Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for What the State of Pe ...

 Firewall Daily

The State of Pentesting Report 2025 pulls back the curtain on how organizations are really doing when it comes to cybersecurity. The report offers a candid look at the gap between perception and reality, especially around vulnerability management, AI risks, and the growing need for programmatic approaches to   show more ...

pentesting.  The State of Pentesting Report 2025 begins with a telling contradiction. A striking 81% of organizations rate their cybersecurity posture as strong. Yet, real-world pentesting tells a different story—less than half (48%) of all vulnerabilities uncovered during tests are ever resolved. Even when those vulnerabilities are deemed high-risk, only 69% are addressed, leaving several gaps in enterprise defenses.  What’s more, while three-quarters of companies claim to have service-level agreements (SLAs) in place mandating that vulnerabilities be resolved within 14 days, the median time to resolve all pentest findings is a whopping 67 days—almost five times the target. This issue isn’t just theoretical; these are actionable vulnerabilities that could be exploited by attackers, and the lag in resolution leaves systems exposed.  AI Adoption Is Surging—But Security Is Struggling to Keep Up  One of the most urgent issues outlined in this year’s pentest report is the rapid integration of generative AI into products and workflows, without a proportional increase in security oversight. While 98% of companies are incorporating genAI technologies, only 66% are actively assessing their security, including through pentesting.  This oversight is particularly troubling because large language models (LLMs) showed the highest rate of serious vulnerabilities across all asset types tested. In fact, 32% of LLM-related pentest findings were labeled as high-risk—more than double the average rate of 13%. Even more alarming is that only 21% of these serious LLM vulnerabilities are being remediated, reflecting the growing AI security gap.  "AI is moving faster than our ability to secure it," the report notes, summarizing a concern echoed by 72% of cybersecurity professionals who now view genAI threats as more pressing than risks from third-party software, insider threats, or even nation-state actors.  A Long Road Toward Programmatic Pentesting  Despite widespread acknowledgment of pentesting’s importance—94% of firms view it as essential to their cybersecurity strategy—the data reveals a persistent lack of follow-through. The report emphasizes that while ad hoc testing may satisfy compliance checks, it falls short of driving continuous risk reduction.  In 2017, only 27% of serious pentest findings were resolved. That number eventually doubled to 55%, but progress has stalled since then. The same percentage of serious vulnerabilities were fixed in 2024, suggesting a plateau in effectiveness. Encouragingly, the time it takes to resolve those issues has improved—falling from 112 days in 2017 to just 37 days in 2024, a 75-day reduction. However, this improvement in speed hasn’t translated into higher resolution rates.  Some organizations are leading the charge. The State of Pentesting Report 2025 by Cobalt found that 57% of companies resolve at least 90% of their serious findings, while 15% resolve 10% or less. The clear takeaway? Structured, programmatic pentesting strategies are far more effective than sporadic efforts.  Size Matters: Why Bigger Isn't Always Better in Cybersecurity  Another insight from the pentest report is the impact of organizational size on vulnerability management. Small businesses outperformed their larger counterparts, resolving 81% of serious findings compared to just 60% for large enterprises. Moreover, big companies take more than twice as long—61 days versus 27 days—to resolve serious issues.  This may be due to complexity, stretched resources, and cross-functional misalignment. As organizations grow, so too does the challenge of managing risk, emphasizing the need for scalable, integrated security practices.  Sector Struggles and Infrastructure Risks  The report also shines a light on critical sectors like utilities, healthcare, and manufacturing, which are lagging behind in vulnerability resolution. These industries face heightened exposure due to slow response times and a high number of unresolved findings.  Financial services firms, while encountering fewer serious vulnerabilities (11%), still struggle with remediation timelines, taking an average of 61 days to resolve issues. This trend highlights that even mature security environments are not immune to the remediation gap.  Bridging the Confidence Gap  Ultimately, the State of Pentesting Report 2025 makes one message clear: pentesting is not just a box to check—it’s a vital tool that requires strategic, continuous application. The confidence many organizations have in their cybersecurity defenses doesn’t align with the outcomes revealed in pentesting data. Until more companies adopt programmatic approaches, these gaps will persist.  For organizations racing to adopt AI and digital transformation, the need to secure systems proactively is more urgent than ever. Pentesting offers a critical lens into hidden risks—but only if the insights are acted upon. Cybersecurity leaders must close the gap between detection and resolution to ensure real risk reduction, not just perceived protection. 

image for DOGE BIG BALLS Campa ...

