivirus software. The point here is that traditional anti-virus has always been based on pattern matching. Find something unique to each attack in its code, then you can write an algorithm or more commonly called these days a signature to detect, block and repair the attack. I remember Alan saying effectively that signatures had solved the virus problem, the volume would continue to grow, as would the complexity, but the same signature solution would always apply.

Cracking the Code: How to Identify, Mitigate, and Prevent BIN Attacks

KEY TAKEAWAYS

• Understanding BIN Attacks: BIN attacks exploit the publicly available Bank Identification Numbers (BINs) on payment cards to brute-force valid card details, enabling fraudulent transactions. Identifying patterns of failed authorization attempts is critical for early detection.
• Effective Mitigation Strategies: Implementing rate limiting, enhanced authentication (e.g., CAPTCHA, MFA), Web Application Firewalls (WAFs), geofencing, and machine-learning-based fraud detection tools can significantly reduce the likelihood of successful BIN attacks.
• Collaborative Incident Response: Engage payment processors, card issuers, and digital forensics teams to trace attacks, freeze compromised cards, and implement long-term measures like tokenization and PCI DSS compliance to strengthen payment security.

Threat actors with financial motivations often leverage BIN attacks when targeting financial services or eCommerce victims. BIN attacks involve threat actors systematically testing card numbers stemming from a Bank Identification Number (BIN) to find valid card details. BIN values are assigned to card issuers and form the first 6-8 digits on payment cards. These values are published to merchants, payment processors, and other service providers to facilitate transactions and are publicly available. The BIN is then followed by an additional set of numbers (the account number) to form a complete Primary Account Number (PAN), or card number.

Three Zero-Day Vulnerabilities Discovered in VMware Products

Key Takeaways

• Three zero-day vulnerabilities have been discovered in VMware products, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226.
• Nearly all supported and unsupported VMware products are impacted, including VMware ESXi, VMware Workstation Pro / Player (Workstation), VMware Fusion, VMware Cloud Foundation, and VMware Telco Cloud Platform.
• Chaining these 3 vulnerabilities together allows an attacker to escape or “break out” of a “child” Virtual Machine (VM), gain access to the “parent” ESXi Hypervisor, and potentially access any other accessible VM as well as gain access to the management network of the exposed VMware cluster.
• We recommend upgrading to “fixed versions” indicated in the VMware by Broadcom matrix immediately.

Deceptive Signatures: Advanced Techniques in BEC Attacks

KEY TAKEAWAYS

• Sophistication of BEC Attacks: Business Email Compromise (BEC) attacks are becoming increasingly sophisticated, leveraging advanced social engineering, AI-driven personalization, and phishing kits in order to overcome MFA protections.
• Exploitation of Trust: Some threat actor groups have been discovered levering a technique that involves embedding phishing lures within email signature blocks on user accounts. This deceptive tactic exploits recipients’ trust and attention to the benign nature of signature sections by replacing it with a formatted email. It can also remain undetected during certain investigative steps as it's not considered an inbox rule change which could be associated with specific audit logging and alerting.
• Cascading Impact: Once initial credentials are compromised, attackers often use these accounts to launch secondary phishing campaigns, expanding their reach and escalating financial and reputational damage to organizations. Additionally, even after a password change and a threat actor has lost access to a previously compromised account, if the signature block alteration is not caught and remediated quickly, then normal sending of emails by the user may unknowingly perpetuate the attack forward.

Business email compromise attacks have become increasingly common in recent years, driven by sophisticated social engineering tactics that make it easier to dupe victims. This is in part to the believability that the threat actors are able to achieve by collecting sensitive information from publicly available sources, including corporate websites and social media. Criminals leverage this information to pose as trusted colleagues or business partners, using stolen or spoofed email accounts to deliver convincing messages that prompt recipients to transfer funds or disclose confidential information. The evolving nature of these schemes is characterized by their high success rate, low technological barriers to entry for threat actors, and the substantial financial losses incurred by victim organizations. Advancements in automation, AI-driven personalization, and ready-to-use phishing kits have further accelerated the proliferation of BEC attacks, creating a lucrative marketplace for cybercriminals.

