Tag: darkreading

Containment as a Core Security Strategy We cannot keep reacting to vulnerabilities as they emerge. We must assume the presence of unknown threats and reduce the blast radius that they can affect. Ariadne Conill Go to gbhackers.com

‘PoisonSeed’ Attacker Skates Around FIDO Keys Researchers discovered a novel phishing attack that serves the victim a QR code as part of supposed multifactor authentication (MFA), in order to get around FIDO-based protections. Alexander Culafi Go to gbhackers.com

3 Ways Security Teams Can Minimize Agentic AI Chaos Security often lags behind innovation. The path forward requires striking a balance. Josh Lemos Go to gbhackers.com

Firmware Vulnerabilities Continue to Plague Supply Chain Four flaws in the basic software for Gigabyte motherboards could allow persistent implants, underscoring problems in the ways firmware is developed and updated. Robert Lemos, Contributing Writer Go to gbhackers.com

4 Chinese APTs Attack Taiwan’s Semiconductor Industry Chinese threat actors have turned to cyberattacks as a way to undermine and destabilize Taiwan’s most important industrial sector. Nate Nelson, Contributing Writer Go to gbhackers.com

Cisco Discloses ’10’ Flaw in ISE, ISE-PIC — Patch Now Cisco just disclosed a critical severity flaw in its ISE and ISE-PIC products, joining two similar bugs disclosed last month. Alexander Culafi Go to gbhackers.com

Printer Security Gaps: A Broad, Leafy Avenue to Compromise Security teams aren’t patching firmware promptly, no one’s vetting the endpoints before purchase, and visibility into potential dangers is limited — despite more and more cyberattackers targeting printers as a matter of course. Tara Seals Go to gbhackers.com

Armenian Extradited to US Over Ryuk Ransomware The suspect faces three charges for his alleged crimes that could earn him up to five years in federal prison, and a heap of fines. Kristina Beek Go to gbhackers.com

Why Cybersecurity Still Matters for America’s Schools Cyberattacks on educational institutions are growing. But with budget constraints and funding shortfalls, leadership teams are questioning whether — and how — they can keep their institutions safe. Chester Moyer Go to gbhackers.com

China-Backed Salt Typhoon Hacks US National Guard for Nearly a Year Between March and December of last year, infamous Chinese state-sponsored APT Salt Typhoon gained access to sensitive US National Guard data. Alexander Culafi Go to gbhackers.com

AI Driving the Adoption of Confidential Computing After years of hanging out in the wild, confidential computing is getting closer to an AI model near you. Agam Shah Go to gbhackers.com

ISC2 Finds Orgs Are Increasingly Leaning on AI While many organizations are eagerly integrating AI into their workflows and cybersecurity practices, some remain undecided and even concerned about potential drawbacks of AI deployment. Kristina Beek Go to gbhackers.com

Elite ‘Matanbuchus 3.0’ Loader Spruces Up Ransomware Infections An upgraded cybercrime tool is designed to make targeted ransomware attacks as easy and effective as possible, with features like EDR-spotting and DNS-based C2 communication. Nate Nelson, Contributing Writer Go to gbhackers.com

Women Who ‘Hacked the Status Quo’ Aim to Inspire Cybersecurity Careers A group of female cybersecurity pioneers will share what they’ve learned about navigating a field dominated by men, in order to help other women empower themselves and pursue successful cybersecurity careers. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Cognida.ai Launches Codien: An AI Agent to Modernize Legacy Test Automation and Fast-Track Test Creation Go to gbhackers.com

Securing the Budget: Demonstrating Cybersecurity’s Return By tying security investments to measurable outcomes — like reduced breach likelihood and financial impact — CISOs can align internal stakeholders and justify spending based on real-world risk. Kara Sprague Go to gbhackers.com

Altered Telegram App Steals Chinese Users’ Android Data Using more than 600 domains, attackers entice Chinese-speaking victims to download a vulnerable Telegram app that is nearly undetectable on older versions of Android. Robert Lemos, Contributing Writer Go to gbhackers.com

