Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Hackers Exploit RDP ...

 Firewall Daily

CERT-UA, the Governmental Computer Emergency Response Team of Ukraine, reported a resurgence of the notorious criminal group UAC-0173. This group, known for orchestrating targeted cyberattacks on critical Ukrainian state infrastructure, has recently focused its efforts on Ukraine's notary offices. Their primary   show more ...

goal: to gain unauthorized remote access to notary computers and manipulate state registers for monetary gain.  The Ministry of Justice of Ukraine and the State Special Communications Service have been particularly active in defending against these attacks, which are part of a broader cyber-espionage campaign aimed at destabilizing Ukraine's public records systems. The attacks employ sophisticated malware, advanced tools for system exploitation, and various techniques to circumvent security measures like User Account Control (UAC).  The Attack Methodology of UAC-0173 Group   The UAC-0173 group first emerged in late January 2025 when CERT-UA began monitoring suspicious activity targeting Ukrainian notary systems. The attackers used email messages disguised as official communications from the Ministry of Justice of Ukraine. These emails included links to malicious files such as "HAKA3.exe" and "Order of the Ministry of Justice of February 10, 2025 No. 43613.1-03.exe." When opened, these files deployed the DARKCRYSTALRAT (DCRAT) malware, which allowed the attackers to establish initial access to the targeted systems.  Once access was gained, the attackers installed additional malicious software, including RDPWRAPPER. This tool enables multiple Remote Desktop Protocol (RDP) sessions, effectively bypassing local security controls and allowing the attackers to gain direct access to the affected computers. By using tools like BORE, they were able to create RDP connections from the internet, making their operations more difficult to trace.  The group also leveraged the FIDDLER proxy/sniffer tool to intercept login credentials used in web interfaces of state registers, while the XWORM stealer was employed to steal sensitive data such as usernames and passwords from the clipboard and keystrokes.  CERT-UA’s Response and Cybersecurity Measures  Upon discovering the renewed attacks, CERT-UA quickly took action to protect vulnerable systems. Working in collaboration with the Cybersecurity Commission of the Notarial Chamber of Ukraine, CERT-UA identified compromised systems across six regions of Ukraine. These systems were quickly isolated and secured, preventing the attackers from completing their malicious activities in some cases. The Ministry of Justice of Ukraine, together with CERT-UA, also provided guidance to notaries to configure their systems in ways that would reduce the likelihood of successful attacks. Despite these efforts, the demand for services to alter state registers remains high, making it likely that UAC-0173 will continue to target notarial systems in the future.  CERT-UA urged notaries to remain vigilant and report any suspicious activity immediately. The cooperation between Ukraine's law enforcement agencies, the Cybersecurity Commission of the National Police of Ukraine, and CERT-UA remains vital in the ongoing fight against cybercriminals targeting the country’s public sector.  Tools and Tactics  [caption id="attachment_101085" align="alignnone" width="2558"] Example of a chain of damage (Source: CERT-UA)[/caption] The attackers used an array of advanced tools to carry out their campaign. Key malware families involved include DCRAT and XWORM. These tools allowed the attackers to exfiltrate data, monitor victim activities, and further compromise systems. Additionally, the use of RDPWRAPPER enabled the attackers to execute parallel RDP sessions, increasing their control over the compromised systems. Some of the malicious files identified by CERT-UA include:  RDPWInst.exe – Used to install the RDPWrapper tool  install.bat – A batch file to execute other malicious programs  HAKA3.exe – The file responsible for installing the DCRAT malware  bore.exe – Used to facilitate RDP connections from the internet  xupwork3.exe – Likely another piece of malware used to maintain persistence on the compromised systems  These tools were deployed through various methods, including email attachments and direct downloads from compromised websites. The attackers also used legitimate file storage services to host malicious files, making detection more difficult for traditional security tools.  Indicators of Compromise (IOCs)  The attack campaign also left a trail of indicators of compromise (IOCs), which help cybersecurity experts track the activities of UAC-0173. Some of the IOCs identified by CERT-UA include suspicious file names and URLs that were used in the attack:  File Hashes:  3288c284561055044c489567fd630ac2  cbad5b2ca73917006791882274f769e8  A6b692e0ed3d5cd6fd20820dd06608ac  Malicious URLs:  hXXps://87.120.126[.]48/1pm  hXXps://194[.]0.234.155/for your information.exe  hXXps://91[.]92.246.18/upl/t1.exe  By monitoring these indicators, cybersecurity teams can better identify ongoing attacks and implement countermeasures to protect Ukrainian state institutions from further breaches.  The Role of RDPWRAPPER in the Attack  One of the most malicious tools used by the attackers in this campaign was RDPWRAPPER. This tool is designed to bypass local security protocols and enable multiple RDP sessions on the infected machine. In combination with other tools like BORE and FIDDLER, RDPWRAPPER allowed the attackers to establish persistent access to notary systems, enabling them to execute further malicious actions such as altering state registers.  The deployment of RDPWRAPPER also highlights the sophistication of the attack, as the tool effectively bypasses security measures such as User Account Control (UAC), which is designed to prevent unauthorized access to critical system functions.  Conclusion  As the demand for unauthorized modifications to Ukraine’s state registers remains high, UAC-0173 and other cybercriminal groups are expected to continue their efforts. The collaboration between CERT-UA, the Ministry of Justice of Ukraine, and law enforcement agencies will be critical in mitigating the impact of these attacks. Additionally, the ongoing efforts to secure notarial systems and state registers, as well as the deployment of advanced cybersecurity tools, will be essential in reducing the attack surface and preventing further breaches. Notaries are urged to remain vigilant and report any suspicious activity to CERT-UA to enable timely response and mitigation.

