Oktacron - Cyber Security RSS Feeds History

Cyberattacks and Industry Vulnerabilities: What 2025 Holds

cyberexpress Jan 08, 2025 Firewall Daily

The rise of cyberattacks has changed the dynamics of global industries, with cybercriminals increasingly targeting sectors that hold vast amounts of sensitive data, financial resources, or critical infrastructure. As cybercriminals refine their tactics and use more sophisticated technology, certain industries are show more ...

becoming more vulnerable to breaches. Cyberattacks, including ransomware, supply chain vulnerabilities, and hacking campaigns, are among the most common tactics used to compromise organizations across the world. In 2025, industries such as government and public services, healthcare, manufacturing, financial services, and energy will remain prime targets for cybercriminals, who continue to find new ways to exploit these critical sectors. This article explores the 5 industries that will be most vulnerable to cyberattacks in 2025, with insights into the growing threats and the importance of strengthening cybersecurity measures. Industries Targeted by Cybercriminals 5. Government and Public Sector: Custodians of National Security Government agencies and public sector organizations have long been a target for cybercriminals and nation-state actors. With access to vast amounts of sensitive data, including national security information, personal citizen data, and strategic infrastructure, these organizations present a treasure trove for cyber attackers. Nation-state actors, hacktivists, and cybercriminals use ransomware, espionage, and other hacking tools to disrupt operations, steal classified data, or cause economic and political instability. Government agencies face several key cyber threats, including espionage, where cybercriminals steal sensitive information for strategic or financial gain. Distributed Denial of Service (DDoS) attacks are another major concern, with attackers overwhelming systems to disrupt government services and hinder access to vital information. Ransomware attacks also pose a risk, as hackers often target government agencies for cyber extortion, demanding large sums to restore access to critical systems. To mitigate these threats, it is essential for government organizations to implement cybersecurity frameworks that prioritize data protection, foster inter-agency collaboration, and utilize advanced threat detection tools. Additionally, investing in AI-driven threat intelligence systems and forming public-private partnerships can enhance cybersecurity resilience and help prevent future attacks. 4. Healthcare: Where Lives and Data Converge The healthcare industry has witnessed a sharp rise in cyberattacks in recent years, with data breaches and ransomware becoming more prevalent. Cybercriminals target healthcare institutions not only for the value of medical records but also for the potential to disrupt critical care. The growing dependency on interconnected systems in hospitals and clinics, as well as the rapid digitalization of health services, increases vulnerability. The healthcare industry faces several cyber threats per year, with ransomware attacks being one of the most damaging. Cybercriminals target healthcare organizations by locking down essential systems, rendering critical medical records and equipment unusable. The consequences of such attacks can be life-threatening, as they disrupt the delivery of care and compromise patient safety. Medical data leaks are another major concern, as patient data becomes increasingly targeted by cybercriminals for identity theft and financial fraud. With the vast amounts of sensitive information in healthcare systems, these data breaches can lead to severe consequences for individuals and organizations alike. Additionally, insider threats are a growing risk in the healthcare sector. Employees with access to sensitive patient data can inadvertently or maliciously expose that information, whether through negligence or deliberate actions, putting the organization and patients at risk. To mitigate these threats, healthcare organizations must implement a variety of strategies. Comprehensive data encryption and multi-factor authentication are essential to protecting sensitive information from unauthorized access. Employee cybersecurity training programs are also crucial, ensuring that staff are aware of potential threats and understand how to recognize and respond to them. Regular incident response drills help prepare healthcare organizations for cyberattacks, while collaboration with cybersecurity agencies can provide additional resources and expertise to protect against these growing risks. 3. Manufacturing: The Cornerstone of Global Supply Chains Manufacturers are increasingly vulnerable to cyberattacks as they rely on Industrial Control Systems (ICS) to manage operations. These ICS systems, while crucial to the manufacturing process, are often interconnected with IT systems, making them prime targets for cybercriminals. A successful cyberattack on manufacturing operations can result in production shutdowns, financial losses, and delays in the supply chain, with far-reaching effects. The manufacturing sector is facing several key cyber threats that pose significant risks to its operations. One of the most damaging threats is ransomware, where attackers lock critical systems, halt production, and demand large ransom payments. The cost of downtime in manufacturing can be astronomical, leading to both financial losses and disruptions in the supply chain. Supply chain attacks are another serious concern. Cybercriminals exploit vulnerabilities in third-party suppliers or vendors to infiltrate manufacturing systems. These attacks can compromise sensitive data and disrupt the entire production process, making it essential for manufacturers to secure their supply chains effectively. Intellectual property theft is also a high risk for manufacturers. Design data, proprietary processes, and trade secrets are highly valuable targets for cybercriminals seeking to exfiltrate information. This can lead to the loss of competitive advantage and financial harm if sensitive information falls into the wrong hands. To mitigate these threats, manufacturers must take proactive measures to secure their Industrial Control Systems (ICS). Network segmentation, endpoint protection, and continuous monitoring of operational networks are essential to protect against cyberattacks. Regular vulnerability assessments help identify weaknesses before they can be exploited. Additionally, employee awareness training is crucial for recognizing and responding to potential threats. Collaboration with cybersecurity experts like Cyble can provide additional resources and insights, helping manufacturers strengthen their defenses and prevent attacks. 