AI Is Reshaping How Attorneys Practice Law Experts recommend enhanced AI literacy, training around the ethics of using AI, and verification protocols to maintain credibility in an increasingly AI-influenced courtroom. Arielle Waldman Go to gbhackers.com

Lessons Learned From McDonald’s Big AI Flub McDonald’s hiring platform was using its original default credentials and inadvertently exposed information belonging to approximately 64 million job applicants. Alexander Culafi Go to gbhackers.com

AsyncRAT Spawns Concerning Labyrinth of Forks Since surfacing on GitHub in 2019, AsyncRAT has become a poster child for how open source malware can democratize cybercrime, with a mazelike footprint of variants available across the spectrum of functionality. Jai Vijayan, Contributing Writer Go to gbhackers.com

Attackers Abuse AWS Cloud to Target Southeast Asian Governments The intelligence-gathering cyber campaign introduces the novel HazyBeacon backdoor and uses legitimate cloud communication channels for command-and-control (C2) and exfiltration to hide its malicious activities. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

How Criminal Networks Exploit Insider Vulnerabilities Criminal networks are adapting quickly, and they’re betting that companies won’t keep pace. Let’s prove them wrong. Rob Juncker Go to gbhackers.com

MITRE Launches AADAPT Framework for Financial Systems The new framework is modeled after and meant to complement the MITRE ATT&CK framework, and it is aimed at detecting and responding to cyberattacks on cryptocurrency assets and other financial targets. Kristina Beek Go to gbhackers.com

Web-Inject Campaign Debuts Fresh Interlock RAT Variant A cyber-threat campaign is using legitimate websites to inject victims with remote access Trojans belonging to the Interlock ransomware group, in order to gain control of devices. Alexander Culafi Go to gbhackers.com

Google Gemini AI Bug Allows Invisible, Malicious Prompts A prompt-injection vulnerability in the AI assistant allows attackers to create messages that appear to be legitimate Google Security alerts but instead can be used to target users across various Google products with vishing and phishing. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Military Veterans May Be What Cybersecurity Is Looking For As the field struggles with a shortage, programs that aim to provide veterans with the technical skills needed to succeed in cybersecurity may be the solution for everyone. Kristina Beek Go to gbhackers.com

The Dark Side of Global Power Shifts & Demographic Decline As global power realigns and economies falter, the rise in cybercrime is no longer hypothetical — it’s inevitable. Ty Greenhalgh Go to gbhackers.com

Pay2Key Ransomware Gang Resurfaces With Incentives to Attack US, Israel The ransomware-as-a-service (RaaS) operation, which has been tied to an Iranian advanced persistent threat (APT) group, recently boosted its affiliate profit share to 80% for attacks on Western targets. Rob Wright Go to gbhackers.com

350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE Mercedes, Skoda, and Volkswagen vehicles, as well as untold industrial, medical, mobile, and consumer devices, may be exposed to a vulnerable Bluetooth implementation called “PerfektBlue.” Nate Nelson, Contributing Writer Go to gbhackers.com

As Cyber-Insurance Premiums Drop, Coverage Is Key to Resilience Cyber-insurance premiums continue to decline from their explosive growth from 2020 to 2022, but coverage is more important than ever to manage risks, experts say. Robert Lemos, Contributing Writer Go to gbhackers.com

Factoring Cybersecurity Into Finance’s Digital Strategy As financial institutions continue to embrace digital transformation, their success will depend on their ability to establish and maintain robust and responsible cybersecurity practices. Jeff Prelle Go to gbhackers.com

Digital Fingerprints Tests Privacy Concerns in 2025 DEK: Privacy experts say Google’s quiet policy update on digital fingerprinting opens the door to deeper surveillance, discrimination, and data misuse—while the company insists nothing has changed. Digital fingerprinting eliminates the user’s ability to opt out of data collection, and could expose users to increased surveillance, identity theft,…