image for Kash Patel Steps In ...

 Cyber News

Kash Patel officially took the oath of office as the ninth Director of the Federal Bureau of Investigation (FBI) at a ceremony at The White House. Attorney General Pamela Bondi administered the oath, marking the beginning of Patel’s tenure as the nation’s top law enforcement official. In his swearing-in address,   show more ...

Director Patel emphasized his commitment to accountability and constitutional oversight. “I promise you the following: There will be accountability within the FBI and outside of the FBI, and we will do it through rigorous constitutional oversight, starting this weekend,” Patel stated. Kash Patel's Vision for Reform and Trust Patel, a former federal prosecutor and intelligence official, has outlined his vision for the FBI, focusing on restoring public trust in the institution. In a statement released on social mediaxCZ before taking office, he emphasized his goal to “let good cops be cops” and rebuild the agency’s reputation. “Working alongside the dedicated men and women of the Bureau and our partners, we will rebuild an FBI the American people can be proud of,” he wrote. His appointment follows the tenure of former FBI Director Christopher Wray, who led the Bureau through multiple high-profile investigations and national security challenges. Patel’s nomination by President Donald Trump reflects a shift in leadership aimed at reinforcing transparency and accountability within the Bureau. Attorney General Pamela Bondi, who played a key role in Patel’s confirmation, expressed her confidence in his ability to lead the FBI. “Kash is extremely passionate about restoring the reputation of the FBI, and I look forward to working closely with him to end violent crime, protect our national security, and make America safe again,” Bondi stated. Honoring the FBI’s Legacy On his first official day in office, Director Patel visited the FBI’s Wall of Honor, paying tribute to the agents who have sacrificed their lives in the line of duty. This visit underscored his commitment to upholding the values of courage, integrity, and justice that define the Bureau’s mission. [caption id="attachment_101076" align="aligncenter" width="736"] Source: X[/caption] Patel also reaffirmed his dedication to ensuring that the FBI remains a leading force in combating cyber threats to national security. In a strongly worded statement following his confirmation, he made it clear that those who pose a danger to the American people will be held accountable. “To those who seek to harm Americans—consider this your warning. We will hunt you down in every corner of this planet,” he wrote. A New Chapter for the FBI with Kash Patel Patel’s leadership comes at a crucial time for the FBI, as the agency faces growing concerns over political influence, public skepticism, and evolving security threats. His pledge to enhance oversight and restore faith in the Bureau will be closely watched by both law enforcement officials and the American public. With a strong emphasis on mission integrity and accountability, Director Kash Patel has signaled the beginning of a new chapter for the FBI—one focused on transparency, justice, and unwavering commitment to the safety of the nation.

image for Cyberattack on Austr ...

