Category: darkreading

‘EncryptHub’ OPSEC Failures Reveal TTPs & Big Plans Is EncryptHub the most prolific cybercriminal in recent history? Or, as new information suggests, a bumbling amateur? Nate Nelson, Contributing Writer Go to gbhackers.com

Under Pressure: US Charges China’s APT-for-Hire Hackers The US Justice Department on Wednesday announced charges against members of the Chinese-backed i-Soon “secret” APT and APT27, the latter implicated in January’s Treasury breach. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Women Faced the Brunt of Cybersecurity Cutbacks in 2024 Many women are finding that they are unhappy in their cybersecurity roles, largely due to the layoffs their companies are experiencing, cutbacks, and return to in-office work policies. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Enterprise AI Through a Data Security Lens: Balancing Productivity With Safety Recently, 57 countries signed an agreement pledging an “open” and “inclusive” approach to AI’s development. The US and UK were not among them, with the US vice president implying productivity should be the priority over safety. Should the opportunity for AI to drive innovation…

CISA Cuts: A Dangerous Gamble in a Dangerous World The Cybersecurity and Infrastructure Security Agency’s role in risk management needs to expand, not shrink. Steve Durbin Go to gbhackers.com

Deepfake Videos of YouTube CEO Phish Creators YouTube creators are being targeted by scammers seeking out their credentials, using deepfake tactics to lure them in with a false sense of legitimacy. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Ransomware Attacks Build Against Saudi Construction Firms Cybercriminals are ramping up their efforts in the Kingdom and targeting more than just petroleum firms; now, they’re aiming for Middle East organizations in the IT, government, construction, and real estate sectors too. Robert Lemos, Contributing Writer Go to gbhackers.com

Espionage Actor ‘Lotus Blossom’ Targets South East Asia The threat actor, of unknown origin, is deploying a proprietary backdoor malware known as “Sagerunex” against critical infrastructure in Hong Kong, Philippines, Taiwan, and Vietnam. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

China’s Silk Typhoon APT Shifts to IT Supply Chain Attacks The nation-state threat group has been breaching providers of remote management tools, identity management providers, and other IT companies to access networks of targeted entities, according to Microsoft. Jai Vijayan, Contributing Writer Go to gbhackers.com

Qualcomm, MediaTek Release Security Fix Bonanza The chipmakers patched bugs, mostly critical and high severity, that affect everything from smartphones to TVs to artificial intelligence platforms. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

‘Crafty Camel’ APT Targets Aviation, OT With Polygot Files The Iran-linked nation-state group made its debut with a stealthy, sophisticated, and laser-focused cyber-espionage attack on targets in UAE. Nate Nelson, Contributing Writer Go to gbhackers.com

Bogus ‘BianLian’ Gang Sends Snail-Mail Extortion Letters The letters mimic typical ransom notes and threaten to delete or leak compromised data if payments aren’t made, though none of the organizations that received them had active ransomware attacks. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Why Security Leaders Are Opting for Consulting Gigs Many CISOs are weighing the benefits of going virtual as a consultant. Can the pendulum swing in the other direction? Richard Marcus Go to gbhackers.com

Black Basta Pivots to Cactus Ransomware Group The future of the formerly fearsome cybercriminal group remains uncertain as key members have moved to a new affiliation, in fresh attacks that use novel persistence malware BackConnect. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Thinking Outside the Box on Cyber Risk CISOs should add more to their vision than technology as a global report published by the World Economic Forum identifies a closely interconnected cocktail of risk Richard Thurston Go to gbhackers.com

Rapid7 Delivers Command Platform Offerings for Exposure Management Go to gbhackers.com

Glide Identity Partners With Google Cloud and Major Telcos Go to gbhackers.com

3 VMware Zero-Day Bugs Allow Sandbox Escape The now-patched bugs are under active exploit and enable attackers to carry out a wide range of malicious activities, including escaping a virtual machine and gaining access to the underlying host. Jai Vijayan, Contributing Writer Go to gbhackers.com

BeyondTrust Pathfinder Delivers a One-Platform Approach to Identity-Centric Security Go to gbhackers.com

