Cybersecurity Center

Cybersecurity News

  • Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (Monday February 17, 2025)
    Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X. "These enhanced features add to (HackerNews)
  • South Korea Suspends DeepSeek AI Downloads Over Privacy Violations (Monday February 17, 2025)
    South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations. Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains (HackerNews)
  • CISO's Expert Guide To CTEM And Why It Matters (Monday February 17, 2025)
    Cyber threats evolve—has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity. This concise report makes a clear business case for why CTEM’s comprehensive approach is the best overall strategy for shoring up a business’s cyber defenses in the face of evolving attacks. It also (HackerNews)
  • ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More (Monday February 17, 2025)
    Welcome to this week’s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights. ⚡ Threat of the Week Russian Threat Actors Leverage Device Code Phishing to Hack (HackerNews)
  • New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations (Monday February 17, 2025)
    Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin. "The malware is compiled in Golang and once executed it acts like a backdoor," security researcher Leandro Fróes said in an analysis (HackerNews)
  • Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls (Saturday February 15, 2025)
    Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority. Users who attempt (HackerNews)
  • New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (Friday February 14, 2025)
    Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account. "If executed at scale, this attack could be used to gain access to thousands of accounts," Datadog Security Labs researcher Seth Art said in a report (HackerNews)
  • Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks (Friday February 14, 2025)
    The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that's associated with a profile named " (HackerNews)
  • AI-Powered Social Engineering: Ancillary Tools and Techniques (Friday February 14, 2025)
    Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and techniques for researching, scoping, and exploiting organizations. In a recent communication, the FBI pointed out: ‘As technology continues to evolve, so do cybercriminals' tactics.’ This article explores some of the impacts of this GenAI-fueled acceleration. And examines what (HackerNews)
  • Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (Friday February 14, 2025)
    Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024. The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas (HackerNews)
  • RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally (Friday February 14, 2025)
    The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network's domain controller as part of their post-compromise strategy. "RansomHub has targeted over 600 organizations globally, spanning sectors (HackerNews)
  • PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (Friday February 14, 2025)
    Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. "An (HackerNews)
  • Nearly a Year Later, Mozilla is Still Promoting OneRep (Thursday February 13, 2025)
    In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership. But nearly a year later, Mozilla is still promoting it to Firefox users. (KrebsOnSecurity)
  • Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners (Thursday February 13, 2025)
    A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) with an aim to steal credit card information and commit financial fraud. "The attacker targets victims searching for documents on search engines, resulting in access to malicious PDF that contains a CAPTCHA image embedded with a phishing link, leading them to (HackerNews)
  • North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks (Thursday February 13, 2025)
    A nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors. The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, TA427, and Velvet (HackerNews)
  • Fast Deployments, Secure Code: Watch this Learn to Sync Dev and Sec Teams (Thursday February 13, 2025)
    Ever felt like your team is stuck in a constant battle? Developers rush to add new features, while security folks worry about vulnerabilities. What if you could bring both sides together without sacrificing one for the other? We invite you to our upcoming webinar, "Opening the Fast Lane for Secure Deployments." This isn’t another tech talk full of buzzwords—it's a down-to-earth session that (HackerNews)
  • RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (Thursday February 13, 2025)
    An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity. "During the attack in late 2024, the attacker deployed a distinct toolset that had (HackerNews)
  • AI and Security - A New Puzzle to Figure Out (Thursday February 13, 2025)
    AI is everywhere now, transforming how businesses operate and how users engage with apps, devices, and services. A lot of applications now have some Artificial Intelligence inside, whether supporting a chat interface, intelligently analyzing data or matching user preferences. No question AI benefits users, but it also brings new security challenges, especially Identity-related security (HackerNews)
  • Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software (Thursday February 13, 2025)
    Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box. "An authentication bypass in the Palo Alto Networks PAN-OS software enables an (HackerNews)
  • FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (Thursday February 13, 2025)
    Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university, (HackerNews)
  • Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (Wednesday February 12, 2025)
    A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe. "This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations," the (HackerNews)
  • Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability (Wednesday February 12, 2025)
    Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container's isolation protections and gain complete access to the underlying host. The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions - NVIDIA Container Toolkit (All (HackerNews)
  • How to Steer AI Adoption: A CISO Guide (Wednesday February 12, 2025)
    CISOs are finding themselves more involved in AI teams, often leading the cross-functional effort and AI strategy. But there aren’t many resources to guide them on what their role should look like or what they should bring to these meetings.  We’ve pulled together a framework for security leaders to help push AI teams and committees further in their AI adoption—providing them with the (HackerNews)
  • North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (Wednesday February 12, 2025)
    The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them. "To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a (HackerNews)
  • Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (Wednesday February 12, 2025)
    Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge (HackerNews)
  • Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now (Wednesday February 12, 2025)
    Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution. The list of vulnerabilities is below - CVE-2024-38657 (CVSS score: 9.1) - External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy (HackerNews)
  • Microsoft Patch Tuesday, February 2025 Edition (Wednesday February 12, 2025)
    Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. (KrebsOnSecurity)
  • Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (Tuesday February 11, 2025)
    Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content. "Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for (HackerNews)
  • 4 Ways to Keep MFA From Becoming too Much of a Good Thing (Tuesday February 11, 2025)
    Multi-factor authentication (MFA) has quickly become the standard for securing business accounts. Once a niche security measure, adoption is on the rise across industries. But while it’s undeniably effective at keeping bad actors out, the implementation of MFA solutions can be a tangled mess of competing designs and ideas. For businesses and employees, the reality is that MFA sometimes feels (HackerNews)
  • Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions (Tuesday February 11, 2025)
    Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system. Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-critical (HackerNews)
  • Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks (Tuesday February 11, 2025)
    Gcore’s latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% YoY rise in the total number of DDoS attacks with the largest attack peaking at a record 2 Tbps. The financial services sector saw the most dramatic increase, with a 117% rise in attacks, while gaming remained the most-targeted industry. This period’s findings emphasize the need for robust, adaptive DDoS (HackerNews)
  • Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (Tuesday February 11, 2025)
    Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild. Assigned the CVE identifier CVE-2025-24200 (CVSS score: 4.6), the vulnerability has been described as an authorization issue that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber (HackerNews)
  • Protecting Your Software Supply Chain: Assessing the Risks Before Deployment (Tuesday February 11, 2025)
    Imagine you're considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization's environment. Just as you wouldn’t buy a car without knowing its (HackerNews)
  • Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (Tuesday February 11, 2025)
    Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025. NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim's host, allowing them to monitor the device's screen in real-time, control the keyboard and mouse, upload and download (HackerNews)
  • FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites (Tuesday February 11, 2025)
    Source: The Nation A coordinated law enforcement operation has taken down the dark web data leak and negotiation sites associated with the 8Base ransomware gang. Visitors to the data leak site are now greeted with a seizure banner that says: "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor (HackerNews)
  • Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (Monday February 10, 2025)
    Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites. Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, contains an obfuscated backdoor capable of providing attackers with persistent (HackerNews)
  • ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February] (Monday February 10, 2025)
    In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one seems minor until it becomes the entry point for an attack. This week, we’ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question (HackerNews)
  • Don't Overlook These 6 Critical Okta Security Configurations (Monday February 10, 2025)
    Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for (HackerNews)
  • DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (Monday February 10, 2025)
    Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware. "It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit," Trend Micro researchers Ted Lee and (HackerNews)
  • Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities (Monday February 10, 2025)
    Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting (HackerNews)
  • XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (Monday February 10, 2025)
    Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime (HackerNews)
  • Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection (Saturday February 08, 2025)
    Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file," ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. " (HackerNews)
  • Teen on Musk’s DOGE Team Graduated from ‘The Com’ (Saturday February 08, 2025)
    Wired reported this week that a 19-year-old working for Elon Musk's so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today's story explores, the DOGE teen is a former denizen of 'The Com,' an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration. (KrebsOnSecurity)
  • DeepSeek App Transmits Sensitive User and Device Data Without Encryption (Friday February 07, 2025)
    A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and (HackerNews)
  • CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability (Friday February 07, 2025)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution. "This could (HackerNews)
  • AI-Powered Social Engineering: Reinvented Threats (Friday February 07, 2025)
    The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It’s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution.  This article explores how these changes are impacting business, and how cybersecurity leaders can respond. Impersonation attacks: (HackerNews)
  • Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (Friday February 07, 2025)
    Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway. The tech giant's threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET (HackerNews)
  • India’s RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud (Friday February 07, 2025)
    India's central bank, the Reserve Bank of India (RBI), said it's introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud. "This initiative aims to reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services," the RBI said in a (HackerNews)
  • Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware (Friday February 07, 2025)
    Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp's Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a (HackerNews)
  • Experts Flag Security, Privacy Risks in DeepSeek AI App (Thursday February 06, 2025)
    New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three "free" downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek's design choices -- such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies -- introduce a number of glaring security and privacy risks. (KrebsOnSecurity)
  • Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (Thursday February 06, 2025)
    Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China. "This actor has increasingly targeted key roles (HackerNews)
  • Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023 (Thursday February 06, 2025)
    Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023. The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%. "The number of ransomware events increased into H2, but on-chain payments declined, (HackerNews)
  • SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images (Thursday February 06, 2025)
    A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets.  The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server, (HackerNews)
  • The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025 (Thursday February 06, 2025)
    Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas. With the PAM market projected to reach $42.96 billion by 2037 (according to Research Nester), organizations invest heavily in PAM solutions. Why is PAM climbing the ranks of leadership priorities? While Gartner (HackerNews)
  • Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’? (Tuesday February 04, 2025)
    The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet service provider and a pair of e-commerce platforms catering to buyers and sellers on both forums. (KrebsOnSecurity)
  • FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang (Friday January 31, 2025)
    The FBI and authorities in The Netherlands this week seized a number of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname "The Manipulaters," have been the subject of three stories published here since 2015. The FBI said the main clientele are organized crime groups that try to trick victim companies into making payments to a third party. (KrebsOnSecurity)
  • Infrastructure Laundering: Blending in with the Cloud (Thursday January 30, 2025)
    In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit -- a sprawling network tied to Chinese organized crime gangs and aptly named "Funnull" -- highlights a persistent whac-a-mole problem facing cloud services. (KrebsOnSecurity)
  • A Tumultuous Week for Federal Cybersecurity Efforts (Tuesday January 28, 2025)
    President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation's cybersecurity posture. The president fired all advisors from the Department of Homeland Security's Cyber Safety Review Board, called for the creation of a strategic cryptocurrency reserve, and voided a Biden administration action that sought to reduce the risks that artificial intelligence poses to consumers, workers and national security. (KrebsOnSecurity)
  • MasterCard DNS Error Went Unnoticed for Years (Wednesday January 22, 2025)
    The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals. (KrebsOnSecurity)
  • Chinese Innovations Spawn Wave of Toll Phishing Via SMS (Thursday January 16, 2025)
    Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. states. (KrebsOnSecurity)

Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.