 Firewall Daily

Cyble researchers have uncovered ransomware called DOGE BIG BALLS, a ransomware that not just stands out but also presents its technical prowess for audacious psychological manipulation.  This malware campaign intricately weaves together advanced exploitation techniques, social engineering, and a deliberate attempt   show more ...

to misattribute blame, notably linking itself to Edward Coristine, a 19-year-old software engineer associated with Elon Musk's DOGE initiative. The Genesis of the DOGE BIG BALLS Attack: A Deceptive ZIP File  [caption id="attachment_102052" align="alignnone" width="855"] DOGE BIG Infection Chain (Source: Cyble)[/caption] The attack begins with a seemingly innocuous ZIP file titled "Pay Adjustment.zip," typically disseminated through phishing emails. Inside, a shortcut file named "Pay Adjustment.pdf.lnk" awaits unsuspecting victims. [caption id="" align="alignnone" width="1024"] Contents of LNK file (Source: Cyble)[/caption] Upon activation, this shortcut silently executes a series of PowerShell commands that initiate a multi-stage infection process.  The first script, stage1.ps1, checks for administrative privileges. If detected, it proceeds to download and execute a modified version of Fog ransomware, masquerading as "Adobe Acrobat.exe" within a hidden folder in the system's startup directory. [caption id="" align="aligncenter" width="306"] Doge Big Balls Ransomware Prompt (Source: Cyble)[/caption] This stealthy placement ensures that the ransomware runs with elevated privileges, bypassing standard security measures.  Exploiting Kernel Vulnerabilities: The CVE-2015-2291 Flaw  A pivotal aspect of this attack is the exploitation of CVE-2015-2291, a vulnerability in Intel's Ethernet diagnostics driver (iqvw64e.sys). This flaw allows attackers to execute arbitrary code with kernel-level privileges through specially crafted IOCTL calls. By leveraging this vulnerability, the attackers can escalate their privileges, disable security logging, and maintain persistence within the compromised system. The malicious tool ktool.exe is responsible for this exploitation. It installs the vulnerable driver as a kernel-mode service, granting the ransomware process direct access to kernel memory. This access facilitates the injection of the SYSTEM process token into the ransomware, effectively elevating its privileges and enabling it to disable security mechanisms.  Psychological Manipulation: The "DOGE BIG BALLS" Branding  The ransomware's name, "DOGE BIG BALLS," is a deliberate attempt to associate the attack with Edward Coristine and the DOGE initiative. Coristine is a prominent figure in the tech community, known for his involvement with Elon Musk's Department of Government Efficiency (DOGE). By incorporating his name and the DOGE reference, the attackers aim to create confusion and misdirect any investigations.  The ransom note further compounds this misdirection by including Coristine's personal details, such as his home address and phone number. [caption id="" align="alignnone" width="987"] Chat window (Source: Cyble)[/caption] This tactic serves to intimidate the victim and divert attention from the true perpetrators.  Advanced Reconnaissance and Geolocation Techniques  Beyond encryption, the attackers employ new methods to gather intelligence about their victims. The lootsubmit.ps1 script collects extensive system and network information, including hardware IDs, firewall states, network configurations, and running processes. This data is transmitted to the attackers via a cloud hosting platform, aiding in further profiling and potential future attacks.  Notably, the attackers utilize the Wigle.net API to determine the victim's physical location. By querying the MAC address of the victim's router (BSSID), they can pinpoint the exact geographic location, offering more precise geolocation than traditional IP-based methods.  The Role of Havoc C2 Beacon in Post-Exploitation  Embedded within the attack is a Havoc C2 beacon (demon.x64.dll), indicating the attackers' potential to maintain long-term access or conduct additional post-encryption activities. This beacon facilitates communication with the attacker's command and control infrastructure, enabling them to issue further instructions or exfiltrate additional data from the compromised system.  The Involvement of Edward Coristine: A Case of Misattribution  Edward Coristine's name appears prominently in the ransom note, accompanied by his personal contact information. This inclusion is a strategic move by the attackers to mislead investigators and the public into believing that Coristine is responsible for the attack. In reality, Coristine has no involvement in this cybercrime. The use of his name is a calculated attempt to exploit his association with the DOGE initiative and create a false narrative.  Coristine's involvement with DOGE, a project aimed at promoting efficiency and transparency in government operations, has made him a recognizable figure in the tech community. By associating his name with the ransomware, the attackers seek to capitalize on his public profile to lend credibility to their demands and confuse potential investigators. Conclusion   To fight against DOGE BIG BALLS ransomware attacks, which skillfully combine technical prowess, psychological manipulation, and strategic misdirection—including the false attribution to Edward Coristine—organizations and individuals must adopt a proactive and layered defense strategy.   Effective mitigation begins with enforcing strict execution policies to block untrusted LNK files and PowerShell scripts, while consistently monitoring PowerShell activity for anomalies. Deploying advanced Endpoint Detection and Response (EDR) solutions capable of identifying fileless malware and suspicious behavior is essential. Limiting administrative privileges through Role-Based Access Control (RBAC) and monitoring for privilege escalation attempts can further reduce exposure. Additionally, blocking unauthorized outbound connections to services like Netlify and external APIs such as Wigle.net is crucial for preventing data exfiltration and geolocation tracking. 