Threat Actor ‘JavaGhost’ Targets AWS Environments in Phishing Scheme Palo Alto Networks’ Unit 42 details how a threat actor is dodging detection with careful targeting and the use of Amazon’s native email tools. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Serbian Police Hack Protester’s Phone With Cellebrite Exploit Chain Amnesty International said Serbian police used an exploit chain in tandem with legitimate mobile extraction dongle from vendor Cellebrite in an attack that brings up questions around ethical technology development. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

North Korea’s Latest ‘IT Worker’ Scheme Seeks Nuclear Funds Fraudulent IT workers are looking for engineering and developer positions in the US and Japan, and this time it’s not about espionage. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Pentagon, CISA Deny Change in US Cyber Policy on Russia Media reports over the weekend suggested the Trump Administration ordered US Cyber Command and CISA to draw down cyber activities targeting Russia. Jai Vijayan, Contributing Writer Go to gbhackers.com

Why Cybersecurity Jobs Are Hard to Find Amid a Worker Shortage The cybersecurity job market nowadays is facing an unusual paradox: Many roles seem open, but competition and hiring practices can make securing a position a real challenge. Andrey Leskin Go to gbhackers.com

Name That Edge Toon: On the Precipice Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card. John Klossner Go to gbhackers.com

TikTok’s Teen Data Use Probed by UK Regulators Investigators at the ICO are looking into how (or if) TikTok, as well as Reddit and Imgur, are enforcing UK privacy protections for 13- to 17-year-old users. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com

Qilin Cybercrime Ring Claims Credit for Lee Newspaper Breach The ransomware-as-a-service (RaaS) cybercrime group intends to leak the stolen information in just two days, it claims; but oddly, it doesn’t seek a ransom payment from its victim. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Phishers Wreak ‘Havoc,’ Disguising Attack Inside SharePoint A complex campaign allows cyberattackers to take over Windows systems by a combining a ClickFix-style attack and sophisticated obfuscation that abuses legitimate Microsoft services. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

EU’s New Product Liability Directive & Its Cybersecurity Impact By proactively addressing liabilities tied to software updates, data loss, and AI technologies, businesses can mitigate risks and achieve compliance. Jatin Mannepalli Go to gbhackers.com

Latin American Orgs Face 40% More Attacks Than Global Average Technological adoption, demographics, politics, and uniquely Latin American law enforcement challenges have combined to make the region uniquely fertile for cyberattacks. Nate Nelson, Contributing Writer Go to gbhackers.com

Cisco’s SnapAttack Deal Expands Splunk’s Capabilities The addition of SnapAttack, a startup incubated by Booz Allen Hamilton’s Darklabs, will enhance Splunk with accelerated SIEM migration and proactive threat hunting. Jeffrey Schwartz Go to gbhackers.com

US Soldier Intends to Admit Hacking 15 Telecom Carriers The federal government views the defendant as a flight risk and danger to the community due to his ability to access sensitive and private information. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Microsoft Busts Hackers Selling Illegal Azure AI Access LLMjacking operation leveraged illicit access GenAI services to produce explicit celebrity images and other harmful content, Microsoft’s digital crimes unit says. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com

Top 10 Most Probable Ways a Company Can Be Hacked How to win the battle with root cause analysis and a data-driven approach. Erich Kron Go to gbhackers.com

Targeted by Ransomware, Middle East Banks Shore Up Security As the UAE financial sector finished up its annual cyberattack exercise, its worries about ransomware compromises and geopolitical attacks are on the rise. Robert Lemos, Contributing Writer Go to gbhackers.com

Cleveland Municipal Court Remains Closed After Cyber Incident No details yet on what forced the court to shut down affected systems and halt operations as of late Feb. 23. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Nakivo Fixes Critical Flaw in Backup & Replication Tool The vendor’s products fall in a category that ransomware operators like to target to circumvent victims’ ability to recover from a successful attack. Jai Vijayan, Contributing Writer Go to gbhackers.com

Microsoft Rolls Out Fresh Outlook Fix After Faulty Windows Update Windows 11 users can deploy a workaround or await the update rollout. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

3 Things to Know About AI Data Poisoning Data poisoning represents the next big existential cybersecurity threat — unless organizations can ensure their AI systems are safe and trustworthy. Arvind Nithrakashyap Go to gbhackers.com