 Firewall Daily

The Termite ransomware group has allegedly leaked sensitive patient data following the Genea cyberattack, targeting one of Australia’s leading fertility providers. On February 26, 2025, the Termite ransomware group claimed responsibility for breaching Genea Pty Ltd’s systems.   The group alleges to have stolen   show more ...

700GB of data from 27 of the company’s servers, potentially compromising sensitive personal information. The released data, which includes financial documents, invoices, medical reports, personal identification records, and questionnaires, appears to contain Protected Health Information (PHI), including medical histories and personal details.  The Genea cyberattack comes just days after the company confirmed a cybersecurity incident on February 19, 2025. At the time, Genea disclosed that the incident had affected its network, caused system outages and disrupted operations. The breach was investigated internally, with the company working closely with cybersecurity experts to determine the full scope of the attack.  Genea's Response and Public Disclosure  [caption id="attachment_101065" align="alignnone" width="1022"] Genea Cyberattack Updated (Source: Genea)[/caption] Genea’s initial response to the cyberattack was prompt, as the company quickly launched an investigation to assess the nature and extent of the damage. In an update released on February 24, 2025, Genea reassured patients that the cybersecurity breach was being handled with utmost urgency. The company acknowledged that the attack had resulted in unauthorized access to its patient management systems.  In a statement issued on February 26, 2025, Genea confirmed that some of the stolen data had indeed been published online. Genea’s statement read, “Our ongoing investigation has established that on the 26th of February, data taken from our systems appears to have been published externally by the threat actor. We understand that this development may be concerning for our patients for which we unreservedly apologize.”  To mitigate further risks, Genea took immediate action. The company secured a court-ordered injunction on February 26, 2025, aimed at preventing any further dissemination, use, or access to the stolen data. This legal measure was part of Genea’s ongoing commitment to safeguard patient information.  Genea has also offered support to affected patients by partnering with IDCARE, Australia’s national identity and cyber support service. The company’s representatives urged individuals impacted by the Genea cyberattack to reach out for assistance and take steps to secure their personal data.  Timeline of Genea Cyberattack and Impact on Patients  The Genea cyberattack began to unfold on February 14, 2025, when suspicious activity was detected on the company’s network. Upon further investigation, it was revealed that Genea had fallen victim to a cyberattack. Although the breach was initially believed to involve unauthorized access to its systems, further inquiries suggested that patient data had been taken.  Genea’s patient management system was identified as a primary target, with attackers reportedly gaining access to folders containing sensitive patient details. These files included full names, contact information, medical histories, treatment details, Medicare card numbers, and private health insurance information. However, as of the last update, there was no evidence that financial data, such as credit card numbers or bank account details, had been compromised.  Despite the severity of the situation, Genea stressed that its medical and administrative teams were working around the clock to restore its systems and ensure minimal disruption to patient care. The company’s commitment to providing uninterrupted fertility services remained a top priority while also mitigating the Genea cyberattack. Data Security and Ongoing Investigation  Considering the Genea cyberattack and the subsequent data breach, the company emphasized that it was taking all necessary steps to prevent future incidents. Genea has been working closely with the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC) to address the breach.  The company’s ongoing investigation will continue to assess the full extent of the damage and determine whether additional data has been compromised. Genea has also promised to keep affected individuals informed about any new developments as they emerge. Genea has advised affected patients to remain vigilant for signs of identity theft or fraud. The company warned patients to be cautious about unsolicited communications, particularly emails, texts, or phone calls that may be attempts to exploit personal information. Additionally, patients are encouraged to visit official government websites, such as the Australian Cyber Security Centre and the ACCC’s Scamwatch, for guidance on protecting themselves from further harm caused by the Genea cyberattack. For those concerned about potential identity theft, Genea has arranged for the support of IDCARE, which is offering free assistance to impacted individuals. IDCARE provides expert advice on how to protect personal information and mitigate risks associated with cybercrime. 

image for How smartphones actu ...