Enhancing Business Email Compromise Incident Response: New Email & Cloud Security Configuration Snapshot

KEY TAKEAWAYS

• Email & Cloud Security Configuration Snapshot can be delivered free as part of BEC investigations, in automated fashion  
• Snapshot condenses frontline threat intelligence from 1000s of BEC investigations to identify configuration weakness allowing most common BEC attack patterns
• Requires no additional client involvement to run
• Available for M365 and Google Workspace

Business Email Compromise (BEC) remains one of the most financially devastating forms of cybercrime, with the FBI reporting over $55 billion in BEC losses worldwide over the past 10 years. Requiring little technical expertise, BECs are relatively simple to execute and attackers have found clever ways to bypass most defenses, contributing to the high rate of incidents. Though attackers leverage various intrusion vectors to compromise email accounts, most BEC incidents are worsened by poor email and cloud security configurations, making it easier for attackers to move laterally, exfiltrate data, and increase the overall impact of the attack.

RSAC 2025 - Key Trends from 100s of ‘Hackers & Threats’ Talk Submissions

Just before the end of 2024, the Hackers & Threats Program Committee met to review hundreds of submissions for the track for RSAC 2025 Conference.

How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Soon�

Posted by Sean @ 12:52 GMT

Our "construction project" is progressing nicely.



And it should resolve this…



Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.

On 18/08/15 At 12:52 PM

Work In Progress

Posted by Sean @ 13:25 GMT

Regular readers will have noticed it's been slow here of late.


Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.

On 13/08/15 At 01:25 PM

"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT

Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:



And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.



We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.

On 23/07/15 At 09:53 AM

Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT

Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.


An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.


A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.


A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".


Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.


The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP

On 22/07/15 At 11:59 AM

'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT

VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.



The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.

On 20/07/15 At 12:40 PM

IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT

The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:



Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:



Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.



The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)

On 17/07/15 At 10:15 AM

Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT

After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.




Here are the stats for each exploit kit:




The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:




Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:




We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:




HanJuan Flash Exploit:




There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.

On 13/07/15 At 12:29 PM

The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT

When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):



Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:





Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.


Post by – Su Gim

On 08/07/15 At 02:31 AM

Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT

The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.


(Source)


So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.

On 09/06/15 At 01:25 PM

Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT

I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.



Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean

On 08/06/15 At 01:27 PM

SMS Exploit Messages

Posted by Sean @ 13:56 GMT

There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.


S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:


Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:


Effective Power Unicode iOS hack vs Twitter

On 28/05/15 At 01:56 PM

Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT

In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:



When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:



So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:



Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:



If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:



And then to the malware itself:



This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor

On 19/05/15 At 03:17 AM

Mac Hack Demonstration

Posted by Sean @ 12:46 GMT

Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.



Don't worry, it's an authorized hack, she asked her mom for permission.

On 15/05/15 At 12:46 PM

Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

GMX (Global Mail eXchange) Mail is an email service where users may register up to 10 individual email addresses at no cost. As a result, threat actors are leveraging this service to easily spin up new email addresses and effectively delivering phishing attacks that bypass Microsoft o365 and Google Workspace, landing in an organization’s email […]

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries.  As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

What Is PAM-as-a-Service (PAMaaS)?

The post What Is PAM-as-a-Service (PAMaaS)? appeared first on Heimdal Security Blog.

Top 11 Privileged Access Management Software Solutions in 2025

The post Top 11 Privileged Access Management Software Solutions in 2025 appeared first on Heimdal Security Blog.

Privileged Access Management (PAM) Best Practices

The post Privileged Access Management (PAM) Best Practices appeared first on Heimdal Security Blog.

Privileged Accounts 101: Everything You Need to Know

The post Privileged Accounts 101: Everything You Need to Know appeared first on Heimdal Security Blog.

The Complete Guide to PAM Tools, Features, and Techniques

The post The Complete Guide to PAM Tools, Features, and Techniques appeared first on Heimdal Security Blog.

IAM vs PAM: What’s the Difference And Why It Matters

The post IAM vs PAM: What’s the Difference And Why It Matters appeared first on Heimdal Security Blog.

PIM vs PAM vs IAM. Definitions and Roles in the Cybersecurity Strategy

The post PIM vs PAM vs IAM. Definitions and Roles in the Cybersecurity Strategy appeared first on Heimdal Security Blog.

How to Conduct a Successful Privileged Access Management Audit

The post How to Conduct a Successful Privileged Access Management Audit appeared first on Heimdal Security Blog.