Customer, Employee Data Exposed in Nippon Steel Breach Information from the company’s NS Solutions subsidiary has yet to show up on any Dark Web sites, but it doesn’t rule out the possibility that the data may have been stolen. Kristina Beek Go to gbhackers.com

eSIM Bug in Millions of Phones Enables Spying, Takeover eSIMs around the world may be fundamentally vulnerable to physical and network attacks because of a 6-year-old Oracle vulnerability in technology that underlies billions of cards. Nate Nelson, Contributing Writer Go to gbhackers.com

Ingram Micro Up and Running After Ransomware Attack Customers were the first to notice the disruption on the distributor’s website when they couldn’t place orders online. Kristina Beek Go to gbhackers.com

4 Arrested in UK Over M&S, Co-op, Harrods Hacks The UK’s National Crime Agency arrested four people, who some experts believe are connected to the notorious cybercriminal collective known as Scattered Spider. Alexander Culafi Go to gbhackers.com

Agentic AI’s Risky MCP Backbone Opens Brand-New Attack Vectors Critical security vulnerabilities affect different parts of the Model Context Protocol (MCP) ecosystem, which many organizations are rapidly adopting in order to integrate AI models with external data sources. Jai Vijayan, Contributing Writer Go to gbhackers.com

SIM Swap Fraud Is Surging — and That’s a Good Thing Now it’s time to build systems that attackers can’t reroute with a phone call. Shaun Cooney Go to gbhackers.com

North American APT Uses Exchange Zero-Day to Attack China Stories about Chinese APTs attacking the US and Canada are plentiful. In a turnabout, researchers found what they believe is a North American entity attacking a Chinese entity, thanks to a mysterious issue in Microsoft Exchange. Nate Nelson, Contributing Writer Go to gbhackers.com

A NVIDIA Container Bug & Chance to Harden Kubernetes A container escape flaw involving the NVIDIA Container Toolkit could have enabled a threat actor to access AI datasets across tenants. Alexander Culafi Go to gbhackers.com

New AI Malware PoC Reliably Evades Microsoft Defender Worried about hackers employing LLMs to write powerful malware? Using targeted reinforcement learning (RL) to train open source models in specific tasks has yielded the capability to do just that. Nate Nelson, Contributing Writer Go to gbhackers.com

Rubio Impersonator Signals Growing Security Threat From Deepfakes An impostor who posed as the secretary of state in text and voice communications with diplomats and politicians demonstrates the increased sophistication of and national security threat posed by the AI technology. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Know Your Enemy: Understanding Dark Market Dynamics To help counter crime, today’s organizations require a cyber-defense strategy that incorporates the mindset of the cybercriminal. Bogdan Botezatu Go to gbhackers.com

SatanLock Next in Line for Ransomware Group Shutdowns Though the victims list on its site has since been taken down, the group plans on leaking the rest of the files stolen from its victims. Kristina Beek Go to gbhackers.com

Unlock Security Operations Success With Data Analysis From data fog to threat clarity: Automating security analytics helps security teams stop fighting phantoms and respond to what matters. George V. Hulme, Contributing Writer Go to gbhackers.com

South Korean Government Imposes Penalties on SK Telecom for Breach Following a breach at the country’s top mobile provider that exposed 27 million records, the South Korean government imposed a small monetary penalty but stiff regulatory requirements. Robert Lemos, Contributing Writer Go to gbhackers.com

Microsoft Patches 137 CVEs in July, But No Zero-Days Some 17 of the bugs are at high risk for exploits, including multiple remote code execution bugs in Office and SharePoint. Jai Vijayan, Contributing Writer Go to gbhackers.com

Malicious Open Source Packages Spike 188% YoY Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens. Alexander Culafi Go to gbhackers.com

Suspected Hacker Linked to Silk Typhoon Arrested in Milan The alleged Chinese state-sponsored hacker faces multiple charges, including wire fraud, aggravated identity theft, and unauthorized access to protected computers. Kristina Beek Go to gbhackers.com