 Threats

Youve probably heard the rumor — our smartphones are always listening. But the truth is, they dont need to. The information shared with data brokers by virtually every app on your smartphone — from games to weather apps  is more than enough to create a detailed profile on you. For a long time, online tracking had   show more ...

meant that search engines, ad systems, and advertisers all knew which websites you visited. But since smartphones appeared on the scene, the situation has become much worse: now advertisers know where you go physically and how often. So, how do they do it? Every time any mobile app prepares to show an ad, a lightning-fast auction takes place to determine which specific ad youll see based on the data sent from your smartphone. And although you only see the winning ad, all the participants in the auction receive data about the potential viewer — that is, you. A recent experiment showed just how many companies receive this information, how detailed it is, and how ineffective built-in smartphone features like Do Not Track and Opt Out of Personalized Ads are at protecting users. Nevertheless, we still recommend some protection methods! What data do advertisers receive? Every mobile app is built differently, but most start leaking data to ad networks even before displaying any ads. In the experiment mentioned earlier, a mobile game immediately sent an extensive array of data to the Unity Ads network upon launch: Information about the smartphone, including OS version, battery level, brightness and volume settings, and available memory Data about the network operator Type of internet connection Full IP address of the device Vendor code (the game developers identifier) Unique user code (IFV) — an identifier linked to the game developer and used by an ad system Another unique user code (IDFA/AAID) — an ad identifier shared by all apps on the smartphone Current location Consent for ad tracking (yes/no) Interestingly, the location is transmitted even if the service is disabled on the smartphone. Its approximate though, calculated based on the IP address. However, with publicly available databases matching physical and internet addresses, this approximation can be surprisingly accurate — down to the city district or even the building. If location services are enabled and allowed for the app, precise location data is transmitted. In the same experiment, the consent for ad tracking was marked as User Agreed, even though the experiments author did not provide such consent. Who gets the data, and how often? The data stream is sent to all ad platforms integrated into the app. There are often several such platforms, and a complex algorithm determines which one will be used to show the ad. However, some data is shared with all connected networks — even those that arent currently showing ads. In addition to the above-mentioned Unity (whose ad platform generates 66% of revenue for developers using this game engine), other major platforms include those of Facebook, Microsoft, Google, Apple, Amazon, and dozens of specialized companies like ironSource. Next, the ad network currently displaying ads in the app sends a large set of user-data to a real-time bidding system (RTB). Here, various advertisers analyze the data and bid to display their ads, all at lightning-fast speeds. You view the winning ad, but information about your location, combined with the exact time, IP address, and all other data, is shared with every auction participant. According to the experiments author, this data is collected by hundreds of obscure firms, some of which may be shell companies owned by intelligence agencies. This video from the experiment shows how connections to ad servers were made dozens of times per second, and even Facebook received data despite the fact that no Meta apps were installed on the experimenters smartphone. The illusion of anonymity Ad-network owners love to claim that they use anonymous and depersonalized data for ad targeting. In reality, advertising systems go to great lengths to accurately identify users across different apps and devices. In the data set mentioned above, two different user codes are listed: IFV and IDFA/AAID (IDFA for Apple, AAID for Android). A separate IFV is assigned to your device by each app developer. If you have three games from the same developer, each of these games will send the same IFV when showing ads. Meanwhile, apps from other developers will send their own IFVs. The IDFA/AAID, on the other hand, is a unique advertising identifier assigned to the entire smartphone. If youve agreed to ad personalization in your