image for The Code to Survival ...

 Firewall Daily

Taiwan is gearing up to launch a state-of-the-art cybersecurity center this August, amid mounting threats from the Chinese state and rapidly advancing technologies like artificial intelligence and quantum computing.  According to a report released last Wednesday by the National Institute of Cyber Security Research,   show more ...

the island nation is facing increasingly complex threats. These dangers include not only conventional attacks like ransomware and intellectual property theft, but also new risks posed by quantum tech and AI systems capable of automating cyber assaults.  The institute’s findings were first reported by the Taipei Times.  Taiwan’s Cybersecurity Center  A key concern highlighted in the report is the rising number of cyberattacks allegedly backed by the Chinese state. These cyber operations, believed to be part of Beijing’s broader campaign to destabilize Taiwan and assert dominance, have become more frequent and harder to trace. The report emphasized that Taiwan’s current incremental approach to cyber defense is no longer sufficient to meet the scale and sophistication of these threats.  To address this urgent situation, Taiwan will transition toward a more coordinated and proactive strategy. The new cyber defense hub will serve as a central hub, coordinating efforts across multiple government agencies and private sector entities. Its mission will revolve around what the institute has termed the “four pillars of cybersecurity”: bolstering societal resilience, defending the homeland and critical infrastructure, protecting key industries and supply chains, and ensuring the safe development and application of AI technologies.  “This center marks a pivotal shift in our approach,” the National Institute of Cyber Security Research stated. “We are moving away from fragmented efforts and toward a comprehensive national framework that aligns with global trends and best practices.”  Identifying National-Level Threats  The new facility will be tasked with identifying national-level threats by mapping Taiwan’s vulnerabilities and analyzing global cyber defense developments. It will also foster international partnerships, supporting Taiwan’s long-standing goal of enhancing its role in global cyber defense dialogues. Plans include the creation of regular national cyber defense conferences, which will act as platforms for policy discussion, cross-sector collaboration, and public-private partnerships. Funding will also be allocated to support new initiatives aimed at protecting government and critical infrastructure systems. Specific policies under development include the adoption of the zero-trust security model, advancement of quantum encryption methods, expansion of global cyber defense alliances, and heightened public awareness campaigns.  The cyber defense hub is also expected to play a key role in defending against potential threats stemming from quantum tech breakthroughs. With quantum computing holding the power to break traditional encryption, experts fear it could be weaponized to breach national defense systems, financial institutions, and sensitive industrial data.  Conclusion  Taiwan’s move comes at a time of growing geopolitical tension. Beijing has made no secret of its ambitions to reunify with Taiwan and has applied sustained diplomatic, military, and economic pressure to isolate the island on the global stage. Despite this, Taiwan remains determined to uphold its autonomy, backed by strong public support and growing international alliances.

image for LLMs Create a New Su ...