Hackers ‘Shellter’ Various Stealers in Red Team Tool to Evade Detection Researchers have uncovered multiple campaigns spreading Lumma, Arechclient2, and Rhadamanthys malware by leveraging key features of the AV/EDR evasion framework. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

4 Critical Steps in Advance of 47-Day SSL/TLS Certificates With certificate lifespans set to shrink by 2029, IT teams need to spend the next 100 days planning in order to avoid operational disruptions. Tim Callan Go to gbhackers.com

Checking for Fraud: Texas Community Bank Nips Check Fraud in the Bud Within months of implementing anti-fraud measures and automation, Texas National Bank prevented more than $300,000 in check fraud. Karen D. Schwartz, Contributing Writer Go to gbhackers.com

TAG-140 Targets Indian Government Via ‘ClickFix-Style’ Lure The threat actors trick victims into opening a malicious script, leading to the execution of the BroaderAspect .NET loader. Kristina Beek Go to gbhackers.com

Bert Blitzes Linux & Windows Systems The new ransomware strain’s aggressive multithreading and cross-platform capabilities make it a potent threat to enterprise environments. Jai Vijayan, Contributing Writer Go to gbhackers.com

DPRK macOS ‘NimDoor’ Malware Targets Web3, Crypto Platforms Researchers observed North Korean threat actors targeting cryptocurrency and Web3 platforms on Telegram using malicious Zoom meeting requests. Alexander Culafi Go to gbhackers.com

Ransomware Attack Triggers Widespread Outage at Ingram Micro The outage began shortly before the July 4 holiday weekend and caused disruptions for customer ordering and other services provided by the IT distributor. Rob Wright Go to gbhackers.com

‘Hunters International’ RaaS Group Closes Its Doors The announcement comes just months after security researchers observed that the group was making the transition to rebrand to World Leaks, a data theft outfit. Kristina Beek Go to gbhackers.com

Chrome Store Features Extension Poisoned With Sophisticated Spyware A color picker for Google’s browser with more than 100,000 downloads hijacks sessions every time a user navigates to a new webpage and also redirects them to malicious sites. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

New Cyber Blueprint Aims to Guide Organizations on AI Journey Deloitte’s new blueprint looks to bridge the gap between the massive push for AI adoption and a lack of preparedness among leaders and employees. Arielle Waldman Go to gbhackers.com

Dark Web Vendors Shift to Third Parties, Supply Chains As attacks on software supply chains and third parties increase, more data on critical software and infrastructure services is being advertised and sold on the Dark Web. Robert Lemos, Contributing Writer Go to gbhackers.com

IDE Extensions Pose Hidden Risks to Software Supply Chain Malicious extensions can be engineered to bypass verification checks for popular integrated development environments, according to research from OX Security. Rob Wright Go to gbhackers.com

Attackers Impersonate Top Brands in Callback Phishing Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Qantas Airlines Breached, Impacting 6M Customers Passengers’ personal information was likely accessed via a third-party platform used at a call center, but didn’t include passport or credit card info. Nate Nelson, Contributing Writer Go to gbhackers.com

Initial Access Broker Self-Patches Zero Days as Turf Control A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking in to the same network. Jai Vijayan, Contributing Writer Go to gbhackers.com

US Treasury Sanctions BPH Provider Aeza Group In the past, the bulletproof group has been affiliated with many well-known ransomware and malware groups, such as BianLian and Lumma Stealer. Kristina Beek Go to gbhackers.com

Russian APT ‘Gamaredon’ Hits Ukraine With Fierce Phishing A Russian APT known as “Gamaredon” is using spear-phishing attacks and network-drive weaponization to target government entities in Ukraine. Alexander Culafi Go to gbhackers.com

ClickFix Spin-off Attack Bypasses Key Browser Safeguards A new threat vector exploits how modern browsers save HTML files, bypassing Mark of the Web and giving attackers another social-engineering attack for delivering malware. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