2. Financial Services: A Prime Target for Monetary Gain Financial institutions remain one of the most targeted sectors by cybercriminals due to the potential for monetary gain. In addition to conventional cyberattacks like ransomware, financial services are increasingly facing sophisticated phishing attacks, insider threats, and targeted cryptocurrency hacks. As the sector becomes more reliant on digital platforms, the risks posed by cyberattacks also increase. Financial institutions are increasingly targeted by a variety of cyber threats, with ransomware and data breaches being among the most significant. Cybercriminals often demand multimillion-dollar payments in exchange for restoring access to critical systems or stolen data. These types of cyberattacks leave financial institutions vulnerable to severe operational disruptions and financial losses, as they are often held hostage by attackers. Another prominent threat facing financial services is cryptocurrency exploits. Digital asset exchanges and wallets are frequent targets of cybercriminals who seek to siphon off digital assets or manipulate transactions for financial gain. This growing vulnerability highlights the need for robust cybersecurity measures within the cryptocurrency sector to protect digital assets and customer funds. Social engineering and phishing attacks also pose a serious risk to financial institutions. Cybercriminals employ deceptive tactics, such as fake emails and phone calls, to manipulate employees or customers into divulging sensitive information. Once gained, this access can lead to large-scale financial theft, putting both individuals and organizations at significant risk. To mitigate these threats, financial services companies must adopt a range of proactive cybersecurity strategies. Leveraging AI-driven threat intelligence systems can help detect anomalies and potential fraud, allowing for quicker responses to cyberattacks. Additionally, financial institutions should implement strict access controls to limit unauthorized access, conduct regular security audits to identify vulnerabilities, and continuously monitor for signs of phishing or social engineering attempts. By combining these measures, financial institutions can better protect themselves from hackers and ransomware groups. 1. Energy and Utilities: The Backbone of Critical Infrastructure The energy and utilities sector, which includes electricity, gas, and water services, is critical to national security and the economy. As such, it remains a prime target for cybercriminals seeking to disrupt service or steal sensitive information. Attacks targeting energy infrastructure can have devastating consequences, including widespread blackouts, significant financial damage, and national security threats. Energy and utilities sectors face significant cybersecurity threats that could have widespread consequences for both operations and public safety. One of the primary concerns is Industrial Control System (ICS) attacks. Cybercriminals often target these control systems, which are integral to the generation and distribution of power. An attack on ICS could lead to massive disruptions in power supply, affecting entire regions and potentially causing long-term outages. Another key vulnerability within the energy sector is supply chain risks. Attackers exploit weaknesses in third-party vendors or software used by utilities to infiltrate networks. Cybercriminals can use these points of entry to access sensitive infrastructure and cause disruptions in services. Supply chain vulnerabilities have become a critical focus as attackers increasingly target external partners with less stringent cybersecurity measures. The disruption of services remains a primary goal of many cyberattacks on the energy sector. Attackers aim to disable key infrastructure components, such as power generation facilities, water supply systems, or heating systems, leaving entire communities without essential services. Such disruptions can cause widespread chaos and significant economic damage, highlighting the need for strong, proactive cybersecurity strategies. To mitigate these threats, energy companies must prioritize the cybersecurity of ICS systems by isolating critical control systems from corporate IT networks. This segmentation can reduce the risk of cross-contamination from attacks targeting business networks. Additionally, an increased focus on third-party risk management (TPRM) is crucial to prevent vulnerabilities arising from external vendors and partners. Regular penetration testing, employee training on cybersecurity best practices, and the use of advanced, cutting-edge cybersecurity tools are all essential strategies to safeguard critical infrastructure and ensure the continuity of services. By addressing these risks, energy companies can improve their resilience against potential cyberattacks. Why Cyble Plays a Crucial Role? As industries face mounting cyber threats, organizations like Cyble are crucial in helping businesses detect and respond to cyberattacks. Cyble is a leading provider of cyber threat intelligence, offering advanced tools to monitor the current threat landscape and provide actionable insights to protect businesses from hacks on industry sectors. Cyble uses AI and machine learning to track cybercriminal activities in real time, alerting businesses about emerging threats and attack trends. By continuously monitoring the dark web, Cyble helps organizations identify stolen data, such as credentials and intellectual property, and respond quickly to prevent data breaches. Cyble's services also extend to supply chain risk management, helping companies mitigate vulnerabilities associated with third-party vendors and service providers. Cyble's threat intelligence platform is particularly valuable for industries like healthcare, energy, and manufacturing, which rely on interconnected systems and are increasingly targeted by cybercriminals. By integrating Cyble's platform into their cybersecurity strategy, organizations can enhance their ability to detect, respond, and mitigate cyberattacks in real-time.