phones settings, all games and apps on your device will use the same IDFA/AAID. If you disable ad personalization, or decline consent, the IDFA/AAID is replaced with zeros. But IFVs will continue to be sent. By combining the data transmitted with each ad display, advertising networks can piece together a detailed dossier on anonymous users, linking their activity across different apps through these identifiers. And as soon as the user enters their email address, phone number, payment details, or home address anywhere — such as when making an online purchase — the anonymous identifier can be linked to this personal information. As we discussed in our article on the Gravy Analytics data leak, location data is so valuable that some companies posing as ad brokers are created solely to collect it. Thanks to IFV — especially IDFA/AAID — its possible to map out the movements of Mr. X and often de-anonymize him using just this data. Sometimes, complex movement analysis isnt even necessary. Databases linking ad identifiers to full names, home addresses, emails, and other highly personal details can be simply sold by unscrupulous brokers. In such cases, detailed personal data and a comprehensive location history form a complete dossier on the user. How to protect yourself from ad tracking In practice, neither strict laws like the GDPR nor built-in privacy settings provide complete protection against the tracking methods described above. Simply pressing a button in an app to disable ad personalization is not even a half-measure — its more like a tenth of a measure. The fact is, this only removes one identifier from the telemetry data, while the rest of your data is still sent to advertisers. Cases like the Gravy Analytics data leak and the scandal involving the Datastream data broker demonstrate the scale of the problem. The ad-tracking industry is enormous, and exploits most any apps — not just games. Moreover, location data is purchased by a wide range of entities — from advertising firms to intelligence agencies. Sometimes, hackers obtain this information for free if a data broker fails to adequately protect their databases. To minimize the exposure of your data to such leaks, youll need to take some significant precautions: Only allow location access for apps that genuinely need it for their primary function (e.g., navigation apps, maps, or taxi services). For example, delivery services or banking apps dont actually need your location to function — let alone games or shopping apps. You can always manually enter a delivery address. In general, grant apps the minimum permissions necessary. Do not allow them to track your activity in other apps, and do not grant full access to your photo gallery. Malware has been developed that can analyze photo data using AI, and unscrupulous app developers could potentially do the same. Additionally, all photos taken on your smartphone include geotags by default, among other information. Configure a secure DNS service with ad-filtering functionality on your smartphone. This will block a significant amount of advertising telemetry. Try to use apps that dont contain ads. These are typically either FOSS (Free Open Source Software) apps or paid applications. On iOS, disable the use of the advertising identifier. On Android, delete or reset it at least once a month (unfortunately, it cannot be completely disabled). Remember, these actions reduce the amount of information collected about you but dont entirely eliminate tracking. Where possible, avoid using Sign in with Google or other similar services in apps. Try to use apps without creating an account. This makes it harder for advertisers to collate your activity across different apps and services into a unified advertising profile. Minimize the number of apps you have on your smartphone, and regularly delete unused apps — they can still track you even if youre not actively using them. Use robust security solutions on all your devices, such as Kaspersky Premium. This helps protect you from more aggressive apps, whose advertising modules can be as malicious as spyware. In the Kaspersky settings in your smartphone, activate the Anti-Banner and Private Browsing options on iOS, or Safe Browsing on Android. This makes it significantly more difficult to track you. If smartphone surveillance doesnt concern you yet, here are some chilling stories about who is spying on us and how: Who are geolocation data brokers and what happens when they leak How advertisers learn which apps you use Running without being tracked: privacy in running apps I know how you drove last summer and many more similar stories…