 Cyber News

Code-generating large language models (LLMs) have introduced a new security issue into software development: Code package hallucinations. Package hallucinations occur when an LLM generates code that references a package that doesn’t actually exist, creating an opportunity for threat actors to exploit that GenAI   show more ...

hallucination by creating a malicious repository with the same name as the hallucinated package. Researchers at the University of Texas at San Antonio (UTSA), the University of Oklahoma and Virginia Tech, detailed the package hallucination phenomenon in a paper published on arXiv last month – including some strategies for detecting hallucinated packages in code. Code Package Hallucinations Can Occur More than 20% of the Time While most research has focused on hallucinations in natural language generation and prediction tasks, the occurrence of hallucinations during code generation and the implications for code security “are still in the nascent stages of research,” the researchers said. Chinese researchers last year showed that LLMs such as ChatGPT, CodeRL, and CodeGen can significantly hallucinate during code generation. The new research, headed by UTSA’s Joseph Spracklen, looks specifically at the problem of package hallucination. “These hallucinations, which arise from fact-conflicting errors when generating code using LLMs, represent a novel form of package confusion attack that poses a critical threat to the integrity of the software supply chain,” they wrote. The researchers looked at 16 popular LLMs for code generation – among them ChatGPT, CodeLlama and DeepSeek – and found that “the average percentage of hallucinated packages is at least 5.2% for commercial models and 21.7% for open-source models.” Their tests in Python and JavaScript generated a total of 2.23 million packages in response to prompts, of which 440,445 (19.7%) were determined to be hallucinations, including “a staggering 205,474 unique examples of hallucinated package names, further underscoring the severity and pervasiveness of this threat.” “An adversary can exploit package hallucinations, especially if they are repeated, by publishing a package to an open-source repository with the same name as the hallucinated or fictitious package and containing some malicious code/functionality,” they said. “As other unsuspecting and trusting LLM users are subsequently recommended the same fictitious package in their generated code, they end up downloading the adversary-created malicious package, resulting in a successful compromise. This compromise can then spread through an entire codebase or software dependency chain, infecting any code that relies on the malicious package.” Detecting Code Package Hallucinations The researchers noted that simply comparing a package name with a list of known packages is ineffective because an adversary may have already published under the hallucinated package name. Their research used three heuristics that provided specific package names, after which “we simply compare each package name to a master list of package names acquired from PyPI and npm, respectively... If a package name is not on the master list, it is considered a hallucination.” “We acknowledge the possibility that the master list of packages obtained from the package repositories has already been contaminated with malicious hallucinated packages,” the researchers wrote. “It is not possible to guarantee that the master list actually represents the ground truth of valid packages; however, the presence of hallucinated packages already in the master list would actually produce fewer hallucinations, and therefore our results represent a lower bound of hallucination rate.” The researchers were able to reduce code package hallucinations by as much as 85% using mitigation strategies. Retrieval Augmented Generation (RAG) and supervised fine-tuning turned out to be the most effective approaches for reducing package hallucination, but the mitigation techniques came at the cost of code quality. “In summary, our results demonstrate that while all tested mitigation strategies effectively reduce package hallucinations, fine-tuning comes at the cost of diminished code quality,” they said. “Further research is needed to develop fine-tuning methods that minimize hallucinations without compromising quality. In the meantime, RAG and self-refinement offer promising alternatives.” With surveys showing as many as 97% of developers using GenAI tools to some degree in code development, the need for effective error mitigation strategies will only increase.

image for CISO priorities in 2 ...

 Business

In late March, the popular CISO MindMap, a cheat sheet on infosec team priorities, was updated. However, the economic landscape began shifting just days after its release. Now that the likelihood of economic instability, recession, falling oil prices, and rising microchip costs has increased, many companies and their   show more ...