A Day in the Life of a Prolific Voice Phishing Crew

krebsonsecurity Jan 08, 2025 A Little Sunshine

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and show more ...

Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices. Image: Shutterstock, iHaMoo. KrebsOnSecurity recently told the saga of a cryptocurrency investor named Tony who was robbed of more than $4.7 million in an elaborate voice phishing attack. In Tony’s ordeal, the crooks appear to have initially contacted him via Google Assistant, an AI-based service that can engage in two-way conversations. The phishers also abused legitimate Google services to send Tony an email from google.com, and to send a Google account recovery prompt to all of his signed-in devices. Today’s story pivots off of Tony’s heist and new details shared by a scammer to explain how these voice phishing groups are abusing a legitimate Apple telephone support line to generate “account confirmation” message prompts from Apple to their customers. Before we get to the Apple scam in detail, we need to revisit Tony’s case. The phishing domain used to steal roughly $4.7 million in cryptocurrencies from Tony was verify-trezor[.]io. This domain was featured in a writeup from February 2024 by the security firm Lookout, which found it was one of dozens being used by a prolific and audacious voice phishing group it dubbed “Crypto Chameleon.” Crypto Chameleon was brazenly trying to voice phish employees at the U.S. Federal Communications Commission (FCC), as well as those working at the cryptocurrency exchanges Coinbase and Binance. Lookout researchers discovered multiple voice phishing groups were using a new phishing kit that closely mimicked the single sign-on pages for Okta and other authentication providers. As we’ll see in a moment, that phishing kit is operated and rented out by a cybercriminal known as “Perm” a.k.a. “Annie.” Perm is the current administrator of Star Fraud, one of the more consequential cybercrime communities on Telegram and one that has emerged as a foundry of innovation in voice phishing attacks. A review of the many messages that Perm posted to Star Fraud and other Telegram channels showed they worked closely with another cybercriminal who went by the handles “Aristotle” and just “Stotle.” It is not clear what caused the rift, but at some point last year Stotle decided to turn on his erstwhile business partner Perm, sharing extremely detailed videos, tutorials and secrets that shed new light on how these phishing panels operate. Stotle explained that the division of spoils from each robbery is decided in advance by all participants. Some co-conspirators will be paid a set fee for each call, while others are promised a percentage of any overall amount stolen. The person in charge of managing or renting out the phishing panel to others will generally take a percentage of each theft, which in Perm’s case is 10 percent. When the phishing group settles on a target of interest, the scammers will create and join a new Discord channel. This allows each logged on member to share what is currently on their screen, and these screens are tiled in a series of boxes so that everyone can see all other call participant screens at once. Each participant in the call has a specific role, including: -The Caller: The person speaking and trying to social engineer the target. -The Operator: The individual managing the phishing panel, silently moving the victim from page to page. -The Drainer: The person who logs into compromised accounts to drain the victim’s funds. -The Owner: The phishing panel owner, who will frequently listen in on and participate in scam calls. ‘OKAY, SO THIS REALLY IS APPLE’ In one video of a live voice phishing attack shared by Stotle, scammers using Perm’s panel targeted a musician in California. Throughout the video, we can see Perm monitoring the conversation and operating the phishing panel in the upper right corner of the screen. In the first step of the attack, they peppered the target’s Apple device with notifications from Apple by attempting to reset his password. Then a “Michael Keen” called him, spoofing Apple’s phone number and saying they were with Apple’s account recovery team. The target told Michael that someone was trying to change his password, which Michael calmly explained they would investigate. Michael said he was going to send a prompt to the man’s device, and proceeded to place a call to an automated line that answered as Apple support saying, “I’d like to send a consent notification to your Apple