How to Create an End-to-End Privileged Access Management Lifecycle

The post How to Create an End-to-End Privileged Access Management Lifecycle appeared first on Heimdal Security Blog.

What Is Privileged Access Management (PAM)?

The post What Is Privileged Access Management (PAM)? appeared first on Heimdal Security Blog.

Privileged access management: Best practices, implementation, and tools

The post Privileged access management: Best practices, implementation, and tools appeared first on Heimdal Security Blog.

Best Automated Patch Management Software in 2025

The post Best Automated Patch Management Software in 2025 appeared first on Heimdal Security Blog.

Cybersecurity And The Patching Paralysis Problem

The post Cybersecurity And The Patching Paralysis Problem appeared first on Heimdal Security Blog.

8+ Free and Open Source Patch Management Tools for Your Company [Updated 2025]

The post 8+ Free and Open Source Patch Management Tools for Your Company [Updated 2025] appeared first on Heimdal Security Blog.

How to Prioritize Vulnerabilities Effectively: Vulnerability Prioritization Explained

The post How to Prioritize Vulnerabilities Effectively: Vulnerability Prioritization Explained appeared first on Heimdal Security Blog.

xorsearch.py: "Ad Hoc YARA Rules", (Tue, Apr 22nd)

In diary entry "xorsearch.py: Searching With Regexes" I showed how one can let xorsearch.py generate a YARA rule with a given regular expression.

ISC Stormcast For Tuesday, April 22nd, 2025 https://isc.sans.edu/podcastdetail/9418, (Tue, Apr 22nd)

No summary available.

It's 2025... so why are obviously malicious advertising URLs still going strong?, (Mon, Apr 21st)

While the old adage stating that “the human factor is the weakest link in the cyber security chain” will undoubtedly stay relevant in the near (and possibly far) future, the truth is that the tech industry could – and should – help alleviate the problem significantly more than it does today.

ISC Stormcast For Monday, April 21st, 2025 https://isc.sans.edu/podcastdetail/9416, (Mon, Apr 21st)

No summary available.

Wireshark 4.4.6 Released, (Sun, Apr 20th)

Wireshark release 4.4.6 fixes 14 bugs.

ISC Stormcast For Friday, April 18th, 2025 https://isc.sans.edu/podcastdetail/9414, (Fri, Apr 18th)

No summary available.

ISC Stormcast For Thursday, April 17th, 2025 https://isc.sans.edu/podcastdetail/9412, (Thu, Apr 17th)

No summary available.

RedTail, Remnux and Malware Management [Guest Diary], (Wed, Apr 16th)

[This is a Guest Diary by Jacob Claycamp, an ISC intern as part of the SANS.edu BACS program]

Apple Patches Exploited Vulnerability, (Wed, Apr 16th)

ISC Stormcast For Wednesday, April 16th, 2025 https://isc.sans.edu/podcastdetail/9410, (Wed, Apr 16th)

No summary available.

Broken Cyber Windows Theory

Have you ever walked down a street with broken windows, burnt out cars, graffiti and felt a bit uneasy? There's a reason for that, and it's not just about aesthetics.

Threat Actors Are Increasingly Abusing AI Tools to Help With Scams

Cybercriminals are increasingly using AI tools to assist in malicious activities, according to Microsoft’s latest Cyber Signals report.

CyberheistNews Vol 15 #16 [Scary] A New Real Cash Scam Sweeps Across the U.S. Warn Your Family and Friends!

Powering Down Vulnerability: Securing the Energy Sector's Supply Chain

The energy sector stands as a critical pillar of our society. From the electricity powering our homes to the fuel driving our industries, reliable energy is essential.

However, the very interconnectedness that makes the energy sector so vital also exposes it to significant vulnerabilities, particularly within its supply chain.

China Cybercriminals Behind Toll-Themed Smishing Attacks Surge in the US and UK

Resecurity warns that a China-based cybercriminal gang dubbed the “Smishing Triad” is launching a wave of road toll-themed SMS phishing (smishing) attacks against users across the US and the UK.

[Scary] A New Real Cash Scam Sweeps Across the U.S. Warn Your Family and Friends!

Right now, today, thousands of people are being tricked into going to their banks or credit unions to withdraw large sums of cash and will give or send it to a complete stranger, never to see it again. Many of the victims are in the prime of their lives, intelligent, and consider themselves to be of above-average ability in spotting scams and scammers.