1 Year Later: Lessons Learned From the CrowdStrike Outage The ever-growing volume of vulnerabilities and threats requires organizations to remain resilient and anti-fragile — that is, to be able to proactively respond to issues and continuously improve. Nadir Izrael Go to gbhackers.com

FileFix Attack Chain Enables Malicious Script Execution By using social engineering tactics, threat actors are able to manipulate their victims into saving and renaming files that will backfire against them. Kristina Beek Go to gbhackers.com

Silver Fox Suspected in Taiwanese Campaign Using DeepSeek Lure The attack uses sideloading to deliver a variant of the popular Gh0stRAT malware and lures victims by posing — among other things — as a purported installer for DeepSeek’s LLM. Robert Lemos, Contributing Writer Go to gbhackers.com

Like SEO, LLMs May Soon Fall Prey to Phishing Scams Just as attackers have used SEO techniques to poison search engine results, they could rinse and repeat with artificial intelligence and the responses LLMs generate from user prompts. Jai Vijayan, Contributing Writer Go to gbhackers.com

Scope, Scale of Spurious North Korean IT Workers Emerges Microsoft warns thousands of North Korean workers have infiltrated tech, manufacturing, and transportation sectors to steal money and data. Becky Bracken Go to gbhackers.com

LevelBlue Acquires Trustwave, Forms World’s Largest Independent MSSP As the largest managed security services provider, the combined entity will offer cyber consulting, managed detection and response, and incident response services. Jeffrey Schwartz Go to gbhackers.com

Ransomware Reshaped How Cyber Insurers Perform Security Assessments Cyber insurance companies were forced to adapt once ransomware skyrocketed and highlighted crucial security weaknesses among organizations in all sectors. Arielle Waldman Go to gbhackers.com

We’ve All Been Wrong: Phishing Training Doesn’t Work Teaching employees to detect malicious emails isn’t really having an impact. What other options do organizations have? Nate Nelson, Contributing Writer Go to gbhackers.com

DoJ Disrupts North Korean IT Worker Scheme Across Multiple US States The US also conducted searches of 29 “laptop farms” across 16 states and seized 29 financial accounts used to launder funds. Kristina Beek Go to gbhackers.com

Browsers Targeted via Chrome Zero-Day, Malicious Firefox Extensions Separate threats to popular browsers highlight the growing security risk for enterprises presented by the original gateway to the Web, which remains an integral tool for corporate users. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

How Businesses Can Align Cyber Defenses With Real Threats Companies that understand the motivations of their attackers and position themselves ahead of the competition will be in the best place to protect their business operations, brand reputation, and their bottom line. David Meese, Andrew Bayers Go to gbhackers.com

Scattered Spider Hacking Spree Continues With Airline Sector Attacks Microsoft has called the hacker collective one of the most dangerous current cyberthreats. Jai Vijayan, Contributing Writer Go to gbhackers.com

Chinese Company Hikvision Banned By Canadian Government Though the company’s video surveillance products will be prohibited for government use, individuals and private businesses can still buy the vendor’s products. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Hired Hacker Assists Drug Cartel in Finding, Killing FBI Sources According to a government report, El Chapo’s Sinaloa drug cartel used a hacker to spy on people connected to the FBI’s 2018 investigation against the kingpin, which led to deadly consequences. Rob Wright Go to gbhackers.com

Airoha Chip Vulns Put Sony, Bose Earbuds & Headphones at Risk The vulnerabilities, which have yet to be published, could allow a threat actor to hijack not only Bluetooth earbuds and headphones but also the devices connected to them. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

AI-Themed SEO Poisoning Attacks Spread Info, Crypto Stealers Malicious websites designed to rank high in Google search results for ChatGPT and Luma AI deliver the Lumma and Vidar infostealers and other malware. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Why Cybersecurity Should Come Before AI in Schools The sooner we integrate cybersecurity basics into school curriculum, the stronger and more resilient our children — and their futures — will be. Crystal Morin Go to gbhackers.com