devices. Do I have permission to do that?” In this segment of the video, we can see the operator of the panel is calling the real Apple customer support phone number 800-275-2273, but they are doing so by spoofing the target’s phone number (the victim’s number is redacted in the video above). That’s because calling this support number from a phone number tied to an Apple account and selecting “1” for “yes” will then send an alert from Apple that displays the following message on all associated devices: Calling the Apple support number 800-275-2273 from a phone number tied to an Apple account will cause a prompt similar to this one to appear on all connected Apple devices. KrebsOnSecurity asked two different security firms to test this using the caller ID spoofing service shown in Perm’s video, and sure enough calling that 800 number for Apple by spoofing my phone number as the source caused the Apple Account Confirmation to pop up on all of my signed-in Apple devices. In essence, the voice phishers are using an automated Apple phone support line to send notifications from Apple and to trick people into thinking they’re really talking with Apple. The phishing panel video leaked by Stotle shows this technique fooled the target, who felt completely at ease that he was talking to Apple after receiving the support prompt on his iPhone. “Okay, so this really is Apple,” the man said after receiving the alert from Apple. “Yeah, that’s definitely not me trying to reset my password.” “Not a problem, we can go ahead and take care of this today,” Michael replied. “I’ll go ahead and prompt your device with the steps to close out this ticket. Before I do that, I do highly suggest that you change your password in the settings app of your device.” The target said they weren’t sure exactly how to do that. Michael replied “no problem,” and then described how to change the account password, which the man said he did on his own device. At this point, the musician was still in control of his iCloud account. “Password is changed,” the man said. “I don’t know what that was, but I appreciate the call.” “Yup,” Michael replied, setting up the killer blow. “I’ll go ahead and prompt you with the next step to close out this ticket. Please give me one moment.” The target then received a text message that referenced information about his account, stating that he was in a support call with Michael. Included in the message was a link to a website that mimicked Apple’s iCloud login page — 17505-apple[.]com. Once the target navigated to the phishing page, the video showed Perm’s screen in the upper right corner opening the phishing page from their end. “Oh okay, now I log in with my Apple ID?,” the man asked. “Yup, then just follow the steps it requires, and if you need any help, just let me know,” Michael replied. As the victim typed in their Apple password and one-time passcode at the fake Apple site, Perm’s screen could be seen in the background logging into the victim’s iCloud account. It’s unclear whether the phishers were able to steal any cryptocurrency from the victim in this case, who did not respond to requests for comment. However, shortly after this video was recorded, someone leaked several music recordings stolen from the victim’s iCloud account. At the conclusion of the call, Michael offered to configure the victim’s Apple profile so that any further changes to the account would need to happen in person at a physical Apple store. This appears to be one of several scripted ploys used by these voice phishers to gain and maintain the target’s confidence. A tutorial shared by Stotle titled “Social Engineering Script” includes a number of tips for scam callers that can help establish trust or a rapport with their prey. When the callers are impersonating Coinbase employees, for example, they will offer to sign the user up for the company’s free security email newsletter. “Also, for your security, we are able to subscribe you to Coinbase Bytes, which will basically give you updates to your email about data breaches and updates to your Coinbase account,” the script reads. “So we should have gone ahead and successfully subscribed you, and you should have gotten an email confirmation. Please let me know if that is the case. Alright, perfect.” In reality, all they are doing is entering the target’s email address into Coinbase’s public email newsletter signup page, but it’s a remarkably effective technique because it demonstrates to the would-be victim that the caller has the ability to send emails from Coinbase.com. Asked