Lack of Security Awareness Tops List of Obstacles to Cyber Defense

Most organizations cite low security awareness among employees as the biggest barrier to defending against cyberattacks, according to a new survey by CyberEdge Group.

The Continued Abuse of Legitimate Domains: A Spike in the Exploitation of Google Drive to Send Phishing Attacks

First QuickBooks, then Microsoft, and now Google—will the hijacking of legitimate third-party platform communications stop escalating in 2025? Our Threat Labs researchers predict the answer is no.

How Does Human Risk Management Differ from Security Awareness Training?

In today's cybersecurity landscape, organizations face an ever-present and often underestimated threat: human risk.

Despite significant advancements in technological defenses, human error remains a leading cause of data breaches and security incidents.

AI-Powered Spear Phishing Can Now Outperform Human Attackers

Researchers at Hoxhunt have found that AI agents can now outperform humans at creating convincing phishing campaigns.

GUEST ESSAY: Ponemon study warns: AI-enhanced deepfake attacks taking aim at senior execs

A new study by the Ponemon Institute points to a concerning use of AI: deepfake attacks are on the rise and are taking a financial and reputational toll on companies and their executives.

Related: Tools to fight deepfakes

Deepfake Deception: … (more…)

The post GUEST ESSAY: Ponemon study warns: AI-enhanced deepfake attacks taking aim at senior execs first appeared on The Last Watchdog.

RSAC Fireside Chat: Zero Networks harnesses automation, zero trust to advance microsegmentation

Cybercriminals are moving faster than ever, exploiting implicit trust within networks to spread ransomware and execute supply chain attacks.

Related: Protecting cloud assets with microsegmentation

In response, microsegmentation is gaining momentum as a key cybersecurity strategy—one that could take center … (more…)

The post RSAC Fireside Chat: Zero Networks harnesses automation, zero trust to advance microsegmentation first appeared on The Last Watchdog.

MY TAKE: The CVE program crisis isn’t over — it’s a wake-up call for cybersecurity’s supply chain

Just hours before it was set to expire on April 16, the federal contract funding MITRE’s stewardship of the CVE (Common Vulnerabilities and Exposures) program was given a temporary extension by CISA.

Related: Brian Krebs’ take on MITRE funding expiring… (more…)

The post MY TAKE: The CVE program crisis isn’t over — it’s a wake-up call for cybersecurity’s supply chain first appeared on The Last Watchdog.

News alert: SquareX to present on uncovering data splicing attacks at BSides San Francisco 2025

Palo Alto, Calif, Apr. 16, 2025, CyberNewswire — SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025.

Titled “Data Splicing Attacks: Breaking Enterprise DLP from the … (more…)

The post News alert: SquareX to present on uncovering data splicing attacks at BSides San Francisco 2025 first appeared on The Last Watchdog.

My Take: Is Amazon’s Alexa+ a Gutenberg moment — or a corporate rerun of history’s greatest co-opt?

Last Friday morning, April 11, I was making my way home from NTT Research’s Upgrade 2025 innovation conference in San Francisco, when it struck me that we’re at a watershed moment.

Related: How GenAI is disrupting the value of legal … (more…)

The post My Take: Is Amazon’s Alexa+ a Gutenberg moment — or a corporate rerun of history’s greatest co-opt? first appeared on The Last Watchdog.

News alert: AcceleTrex unveils referral exchange that turns trusted conversations into scalable growth

Miami, FL, Apr. 14, 2025 — Today, AcceleTrex Corporation officially emerged from stealth, unveiling a first-of-its-kind platform that transforms expert referrals into a powerful growth engine for innovators.

Grounded in the belief that genuine relationships drive meaningful results, AcceleTrex combines … (more…)

The post News alert: AcceleTrex unveils referral exchange that turns trusted conversations into scalable growth first appeared on The Last Watchdog.

News alert: INE Security highlights why hands-on labs can help accelerate CMMC 2.0 compliance

Cary, NC, Apr. 11, 2025, CyberNewswire — Defense contractors are facing increased pressure to meet the Department of Defense’s stringent Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements ahead of 2025 compliance deadlines.