Generative AI Shows Promise for Faster Triage of Vulnerabilities A host of automated approaches identifies and remediates potential vulns while still retaining a role for security analysts to filter for context and business criticality. Robert Lemos, Contributing Writer Go to gbhackers.com

Chinese APT Uses VPN Bug to Exploit Worldwide OT Orgs Companies critical to the aviation and aerospace supply chains didn’t patch a known CVE, providing opportunity for foreign espionage. Nate Nelson, Contributing Writer Go to gbhackers.com

Hackers Can Crack Into Car Cameras in Minutes Flat It’s shockingly simple to turn a car dashcam into a powerful reconnaissance tool for gathering everyday routine and location data, researchers warn. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com

AI-Fueled Tax Scams on the Rise Go to gbhackers.com

How Hackers Make Salesforce More Secure in the Agentic AI Era Go to gbhackers.com

Menlo Security Acquires Votiro Go to gbhackers.com

Onapsis Introduces Control Central for New Era of RISE With SAP Go to gbhackers.com

Anubis Threat Group Seeks Out Critical Industry Victims The threat group has a variety of tactics in its toolbox, including double extortion and ransomware-as-a-service. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

‘Silver Fox’ APT Skirts Windows Blocklist in BYOVD Attack There’s an untapped universe of exploitable drivers in the wild today. By exploiting just one of them, attackers were able to defeat security tools and infect Asian citizens with Gh0stRAT. Nate Nelson, Contributing Writer Go to gbhackers.com

Water Utility Co. Still Paying the Breach Price a Year Later The UK’s Southern Water has been forced to shell out millions due to a Black Basta cyberattack, and it has come to light that the total could include a ransom payment. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Name That Toon: Ka-Ching! Feeling creative? Have something to say about cybersecurity? Submit your caption and our panel of experts will reward the winner with a $25 gift card. John Klossner Go to gbhackers.com

Machine Unlearning: The Lobotomization of LLMs In the end, the question isn’t whether large language models will ever forget — it’s how we’ll develop the tools and systems to do so effectively and ethically. John Funge Go to gbhackers.com

Fortanix Tackles Quantum Computing Threats With New Algorithms Fortanix is implementing post-quantum cryptographic algorithms in its security suite to protect against future attacks. Agam Shah Go to gbhackers.com

How to Rein in Identity Session Security Risk With CAEP Addressing the complexities of session management in multi-IDP environments, CAEP offers a pathway to real-time security, proactive risk mitigation, and enhanced user trust. Aldo Pietropaolo Go to gbhackers.com

AI Tricksters Spin Up Fake DeepSeek Sites to Steal Crypto The fake websites trick users into downloading and running malware that searches for personal information, especially anything related to crypto currency. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Microsoft 365 Accounts Get Sprayed by Mega-Botnet The threat actors are exploiting non-interactive sign-ins, an authentication feature that security teams don’t typically monitor. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

North Korea’s Lazarus Pulls Off Biggest Crypto Heist in History Cyberattackers believed to be affiliated with the state-sponsored threat group pulled off the largest crypto heist reported to date, stealing $1.5 billion from exchange Bybit. It was carried out by interfering with a routine transfer between wallets. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Unmanaged Devices: The Overlooked Threat CISOs Must Confront No matter the strategy, companies must approach securing unmanaged devices with sensitivity and respect for employee privacy. Jeff Shiner Go to gbhackers.com

Industrial System Cyberattacks Surge as OT Stays Vulnerable Nearly a third of organizations have an operational system connected to the Internet with a known exploited vulnerability, as attacks by state and non-state actors increase. Robert Lemos, Contributing Writer Go to gbhackers.com

Zero-Day Bug Pops Up in Parallels Desktop for Mac A patch bypass for a bug in the popular desktop emulator enables root-level privilege escalation and has no fix in sight. Jai Vijayan, Contributing Writer Go to gbhackers.com

Australia Latest Domino to Fall in Gov’t Kaspersky Bans This move comes less than a year after the United States banned Kaspersky products, out of the same fear that the company is under Russian government control. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