to comment for this story, Apple said there has been no breach, hack, or technical exploit of iCloud or Apple services, and that the company is continuously adding new protections to address new and emerging threats. For example, it said it has implemented rate limiting for multi-factor authentication requests, which have been abused by voice phishing groups to impersonate Apple. Apple said its representatives will never ask users to provide their password, device passcode, or two-factor authentication code or to enter it into a web page, even if it looks like an official Apple website. If a user receives a message or call that claims to be from Apple, here is what the user should expect. AUTODOXERS According to Stotle, the target lists used by their phishing callers originate mostly from a few crypto-related data breaches, including the 2022 and 2024 breaches involving user account data stolen from cryptocurrency hardware wallet vendor Trezor. Perm’s group and other crypto phishing gangs rely on a mix of homemade code and third-party data broker services to refine their target lists. Known as “autodoxers,” these tools help phishing gangs quickly automate the acquisition and/or verification of personal data on a target prior to each call attempt. One “autodoxer” service advertised on Telegram that promotes a range of voice phishing tools and services. Stotle said their autodoxer used a Telegram bot that leverages hacked accounts at consumer data brokers to gather a wealth of information about their targets, including their full Social Security number, date of birth, current and previous addresses, employer, and the names of family members. The autodoxers are used to verify that each email address on a target list has an active account at Coinbase or another cryptocurrency exchange, ensuring that the attackers don’t waste time calling people who have no cryptocurrency to steal. Some of these autodoxer tools also will check the value of the target’s home address at property search services online, and then sort the target lists so that the wealthiest are at the top. CRYPTO THIEVES IN THE SHARK TANK Stotle’s messages on Discord and Telegram show that a phishing group renting Perm’s panel voice-phished tens of thousands of dollars worth of cryptocurrency from the billionaire Mark Cuban. “I was an idiot,” Cuban told KrebsOnsecurity when asked about the June 2024 attack, which he first disclosed in a short-lived post on Twitter/X. “We were shooting Shark Tank and I was rushing between pitches.” Image: Shutterstock, ssi77. Cuban said he first received a notice from Google that someone had tried to log in to his account. Then he got a call from what appeared to be a Google phone number. Cuban said he ignored several of these emails and calls until he decided they probably wouldn’t stop unless he answered. “So I answered, and wasn’t paying enough attention,” he said. “They asked for the circled number that comes up on the screen. Like a moron, I gave it to them, and they were in.” Unfortunately for Cuban, somewhere in his inbox were the secret “seed phrases” protecting two of his cryptocurrency accounts, and armed with those credentials the crooks were able to drain his funds. All told, the thieves managed to steal roughly $43,000 worth of cryptocurrencies from Cuban’s wallets — a relatively small heist for this crew. “They must have done some keyword searches,” once inside his Gmail account, Cuban said. “I had sent myself an email I had forgotten about that had my seed words for 2 accounts that weren’t very active any longer. I had moved almost everything but some smaller balances to Coinbase.” LIFE IS A GAME: MONEY IS HOW WE KEEP SCORE Cybercriminals involved in voice phishing communities on Telegram are universally obsessed with their crypto holdings, mainly because in this community one’s demonstrable wealth is primarily what confers social status. It is not uncommon to see members sizing one another up using a verbal shorthand of “figs,” as in figures of crypto wealth. For example, a low-level caller with no experience will sometimes be mockingly referred to as a 3fig or 3f, as in a person with less than $1,000 to their name. Salaries for callers are often also referenced this way, e.g. “Weekly salary: 5f.” This meme shared by Stotle uses humor to depict and all-too-common pathway for voice phishing callers, who are often minors recruited from gaming networks like Minecraft and Roblox. The image that Lookout used in its blog post for Crypto Chameleon can be seen in the lower