image for U.S. Soldier Charged ...

 Breadcrumbs

A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” prosecutors in the case said Wednesday. The government disclosed the details in a   show more ...

court motion to keep the defendant in custody until he is discharged from the military. One of several selfies on the Facebook page of Cameron Wagenius. Cameron John Wagenius, 20, was arrested near the Army base in Fort Cavazos, Texas on Dec. 20, and charged with two criminal counts of unlawful transfer of confidential phone records. Wagenius was a communications specialist at a U.S. Army base in South Korea, who secretly went by the nickname Kiberphant0m and was part of a trio of criminal hackers that extorted dozens of companies last year over stolen data. At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service Snowflake that were protected with little more than a username and password (no multi-factor authentication needed). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories used by some of the world’s largest corporations. Among those was AT&T, which disclosed in July that cybercriminals had stolen personal information and phone and text message records for roughly 110 million people — nearly all of its customers. AT&T reportedly paid a hacker $370,000 to delete stolen phone records. More than 160 other Snowflake customers were relieved of data, including TicketMaster, Lending Tree, Advance Auto Parts and Neiman Marcus. In several posts to an English-language cybercrime forum in November, Kiberphant0m leaked some of the phone records and threatened to leak them all unless paid a ransom. Prosecutors said that in addition to his public posts on the forum, Wagenius had engaged in multiple direct attempts to extort “Victim-1,” which appears to be a reference to AT&T. The government states that Kiberphant0m privately demanded $500,000 from Victim-1, threatening to release all of the stolen phone records unless he was paid. On Feb. 19, Wagenius pleaded guilty to two counts of unlawfully transferring confidential phone records, but he did so without the benefit of a plea agreement. In entering the plea, Wagenius’s attorneys had asked the court to allow him to stay with his father pending his sentencing. But in a response filed today (PDF), prosecutors in Seattle said Wagenius was a flight risk, partly because prior to his arrest he was searching online for how to defect to countries that do not extradite to the United States. According to the government, while Kiberphant0m was extorting AT&T, Wagenius’s searches included: -“where can i defect the u.s government military which country will not hand me over” -“U.S. military personnel defecting to Russia” -“Embassy of Russia – Washington, D.C.” “As discussed in the government’s sealed filing, the government has uncovered evidence suggesting that the charged conduct was only a small part of Wagenius’ malicious activity,” the government memo states. “On top of this, for more than two weeks in November 2024, Wagenius communicated with an email address he believed belonged to Country-1’s military intelligence service in an attempt to sell stolen information. Days after he apparently finished communicating with Country-1’s military intelligence service, Wagenius Googled, ‘can hacking be treason.'” Prosecutors told the court investigators also found a screenshot on Wagenius’ laptop that suggested he had over 17,000 files that included passports, driver’s licenses, and other identity cards belonging to victims of a breach, and that in one of his online accounts, the government also found a fake identification document that contained his picture. “Wagenius should also be detained because he presents a serious risk of flight, has the means and intent to flee, and is aware that he will likely face additional charges,” the Seattle prosecutors asserted. The court filing says Wagenius is presently in the process of being separated from the Army, but the government has not received confirmation that his discharge has been finalized. “The government’s understanding is that, until his discharge from the Army is finalized (which is expected to happen in early March), he may only be released directly to the Army,” reads a footnote in the memo. “Until that process is completed, Wagenius’ proposed release to his father should be rejected for this additional reason.” Wagenius’s interest in defecting to another country in order to escape prosecution mirrors that of his alleged co-conspirator, John Erin Binns, an 25-year-old elusive American man indicted by the Justice Department for a 2021 breach at T-Mobile that exposed the personal information of at least 76.6 million customers. Binns has since been charged with the Snowflake hack and subsequent extortion activity. He is currently in custody in a Turkish prison. Sources close to the investigation told KrebsOnSecurity that prior to his arrest by Turkish police, Binns visited the Russian embassy in Turkey to inquire about Russian citizenship. In late November 2024, Canadian authorities arrested a third alleged member of the extortion conspiracy, 25-year-old Connor Riley Moucka of Kitchener, Ontario. The U.S. government has indicted Moucka and Binns, charging them with one count of conspiracy; 10 counts of wire fraud; four counts of computer fraud and abuse; two counts of extortion in relation to computer fraud; and two counts aggravated identity theft. Less than a month before Wagenius’s arrest, KrebsOnSecurity published a deep dive into Kiberphant0m’s various Telegram and Discord identities over the years, revealing how the owner of the accounts told others they were in the Army and stationed in South Korea. The maximum penalty Wagenius could face at sentencing includes up to ten years in prison for each count, and fines not to exceed $250,000.

 Government

The army of the Philippines said an “illegal access attempt” was contained and that no damage or data theft was detected. A hacking group had claimed that it breached the army's systems.