DeepSeek’s ByteDance Data-Sharing Raises Fresh Security Concerns Confirmation by South Korea’s data protection agency that the AI chatbot sent data to TikTok’s Chinese parent company has spurred a ban in that nation, and is again is calling into question DeepSeek’s safety. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Could the Plot of Netflix’s ‘Zero Day’ Occur IRL? A new streaming series about a catastrophic, nationwide cyberattack against US critical infrastructure is about as believable as its main character: an honest, bipartisan, universally beloved politician. Nate Nelson, Contributing Writer Go to gbhackers.com

How APT Naming Conventions Make Us Less Safe Only by addressing the inefficiencies of current naming conventions can we create a safer, more resilient landscape for all defenders. Mike Kosak Go to gbhackers.com

Thailand Targets Cyber Sweatshops to Free 1,000s of Captives Thai police said it was expecting to soon welcome 7,000 human trafficking victims, forced to work on cybercrime scams in call centers in Mynmar, in a first wave of people being freed from captivity. Tara Seals, Managing Editor, News, Dark Reading Go to gbhackers.com

Black Basta Goes Dark Amid Infighting, Chat Leaks Show One of 2024’s most active ransomware outfits has been asleep through early 2025, thanks to reality-show-style, behind-the-scenes drama. Nate Nelson, Contributing Writer Go to gbhackers.com

Cisco Confirms Salt Typhoon Exploitation in Telecom Hits In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using using stolen login credentials for initial access. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Nations Open ‘Data Embassies’ to Protect Critical Info Estonia and Monaco back up their citizens’ information to a data center in Luxembourg, while Singapore looks to India as its safe haven for data. But geopolitical challenges remain. Robert Lemos, Contributing Writer Go to gbhackers.com

4 Low-Cost Ways to Defend Your Organization Against Deepfakes Every organization should be exploring a layered approach in which artificial and human intelligences come together to form a rich, dynamic, and multifaceted deepfake defense strategy tailored to its needs. Eyal Benishti Go to gbhackers.com

Data Suggests It’s Time to Rethink Cloud Permissions Excessive privileges and visibility gaps create a breeding ground for cyber threats. Liat Hayun Go to gbhackers.com

Ghost Ransomware Targets Orgs in 70+ Countries The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Google Adds Quantum-Resistant Digital Signatures to Cloud KMS The new Cloud Key Management Service is part of Google’s new roadmap for implementing the new NIST-based post-quantum cryptography (PQC) standards. Jeffrey Schwartz Go to gbhackers.com

ZEST Security’s Cloud Risk Exposure Impact Report Reveals 62% of Incidents are Related to Risks Known to the Organization Go to gbhackers.com

When Brand Loyalty Trumps Data Security Brand loyalty can act as a shield protecting organizations from the immediate impact of a breach, but that protection has a shelf life. Paul Underwood Go to gbhackers.com

Signs Your Organization’s Culture is Hurting Your Cybersecurity High turnover, burnout, and blame-heavy environments do more than hurt morale. They also weaken security and put the organization at risk. Joan Goodchild Go to gbhackers.com

‘Darcula’ Phishing Kit Can Now Impersonate Any Brand With Version 3, would-be phishers can cut and paste a big brand’s URL into a template and let automation do the rest. Nate Nelson, Contributing Writer Go to gbhackers.com

Australian Critical Infrastructure Faces ‘Acute’ Foreign Threats The continent faces “relentless” military espionage, and increased cyber sabotage at the hands of authoritarian regimes, according to a high-ranking intelligence director. Nate Nelson, Contributing Writer Go to gbhackers.com

Insight Partners, VC Giant, Falls to Social Engineering The start-up incubator and PR firm with holdings in more than 70 cybersecurity firms has announced a data breach with as-yet-unknown effects. Tara Seals, Managing Editor, News, Dark Reading Go to gbhackers.com

Patch Now: CISA Warns of Palo Alto Flaw Exploited in the Wild The authentication bypass vulnerability in the OS for the company’s firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

What Is the Board’s Role in Cyber-Risk Management in OT Environments? By taking several proactive steps, boards can improve their organization’s resilience against cyberattacks and protect their critical OT assets. Go to gbhackers.com