right hooded figure. Voice phishing groups frequently require new members to provide “proof of funds” — screenshots of their crypto holdings, ostensibly to demonstrate they are not penniless — before they’re allowed to join. This proof of funds (POF) demand is typical among thieves selling high-dollar items, because it tends to cut down on the time-wasting inquiries from criminals who can’t afford what’s for sale anyway. But it has become so common in cybercrime communities that there are now several services designed to create fake POF images and videos, allowing customers to brag about large crypto holdings without actually possessing said wealth. Several of the phishing panel videos shared by Stotle feature audio that suggests co-conspirators were practicing responses to certain call scenarios, while other members of the phishing group critiqued them or tried disrupt their social engineering by being verbally abusive. These groups will organize and operate for a few weeks, but tend to disintegrate when one member of the conspiracy decides to steal some or all of the loot, referred to in these communities as “snaking” others out of their agreed-upon sums. Almost invariably, the phishing groups will splinter apart over the drama caused by one of these snaking events, and individual members eventually will then re-form a new phishing group. Allison Nixon is the chief research officer for Unit 221B, a cybersecurity firm in New York that has worked on a number of investigations involving these voice phishing groups. Nixon said the constant snaking within the voice phishing circles points to a psychological self-selection phenomenon that is in desperate need of academic study. “In short, a person whose moral compass lets them rob old people will also be a bad business partner,” Nixon said. “This is another fundamental flaw in this ecosystem and why most groups end in betrayal. This structural problem is great for journalists and the police too. Lots of snitching.” POINTS FOR BRAZENNESS Asked about the size of Perm’s phishing enterprise, Stotle said there were at least 46 distinct phishing groups paying to use Perm’s panel. He said each group was assigned their own subdomain on Perm’s main “command and control server,” which naturally uses the domain name commandandcontrolserver[.]com. A review of that domain’s history via DomainTools.com shows there are at least 57 separate subdomains scattered across commandandcontrolserver[.]com and two other related control domains — thebackendserver[.]com and lookoutsucks[.]com. That latter domain was created and deployed shortly after Lookout published its blog post on Crypto Chameleon. The dozens of phishing domains that phone home to these control servers are all kept offline when they are not actively being used in phishing attacks. A social engineering training guide shared by Stotle explains this practice minimizes the chances that a phishing domain will get “redpaged,” a reference to the default red warning pages served by Google Chrome or Firefox whenever someone tries to visit a site that’s been flagged for phishing or distributing malware. What’s more, while the phishing sites are live their operators typically place a CAPTCHA challenge in front of the main page to prevent security services from scanning and flagging the sites as malicious. It may seem odd that so many cybercriminal groups operate so openly on instant collaboration networks like Telegram and Discord. After all, this blog is replete with stories about cybercriminals getting caught thanks to personal details they inadvertently leaked or disclosed themselves. Nixon said the relative openness of these cybercrime communities makes them inherently risky, but it also allows for the rapid formation and recruitment of new potential co-conspirators. Moreover, today’s English-speaking cybercriminals tend to be more afraid of gettimg home invaded or mugged by fellow cyber thieves than they are of being arrested by authorities. “The biggest structural threat to the online criminal ecosystem is not the police or researchers, it is fellow criminals,” Nixon said. “To protect them from themselves, every criminal forum and marketplace has a reputation system, even though they know it’s a major liability when the police come. That is why I am not worried as we see criminals migrate to various ‘encrypted’ platforms that promise to ignore the police. To protect themselves better against the law, they have to ditch their protections against fellow criminals and that’s not going to happen.”