INE Security, a leading global provider … (more…)

The post News alert: INE Security highlights why hands-on labs can help accelerate CMMC 2.0 compliance first appeared on The Last Watchdog.

My Take: NTT’s physicists confront the mystery Big Tech keep dodging — what are we really creating?

SAN FRANCISCO — If large language AI models are shaping our digital reality, then who—exactly—is shaping those models? And how the heck are they doing it?

Related: What exactly is GenAI?

Those are the questions Dr. Hidenori Tanaka wants to … (more…)

The post My Take: NTT’s physicists confront the mystery Big Tech keep dodging — what are we really creating? first appeared on The Last Watchdog.

News alert: NTT unveils AI inference chip enabling real-time 4K processing of ultra-high-def video

TOKYO, Apr. 10, 2025 — Today, NTT Corporation (NTT) announced a new, large-scale integration (LSI) for the real-time AI inference processing of ultra-high-definition video up to 4K resolution and 30 frames per second (fps).

This low-power technology is … (more…)

The post News alert: NTT unveils AI inference chip enabling real-time 4K processing of ultra-high-def video first appeared on The Last Watchdog.

Trends-To-Watch Q&A: The future of edge—will decentralization ever be more than a talking point?

For decades, a handful of tech giants have shaped digital infrastructure—and, with it, how businesses and governments manage data, security, and connectivity.

Related: Practical uses for edge computing

Now, the rise of distributed edge computing is being touted as a … (more…)

The post Trends-To-Watch Q&A: The future of edge—will decentralization ever be more than a talking point? first appeared on The Last Watchdog.

All Gmail users at risk from clever replay attack

All Google accounts could end up compromised by a clever replay attack on Gmail users that abuses Google infrastructure.

A week in security (April 12 – April 18)

A list of topics we covered in the week of April 12 to April 18 of 2025

Did DOGE “breach” Americans’ data? (Lock and Code S06E08)

This week on the Lock and Code podcast, we speak with Sydney Saubestre about DOGE and its access to Americans' data.

Text scams grow to steal hundreds of millions of dollars

Text scams come in many forms and are an ever increasing threat doing an awful lot of financial, and other, damage

Apple patches security vulnerabilities in iOS and iPadOS. Update now!

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited...

Hi, robot: Half of all internet traffic now automated

Bots now account for half of all internet traffic, according to a new study that shows how non-human activity has grown online.

“I sent you an email from your email account,” sextortion scam claims

A new variant of the hello pervert emails claims that the target's system is infected with njRAT and spoofs the victims email address

“Follow me” to this fake crypto exchange to claim $500

Follow me for lucky prizes scams are old fake crypto exchange scams in a new jacket and on a different platform

Hertz data breach caused by CL0P ransomware attack on vendor

Car rental giant Hertz data suffered a data breach caused by a CL0P ransomware attack on file sharing vendor Cleo

Meta slurps up EU user data for AI training

Meta users in Europe will have their public posts swept up and ingested for AI training, the company announced this week.

No, it’s not OK to delete that new inetpub folder

A newly created inetpub folder turns out to be part of a Microsoft update against a vulnerability tracked as CVE-2025-21204

Malwarebytes named “Best Antivirus Software” and “Best Malware Removal Service”

Malwarebytes has been rewarded with prestigious accolades by two renowned publications, PCMag and CNET.

A week in security (April 7 – April 13)

A list of topics we covered in the week of April 7 to April 13 of 2025

The Pall Mall Pact and why it matters

The US indicated they will sign the Pall Mall Pact, an international treaty to regulate commercial spyware and surveillance tools.

Child predators are lurking on dating apps, warns report

A report from Edinburgh University warns that child abusers are using dating apps to find single parents with vulnerable children.

Your 23andMe genetic data could be bought by China, senator warns

US senator Cassidy is afraid that Chinese companies will jump at the opportunity to buy the genetic data of 15 million 23andMe customers.

WhatsApp for Windows vulnerable to attacks. Update now!

If you use WhatsApp for Windows, you'll want to make sure you're on the latest version.

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

A recent case of alleged cyber-voyeurism shows how important it is to secure your computer against unwanted eavesdroppers using malware.

72% of people are worried their data is being misused by the government, and that’s not all…

Our privacy is most at risk from companies, governments, and AI models, according to a new public survey from Malwarebytes.