North Korea’s Kimsuky Taps Trusted Platforms to Attack South Korea The campaign heavily uses Dropbox folders and PowerShell scripts to evade detection and quickly scrapped infrastructure components after researchers began poking around. Robert Lemos, Contributing Writer Go to gbhackers.com

Xerox Printer Vulnerabilities Enable Credential Capture Attackers are using patched bugs to potentially gain unfettered access to an organization’s Windows environment under certain conditions. Jai Vijayan, Contributing Writer Go to gbhackers.com

China-Linked Threat Group Targets Japanese Orgs’ Servers Winnti once used a variety of malware, but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Microsoft: New Variant of macOS Threat XCSSET Spotted in the Wild Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Introducing enQase for Quantum-Safe Security Go to gbhackers.com

How This Security Firm’s ‘Bias’ Is Also Its Superpower Credible Security’s founders bring their varied experiences to help growing companies turn trust into a strategic advantage. Mercedes Cardona Go to gbhackers.com

How Banks Can Adapt to the Rising Threat of Financial Crime Banking fraud and financial crimes are growing more sophisticated every day. By understanding the threats and building strong collaborations, banks can protect themselves and their clients. Alena Robertson Go to gbhackers.com

Open Source AI Models: Perfect Storm for Malicious Code, Vulnerabilities Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply chain security and checking for vulnerabilities. Robert Lemos, Contributing Writer Go to gbhackers.com

Salt Typhoon Exploits Cisco Devices in Telco Infrastructure The China-sponsored state espionage group has exploited known, older bugs in Cisco gear for successful cyber intrusions on six continents in the past two months. Nate Nelson, Contributing Writer Go to gbhackers.com

Warning: Tunnel of Love Leads to Scams Romance-baiting losses were up 40% last year, as more and more pig-butchering efforts crop up in the wild. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

CyberArk Makes Identity Security Play With Zilla Acquisition CyberArk announced the Zilla deal on the same day leading identity and access governance provider SailPoint returned to the public markets. Jeffrey Schwartz Go to gbhackers.com

Roundtable: Is DOGE Flouting Cybersecurity for US Data? Cybersecurity experts weigh in on the red flags flying around the new Department of Government Efficiency’s handling of the mountains of US data it now has access to, potentially without basic information security protections in place. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com

Chinese APT ‘Emperor Dragonfly’ Moonlights With Ransomware Pivoting from prior cyber espionage, the threat group deployed its backdoor tool set to ultimately push out RA World malware, demanding $2 million from its victim. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

How Public & Private Sectors Can Better Align Cyber Defense With investment in cybersecurity capabilities and proactive measures to address emerging challenges, we can work together to navigate the complexities of combating cybercrime. Chris Henderson Go to gbhackers.com

Japan Goes on Offense With New ‘Active Cyber Defense’ Bill Japan is on a mission to catch up to the US standard of national cyber preparedness, and its new legislation is a measure intended to stop escalating Chinese cyber-espionage efforts, experts say. Nate Nelson, Contributing Writer Go to gbhackers.com

President Trump to Nominate Former RNC Official as National Cyber Director Sean Cairncross will be one of the primary advisers to the administration on national cybersecurity matters. Jai Vijayan, Contributing Writer Go to gbhackers.com

Feds Sanction Russian Hosting Provider for Supporting LockBit Attacks US, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Microsoft: Russia’s Sandworm APT Exploits Edge Bugs Globally Sandworm (aka Seashell Blizzard) has an initial access wing called “BadPilot” that uses standard intrusion tactics to spread Russia’s tendrils around the world. Nate Nelson, Contributing Writer Go to gbhackers.com

Is AI a Friend or Foe of Healthcare Security? When it comes to keeping patient information safe, people empowerment is just as necessary as deploying new technologies. Claudio Gallo Go to gbhackers.com

India’s Cybercrime Problems Grow as Nation Digitizes More than half of attacks on Indian businesses come from outside the country, while 45% of those targeting consumers come from Cambodia, Myanmar, and Laos. Robert Lemos, Contributing Writer Go to gbhackers.com

Microsoft’s February Patch a Lighter Lift Than January’s But there’s plenty in it — including two zero-days — that need immediate attention. Jai Vijayan, Contributing Writer Go to gbhackers.com