CISOs face a pressing issue: cost optimization. In light of these developments, we decided to examine the CISO MindMap from a different angle, and highlight new or crucial infosec projects that can contribute to budget savings without creating excessive organizational risks. Optimization of tools MindMap authors advice CISOs to consolidate and rationalize infosec tools. In an IDC study from 2024, something like half of all large organizations surveyed used more than 40 infosec tools, and a quarter – more than 60. This abundance typically leads to decreased productivity, employee fatigue from unsynchronized and uncoordinated alerts, and excessive expenditure. The solution lies in either consolidating the tech stack under a single-vendor approach (one vendor for the security platform and all its components), or selecting the best tool in each category. The latter approach requires (i) strict compliance with open communication standards, and (ii) API integration capabilities. Its better suited for technologically mature teams capable of allocating internal resources (primarily time) to properly and efficiently set up integrations according to the infosec departments procedures. For effective stack consolidation, there are specialized planning tools that can assess all infosec systems that have been implemented, identify gaps in coverage, and pinpoint areas of significant functional overlap. This analysis also reveals inefficiently used tools that can be safely eliminated. For some niche and infrequent tasks, open-source tools can bring about budget savings. However, for large systems like SIEM that see regular use, open-source solutions may not be cheaper than proprietary ones due to the extensive efforts required for implementation, fine-tuning and support. Consolidation often goes hand-in-hand with automation, which is only achievable with a well-synchronized toolset. In the same above-mentioned IDC study, it was found that companies that consolidated their tools and adopted modern XDR and SOAR solutions achieved average cost savings of 16% and analyst time savings of 20%. Simultaneously, they saw an improvement in organizational security with Mean Time to Respond (MTTR) decreasing by 21% and incident resolution time by 19.5%. Automation While automation projects initially involve additional expenses, their implementation in infosec processes pays off in the long run by saving analyst time and mitigating the talent shortage. Automation is not necessarily based on neural networks and language models, but these trendy technologies are already making practical contributions in several infosec areas. Tangible results are primarily achievable through the following measures: Selective incident response automation Alert prioritization in the monitoring center Application of infosec policies to accounts and resources Verification of compliance of internal policies with regulatory ones and enforcement of these policies Risk assessment and prioritization of infosec controls Automated third-party risk management (TPRM) Generative AI Despite the economic challenges, many companies continue to prioritize the implementation of AI-powered tools, viewing these as essential for future competitiveness and economic efficiency. Some organizations have even issued management directives such as Before you hire a new employee, prove that AI cannot do their job. From the infosec perspective, the widespread adoption of AI-powered technology has both advantages and disadvantages. On the one hand, the vast and poorly understood array of AI tools creates a significant additional workload on infosec teams. On the other, it provides an opportunity to launch and fund various infosec initiatives within the broader corporate AI implementation program. To effectively manage AI-related risks, a company needs to do the following: Establish standards and regulations for the use of AI-powered solutions, while keeping in mind the rapidly evolving regulatory landscape in this area Create a controlled list of approved AI tools for different departments and processes Regularly review recommendations and verify that all AI-driven processes comply with infosec policies Include AI tools in the asset inventory for vulnerability management and infosec assessments  Develop specialized training programs for both AI users and infosec personnel Using open-source AI solutions instead of proprietary cloud systems can reduce operational costs and enhance data protection – especially when the solutions are deployed within the organizations network or in a private cloud. However, the availability of suitable, high-quality open-source models depends on the specific use case. Meaningful infosec metrics This area doesnt require substantial financial investment but it significantly simplifies the process of justifying infosec budgets to the board of directors. The composition of key metrics varies across industries and companies, but the following groups are worth considering: Risk level and achieved risk reduction expressed in financial terms Organizational readiness for attacks (MTTR, MTTD) and its trends Progress in ongoing infosec projects, including automation and tool consolidation Effectiveness of infosec measures and its trends: average time to remediate critical and other vulnerabilities, percentage of users successfully passing cybersecurity testing, and so on Identity management While implementing comprehensive IAM solutions can be expensive, companies can find a balance that provides significant risk reduction at a reasonable cost. Many companies still lack basic infosec controls like multi-factor authentication. Even limited implementation of these controls significantly reduces the risk of compromise through credential theft. In addition to cost-effective solutions that utilize TOTP-based authenticator apps, 2025 has seen passkey-based solutions mature and become quite user-friendly on the major platforms (Microsoft, Google, Apple). This phishing-resistant, highly affordable authentication method is worth deploying at least for employees who have access to critical data and systems, and ideally, for everyone. Ultimately, the transition to passkeys can also improve efficiency for all employees, as password-free access saves time and reduces support costs for password-related issues. Another aspect of IAM is centralized management of machine identities, API tokens, and other secrets. Due to a significant increase in attacks on cloud environments, investments in this area are likely unavoidable. However, many companies can strategically plan the implementation of appropriate tools by deploying open-source solutions in their infrastructure, utilizing secret managers included in their cloud provider subscriptions, and so on. SOC cost management Security operations centers (SOCs) represent a major expense in any infosec budget, with significant costs associated with analyst effort, data storage, and processing. Effective separation into hot and cold log storage can significantly reduce data storage costs. For large companies, its worth considering hierarchical or geographically distributed processing infrastructure. In some cases, such as with our SIEM – the Kaspersky Unified Monitoring and Analysis Platform – SIEM hardware savings can reach 50%.

image for Trump Revenge Tour T ...