Tax deadline threat: QuickBooks phishing scam exploits Google Ads

Beware of deceptive Google Ads targeting QuickBooks and always confirm the website URL before logging in, as fake sites can bypass even 2FA.

Author of the Month: Andrew Pattison

This month, we are celebrating author Andrew Pattison! His book: NIST CSF 2.0 – Your essential introduction to managing cybersecurity risks was published in February 2025 and covers the latest updates to the NIST framework.   The NIST CSF (Cybersecurity Framework) 2.0 is designed to help organisations prevent and protect themselves from cyber attacks. This book will help you understand how to: About the author: Andrew Pattison is the global head of GRC and PCI consultancy at GRC International Group, a GRC Solutions company. He has been working in information security, risk management and business continuity since the mid-1990s, helping

The post Author of the Month: Andrew Pattison appeared first on IT Governance Blog.

The Cyber Essentials Scheme’s 2025 Update and What it Means for Your Organisation

The Cyber Essentials scheme is updated each year to ensure its best-practice approach to basic cyber security remains relevant. So, what’s new for 2025? Cyber Essentials and Cyber Essentials Plus: what’s new in the 2025 update? As of 28 April 2025, new Cyber Essentials certifications will be assessed according to v3.2 of the NCSC Requirements for IT Infrastructure and must use the new ‘Willow’ Question Set, which replaces the Montpellier version. The changes introduced by the 2025 update are minor, but organisations will still need to be aware of what’s expected of them. Here’s a high-level summary. Cyber Essentials Requirements

The post The Cyber Essentials Scheme’s 2025 Update and What it Means for Your Organisation appeared first on IT Governance Blog.

What It Takes to Be Your Organisation’s DPO or Data Privacy Lead

‘GDPR’ has become a familiar term. We recognise the visible and consumer-facing aspects of the General Data Protection Regulation in our everyday lives – when consumers exercise their right to withdraw consent to their data being processed via ‘opt out’ or ‘unsubscribe’ buttons, for example. What’s less evident is whether organisations are keeping their practices fully up to date and in line with the GDPR and other applicable data protection laws. For instance: So, how sure are you that your organisation is fully compliant with the relevant data protection legislation? In this blog ‘Once compliant’ does not mean ‘still compliant’

The post What It Takes to Be Your Organisation’s DPO or Data Privacy Lead appeared first on IT Governance Blog.

Free Expert Insights: Index of Interviews

We regularly sit down with experts from within GRC International Group to get their insights on a technical topic or business area. Here are all our Q&As to date, grouped by broad topic: To get new expert insights straight to your inbox, sign up to our weekly newsletter, the Security Spotlight. Last updated: 15 January 2025. Interviews added: Andrew Pattison on DORA, how it compares to NIS 2, and how it’ll be regulated (DORA); Damian Garcia on transitioning to ISO 27001:2022 (ISO 27001); Louise Brooks on cookie audits (PECR); and Leon Teale on ethical hacking as a career (security testing). 

The post Free Expert Insights: Index of Interviews appeared first on IT Governance Blog.

How Can Organisations Transition to ISO 27001:2022?

Addressing the new Annex A control set Organisations with ISO/IEC 27001:2013 certification must transition to ISO/IEC 27001:2022 by 31 October 2025. The biggest change for organisations is Annex A, which has been overhauled and includes 11 new controls. How can organisations best approach this new control set? What changes to the main clauses of the Standard tend to get overlooked? And what are common mistakes to avoid when transitioning? Our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explains. In this interview Are the new controls in ISO 27001:2022 applicable? Where do organisations start when transitioning from ISO

The post How Can Organisations Transition to ISO 27001:2022? appeared first on IT Governance Blog.

The Benefits of Becoming an Ethical Hacker

Q&A with senior penetration tester Leon Teale Have you ever thought about getting paid to break into organisations’ networks? That’s precisely what ethical hackers (also known as ‘penetration testers’ or ‘pen testers’) do. But what exactly does this career involve? Why would you pursue it? And what knowledge and skills do you need to kick-start your career? We put these questions to our senior penetration tester Leon Teale, who’s been a qualified ethical hacker since 2012. In this interview Why pursue ethical hacking as a career What made you choose penetration testing as a career, and what do you enjoy

The post The Benefits of Becoming an Ethical Hacker appeared first on IT Governance Blog.