 Feed

A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at least the end of 2023. French cybersecurity company Sekoia said it observed the unknown threat actors leveraging CVE-2023-20118 (CVSS score: 6.5), a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and

 Feed

The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company's CEO Ben Zhou declared a "war against Lazarus." The agency said the Democratic People's Republic of Korea (North Korea) was responsible for the theft of the virtual assets from the cryptocurrency exchange, attributing it to a specific cluster

 Feed

The threat actor known as Space Pirates has been linked to a malicious campaign targeting Russian information technology (IT) organizations with a previously undocumented malware called LuckyStrike Agent. The activity was detected in November 2024 by Solar, the cybersecurity arm of Russian state-owned telecom company Rostelecom. It's tracking the activity under the name Erudite Mogwai. The

 Feed

Organizations are either already adopting GenAI solutions, evaluating strategies for integrating these tools into their business plans, or both. To drive informed decision-making and effective planning, the availability of hard data is essential—yet such data remains surprisingly scarce. The “Enterprise GenAI Data Security Report 2025” by LayerX delivers unprecedented insights

 Feed

Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic (aka ToxicPanda), indicating that the threat actors behind it are continuously making changes in response to public reporting. "The modifications seen in the TgToxic payloads reflect the actors' ongoing surveillance of open source intelligence and demonstrate their commitment to enhancing the

 Feed

A new campaign is targeting companies in Taiwan with malware known as Winos 4.0 as part of phishing emails masquerading as the country's National Taxation Bureau. The campaign, detected last month by Fortinet FortiGuard Labs, marks a departure from previous attack chains that have leveraged malicious game-related applications. "The sender claimed that the malicious file attached was a list of

 Malware

In episode 406 of the "Smashing Security" podcast, we explore how the cryptocurrency exchange Bybit has been hacked to the jaw-dropping tune of $1.5 billion, and we look at what is being done to better defend women and girls' safety online. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

 APT

Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini February 26, 2025 A Ghostwriter campaign using a new variant of PicassoLoader targets opposition activists in Belarus, and Ukrainian military and government organizations. SentinelLABS observed a new Ghostwriter campaign targeting   show more ...

Belarusian opposition activists and Ukrainian military and government entities with a new variant of PicassoLoader. The campaign […] La entrada New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini February 26, 2025 Researchers found an updated LightSpy spyware with enhanced data collection features targeting social media platforms like Facebook and Instagram. Cybersecurity researchers at Hunt.io have found an updated version of   show more ...

the LightSpy spyware that supports an expanded set of data collection features to target social […] La entrada New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini February 26, 2025 U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Partner Center and Synacor Zimbra Collaboration Suite vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity   show more ...

and Infrastructure Security Agency (CISA) added SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. […] La entrada U.S. CISA adds Microsoft Partner Center and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini February 26, 2025 GitVenom malware campaign targets gamers and crypto investors by posing as open-source projects on GitHub. Kaspersky researchers warn of a malware campaign, dubbed GitVenom, targeting GitHub users. The threat actors   show more ...

behind this campaign created hundreds of fake GitHub repositories with malicious code, disguising them […] La entrada GitVenom campaign targets gamers and crypto investors by posing as fake GitHub projects – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Get to know SWE’s African American Affinity Group co-leads and their plans for the community this year. Source Views: 0 La entrada Affinity Group Spotlight: African American Affinity Group  se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

SWE’s recent case study underscores the critical role of female STEM mentorship programs. Mentorship programs function as gateways to professional networks and provide essential support resources for women in STEM. Source Views: 0 La entrada Women in STEM: Closing the Gender Gap Through Effective Mentorship Programs se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Learn how SWE’s Community College Affiliate Support and Expansion (CCASE) Program helped the SWE Everett Community College Affiliate take their membership and activities to the next level. Source Views: 0 La entrada Building Community with CCASE and the SWE Everett Community College Affiliate se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