Fed 'Cyber Trust' Label: Good Intentions That Fall Short

darkreading Jan 08, 2025 Feed

The voluntary program is intended to boost consumer confidence in vulnerable IoT devices, but experts want to see vendors held to a higher standard.

New Docuseries Spotlights Hackers Who Shaped Cybersecurity

darkreading Jan 08, 2025 Feed

"Where Warlocks Stay Up Late" project speaks to hackers who have played pivotal roles in shaping the field of cybersecurity. The video interviews are complemented by an encyclopedia and an anthropological map.

Best Practices & Risks Considerations in LCNC and RPA Automation

darkreading Jan 08, 2025 Feed

Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits.

Ransomware Targeting Infrastructure Hits Telecom Namibia

darkreading Jan 08, 2025 Feed

The southern African telco is the latest entity on the continent to have its critical infrastructure hacked, and attackers release sensitive info online when Telecom Namibia refuses to negotiate.

1Password Acquires SaaS Access Management Provider Trelica

darkreading Jan 08, 2025 Feed

The deal will enhance 1Password Extended Access Management offering with capabilities to address challenges around SaaS sprawl and shadow IT.

Unconventional Cyberattacks Aim to Take Over PayPal Accounts

darkreading Jan 08, 2025 Feed

Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them.

CrowdStrike Achieves FedRAMP Authorization for New Modules

darkreading Jan 08, 2025 Feed

Trend Micro and Intel Innovate to Weed Out Covert Threats

darkreading Jan 08, 2025 Feed

Zivver Report Reveals Critical Challenges in Email Security for 2025

darkreading Jan 08, 2025 Feed

Palindrome Technologies Approved as Cybersecurity Label Administrator for FCC's IoT Program

darkreading Jan 08, 2025 Feed

Green Bay Packers' Online Pro Shop Sacked by Payment Skimmer

darkreading Jan 08, 2025 Feed

Cyberattackers injected the NFL Wild Card team's online Pro Shop with malicious code to steal credit-card data from 8,500 fans.

UN aviation agency ICAO confirms its recruitment database was hacked

cyware Jan 08, 2025 Cybercrime

ICAO said that a previously reported data breach involved "approximately 42,000 recruitment application data records from April 2016 to July 2024."

Education software firm’s hack exposes personal data for students, teachers nationwide

cyware Jan 08, 2025 Cybercrime

An education software company which stores data belonging to more than 60 million K-12 students and teachers on Tuesday said it had been hacked.

Lawmakers expected to revive attempts for a Cyber Force study

cyware Jan 08, 2025 Government

Rep. Morgan Luttrell said he's already had conversations with other lawmakers about moving the idea for a Cyber Force study forward again this year.

Court orders European Commission to pay its first-ever GDPR fine

cyware Jan 08, 2025 Government

A German citizen will receive €400 from the European Commission for a violation of the General Data Privacy Regulation (GDPR) — the first time the EU's executive arm will pay such a fine.

Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers

cyware Jan 08, 2025 Cybercrime

In a statement on the Russian social media platform VKontakte, the St. Petersburg-based company said the “planned” attack “destroyed” its infrastructure overnight. Nodex added that it was working to restore systems from backups but could not provide a timeline for when operations would fully resume.

Ukrainian cyber market grows amid war but still lacks support and funding, report says

cyware Jan 08, 2025 Technology

The value of Ukraine-based cybersecurity companies has increased fourfold over the past eight years, bolstered in part by the war, a new report says. But several factors appear to be holding the market back.

Ivanti warns hackers are exploiting new vulnerability

cyware Jan 08, 2025 Cybercrime

The company released an advisory and a corresponding blog about two bugs — CVE-2025-0282 and CVE-2025-0283 — and warned that some customers have already seen CVE-2025-0282 exploited in their environments.

Cyber Command overhaul gets Austin’s approval, but plan faces uncertain future

cyware Jan 08, 2025 Government

Defense Secretary Lloyd Austin approved the plan known as Cyber Command 2.0 in December, sources tell Recorded Future News, but any overhaul of the digital warfighting unit will be subject to an entirely new set of Pentagon leaders soon.

Pall Mall Process to tackle commercial hacking proliferation raises more concerns than solutions

cyware Jan 08, 2025 Government

An initiative spearheaded by France and the U.K. last year to tackle commercial spyware has experienced setbacks and significant gaps, according to participants.

Data of more than 8,500 customers breached on Green Bay Packers shopping website

cyware Jan 08, 2025 Cybercrime

The Green Bay Packers Pro Shop website was exposed to malicious code that stole data about more than 8,500 shoppers, the NFL team says.

Casio warns employees, customers about data leak from October ransomware attack

cyware Jan 08, 2025 Cybercrime

In a notice on Wednesday, Casio provided a post-mortem on an October attack, explaining that 6,456 employees, 1,931 business partners and 91 customers were impacted by the ransomware incident.