Step-by-Step Guide to Achieving GDPR Compliance

The data breaches that continue to make the headlines show the importance of data protection and laws like the GDPR (General Data Protection Regulation). If you’re only beginning to look at compliance, the Regulation may seem overwhelming. The good news is that many of the GDPR requirements reflect efficient business activities or practices – things that’ll help you as an organisation irrespective of compliance. This blog explains further, as we take you through eight steps towards becoming compliant with the GDPR and similar data protection laws. In this blog 1. Secure management buy-in Board or senior management support is a

The post Step-by-Step Guide to Achieving GDPR Compliance appeared first on IT Governance Blog.

How You Can Continually Improve Your ISO 27001 ISMS (Clause 10)

Your ISO 27001 journey doesn’t end once you’ve implemented your ISMS (information security management system) and controls. You must check your measures are doing what they’re supposed to do by: This reflects what you’re trying to address: information security risks. In this blog Your information security risks evolve over time All recent ISO management system standards, including ISO 27001:2022, require you to continually improve your management system. Risks evolve over time – particularly in a cyber security context. Cyber criminals are, unfortunately, innovative. They’re constantly coming up with new tools and exploits, meaning that organisations need to be pro-active about

The post How You Can Continually Improve Your ISO 27001 ISMS (Clause 10) appeared first on IT Governance Blog.

How ISO 27001 Helps You Comply With DORA

From 17 January 2025, DORA (Digital Operational Resilience Act) will, as an EU regulation, directly apply throughout the EU. Though the Regulation is primarily concerned with the operational resilience of critical and important functions of EU financial entities, UK organisations may also be in scope – particularly if they supply ICT services to EU financial institutions. As we conduct DORA gap analyses, we’ve noticed how the organisations with an ISO 27001 ISMS (information security management system) tend to have a higher degree of DORA compliance. In this blog How ISO 27001 helps with DORA compliance ISO 27001 provides the ‘building

The post How ISO 27001 Helps You Comply With DORA appeared first on IT Governance Blog.

Why You Need Cyber Resilience and Defence in Depth

And how to become resilient with ISO 27001 and ISO 22301 Unfortunately, even the most secure organisation can suffer an incident. The odds are simply stacked against you: While you need to protect all your assets from all types of threat, an attacker needs only one exploitable weakness to get into your systems. Plus, any security measure you implement is only designed to stop, at most, a handful of threats – and that’s assuming it was both correctly implemented and still doing its job. Regardless of implementation, single measures aren’t enough – because no measure is foolproof. The consequences of

The post Why You Need Cyber Resilience and Defence in Depth appeared first on IT Governance Blog.

Russian organizations targeted by backdoor masquerading as secure networking software updates

While investigating an incident, we discovered a sophisticated new backdoor targeting Russian organizations by impersonating secure networking software updates.

Lumma Stealer – Tracking distribution channels

During incident response activities, our GERT team discovered Lumma Stealer in a customer’s infrastructure. Our experts conducted an investigation and analyzed its distribution scheme in detail.

Phishing attacks leveraging HTML code inside SVG files

Attackers are increasingly sending phishing emails with SVG attachments that contain embedded HTML pages or JavaScript code.

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Streamlining detection engineering in security operation centers

A proper detection engineering program can help improve SOC operations. In this article we'll discuss potential SOC issues, the necessary components of a detection engineering program and some useful metrics for evaluating its efficiency.

GOFFEE continues to attack organizations in Russia

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Attackers distributing a miner and the ClipBanker Trojan via SourceForge

Malicious actors are using SourceForge to distribute a miner and the ClipBanker Trojan while utilizing unconventional persistence techniques.

How ToddyCat tried to hide behind AV software

While analyzing a malicious DLL library used in attacks by APT group ToddyCat, Kaspersky expert discovered the CVE 2024-11859 vulnerability in a component of ESET’s EPP solution.

A journey into forgotten Null Session and MS-RPC interfaces, part 2

Kaspersky expert dissects the MS-RPC security mechanism and provides a step-by-step analysis of calling a function from the Netlogon interface.

TookPS: DeepSeek isn’t the only game in town

The TookPS malicious downloader is distributed under the guise of DeepSeek, and further mimics UltraViewer, AutoCAD, SketchUp, Ableton, and other popular tools.