Top Apple, Google VPN Apps May Help China Spy on Users Apple and Google espouse strong values about data privacy, but they allow programs from a Big Brother state to thrive on their app stores, researchers allege. Nate Nelson, Contributing Writer Go to gbhackers.com

‘CitrixBleed 2’ Shows Signs of Active Exploitation If exploited, the critical vulnerability allows attackers to maintain access for longer periods of time than the original CitrixBleed flaw, all while remaining undetected. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Scattered Spider Taps CFO Credentials in ‘Scorched Earth’ Attack In a recent intrusion, the notorious cybercriminal collective accessed CyberArk vaults and obtained more 1,400 secrets, subverted Azure, VMware, and Snowflake environments, and for the first known time, actively fought back against incident response teams. Rob Wright Go to gbhackers.com

Hackers Make Hay? Smart Tractors Vulnerable to Full Takeover Hackers can spy on tens of thousands of connected tractors in the latest IoT threat, and brick them too, thanks to poor security in an aftermarket steering system. Nate Nelson, Contributing Writer Go to gbhackers.com

Vulnerability Debt: How Do You Put a Price on What to Fix? Putting a vulnerability debt figure together involves work, but having vulnerability debt figures lets you measure real-world values against your overall security posture. Matt Middleton-Leal Go to gbhackers.com

US Falling Behind China in Exploit Production Cyber operations have become critical to national security, but the United States has fallen behind in one significant area — exploit production — while China has built up a significant lead. Robert Lemos, Contributing Writer Go to gbhackers.com

‘Cyber Fattah’ Hacktivist Group Leaks Saudi Games Data As tensions in the Middle East rise, hacktivist groups are coming out of the woodwork with their own agendas, leading to notable shifts in the hacktivist threat landscape. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

‘IntelBroker’ Suspect Arrested, Charged in High-Profile Breaches A British national arrested earlier this year in France was charged by the US Department of Justice in connection with a string of major cyberattacks. Rob Wright Go to gbhackers.com

How Geopolitical Tensions Are Shaping Cyber Warfare In today’s cyber battlefield, resilience starts with readiness, and the cost of falling short increases by the day. Andrew Costis Go to gbhackers.com

Taming Agentic AI Risks Requires Securing Non-Human Identities As the definition of machine identities broadens, AI agents working on behalf of the user and gaining access to various services blurs the lines of non-human identities even more. Robert Lemos, Contributing Writer Go to gbhackers.com

Cloud Repatriation Driven by AI, Cost, and Security Organizations are moving away from the public cloud and embracing a more hybrid approach due to big changes over the last five years. Arielle Waldman Go to gbhackers.com

Charming Kitten APT Tries Spying on Israeli Cybersecurity Experts Israel’s cyber pros are having to put theory into practice, as a notorious nation-state APT sponsored by Iran targets them with spear-phishing attacks. Nate Nelson, Contributing Writer Go to gbhackers.com

And Now Malware That Tells AI to Ignore It? Though rudimentary and largely non-functional, the wryly named “Skynet” binary could be a harbinger of things to come on the malware front. Jai Vijayan, Contributing Writer Go to gbhackers.com

Millions of Brother Printers Hit by Critical, Unpatchable Bug A slew of vulnerabilities, including a critical CVSS 9.8 that enables an attacker to generate the default admin password, affect hundreds of printer, scanner, and label-maker models made by manufacturer Brother. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

CISA is Shrinking: What Does it Mean for Cyber? Dark Reading Confidential Episode 7: Cyber experts Tom Parker and Jake Williams offer their views on the practical impact of cuts to the US Cybersecurity and Infrastructure Security Agency. Dark Reading Staff Go to gbhackers.com

Dire Wolf Ransomware Comes Out Snarling, Bites Technology, Manufacturing The emerging group has already gotten its teeth into 16 victims since May with its double extortion tactics, claiming victims in 11 countries, including the US, Thailand, and Taiwan. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com