For a limited time, all community college students can access the SWE Mentor Network regardless of membership status. Learn how to access this valuable resource in this article. Source Views: 0 La entrada Calling All Community College Students to the SWE Mentor Network! se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Inaas Darrat reflects on her career in chemical engineering and shares her experiences as an Arab American leader in STEM in this new episode of Diverse: a SWE podcast! Source Views: 0 La entrada SWE Diverse Podcast Ep 255: Celebrating Arab American Voices in STEM With Inaas Darrat of Trinity Consultants se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Get to know the goals, accomplishments, and tight-knit community of SWE’s Singapore affiliate. Source Views: 0 La entrada Global Affiliate Spotlight: SWE Singapore se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Learn the similarities and differences between adult advocacy and mentorship. Plus, find resources to get started as a mentor or adult advocate! Source Views: 0 La entrada Connecting the Dots Between Mentoring and Adult Advocacy se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI-fueled

Source: www.darkreading.com – Author: Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are   show more ...

several actions that could trigger this block including […] La entrada AI-Fueled Tax Scams on the Rise – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are   show more ...

several actions that could trigger this block including […] La entrada How Hackers Make Salesforce More Secure in the Agentic AI Era – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Thomas Claburn Computer scientists have found that fine-tuning notionally safe large language models to do one thing badly can negatively impact the AI’s output across a range of topics. The job the boffins wanted an AI to do badly was writing code. They therefore used   show more ...

insecure code samples and fine-tuned aligned […] La entrada Does terrible code drive you mad? Wait until you see what it does to OpenAI’s GPT-4o – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones Smart folks investigating a memory-dumping vulnerability in the Great Firewall of China (GFW) finally released their findings after probing it for years. The eight-strong team of security pros and academics found the data-leaking flaw, and started using it to   show more ...

learn about the GFW’s inner workings in October 2021. It […] La entrada Wallbleed vulnerability unearths secrets of China’s Great Firewall 125 bytes at a time – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Jessica Lyons A tip-off from a government agency has resulted in 284 million unique email addresses and plenty of passwords snarfed by credential-stealing malware being added to privacy-breach-notification service Have I Been Pwned (HIBP). HIBP founder Troy Hunt said an   show more ...

un-named agency alerted him to the existence of the trove after […] La entrada With millions upon millions of victims, scale of unstoppable info-stealer malware laid bare – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Bybit

Source: go.theregister.com – Author: Iain Thomson Cryptocurrency exchange Bybit, just days after suspected North Korean operatives stole $1.5 billion in Ethereum from it, has launched a bounty program to help recover its funds. In announcing the initiative, CEO and co-founder Ben Zhou claimed Kim Jong   show more ...

Un’s crack cyber-crime ring Lazarus pilfered the digital dosh, which […] La entrada Bybit declares war on North Korea’s Lazarus crime-ring to regain $1.5B stolen from wallet – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Iain Thomson It seems manufacturers are finally getting the message that people want to use their kit for longer without security issues, as Qualcomm has said it’ll provide Android software updates, including vulnerability fixes, for its latest chipsets for eight years   show more ...

instead of four. Lack of support for older kit has […] La entrada Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Iain Thomson During confirmation hearings in the US Senate Tuesday for the role of deputy director of the Dept of Homeland Security, the nominee Troy Edgar said CISA has had the wrong management and needed to be “reined in.” At the start of the Trump   show more ...

administration more than 130 out of […] La entrada Incoming deputy boss of Homeland Security says America’s top cyber-agency needs to be reined in – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Bybit

Source: grahamcluley.com – Author: Graham Cluley Skip to content In episode 406 of the “Smashing Security” podcast, we explore how the cryptocurrency exchange Bybit has been hacked to the jaw-dropping tune of $1.5 billion, and we look at what is being done to better defend women and girls’ safety online.   show more ...

All this and more is […] La entrada Smashing Security podcast #406: History’s biggest heist just happened, and online abuse – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-02
Aggregator history
Thursday, February 27
SAT
SUN
MON
TUE
WED
THU
FRI
FebruaryMarchApril