 A Little Sunshine

President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security   show more ...

professionals at Krebs’s employer SentinelOne, comes as CISA is facing huge funding and staffing cuts. Chris Krebs. Image: Getty Images. The extraordinary April 9 memo directs the attorney general to investigate Chris Krebs (no relation), calling him “a significant bad-faith actor who weaponized and abused his government authority.” The memo said the inquiry will include “a comprehensive evaluation of all of CISA’s activities over the last 6 years and will identify any instances where Krebs’ or CISA’s conduct appears to be contrary to the administration’s commitment to free speech and ending federal censorship, including whether Krebs’ conduct was contrary to suitability standards for federal employees or involved the unauthorized dissemination of classified information.” CISA was created in 2018 during Trump’s first term, with Krebs installed as its first director. In 2020, CISA launched Rumor Control, a website that sought to rebut disinformation swirling around the 2020 election. That effort ran directly counter to Trump’s claims that he lost the election because it was somehow hacked and stolen. The Trump campaign and its supporters filed at least 62 lawsuits contesting the election, vote counting, and vote certification in nine states, and nearly all of those cases were dismissed or dropped for lack of evidence or standing. When the Justice Department began prosecuting people who violently attacked the U.S. Capitol on January 6, 2021, President Trump and Republican leaders shifted the narrative, claiming that Trump lost the election because the previous administration had censored conservative voices on social media. Incredibly, the president’s memo seeking to ostracize Krebs stands reality on its head, accusing Krebs of promoting the censorship of election information, “including known risks associated with certain voting practices.” Trump also alleged that Krebs “falsely and baselessly denied that the 2020 election was rigged and stolen, including by inappropriately and categorically dismissing widespread election malfeasance and serious vulnerabilities with voting machines” [emphasis added]. Krebs did not respond to a request for comment. SentinelOne issued a statement saying it would cooperate in any review of security clearances held by its personnel, which is currently fewer than 10 employees. Krebs’s former agency is now facing steep budget and staff reductions. The Record reports that CISA is looking to remove some 1,300 people by cutting about half its full-time staff and another 40% of its contractors. “The agency’s National Risk Management Center, which serves as a hub analyzing risks to cyber and critical infrastructure, is expected to see significant cuts, said two sources familiar with the plans,” The Record’s Suzanne Smalley wrote. “Some of the office’s systematic risk responsibilities will potentially be moved to the agency’s Cybersecurity Division, according to one of the sources.” CNN reports the Trump administration is also advancing plans to strip civil service protections from 80% of the remaining CISA employees, potentially allowing them to be fired for political reasons. The Electronic Frontier Foundation (EFF) urged professionals in the cybersecurity community to defend Krebs and SentinelOne, noting that other security companies and professionals could be the next victims of Trump’s efforts to politicize cybersecurity. “The White House must not be given free reign to turn cybersecurity professionals into political scapegoats,” the EFF wrote. “It is critical that the cybersecurity community now join together to denounce this chilling attack on free speech and rally behind Krebs and SentinelOne rather than cowering because they fear they will be next.” However, Reuters said it found little sign of industry support for Krebs or SentinelOne, and that many security professionals are concerned about potentially being targeted if they speak out. “Reuters contacted 33 of the largest U.S. cybersecurity companies, including tech companies and professional services firms with large cybersecurity practices, and three industry groups, for comment on Trump’s action against SentinelOne,” wrote Raphael Satter and A.J. Vicens. “Only one offered comment on Trump’s action. The rest declined, did not respond or did not answer questions.” CYBERCOM-PLICATIONS On April 3, President Trump fired Gen. Timothy Haugh, the head of the National Security Agency (NSA) and the U.S. Cyber Command, as well as Haugh’s deputy, Wendy Noble. The president did so immediately after meeting in the Oval Office with far-right conspiracy theorist Laura Loomer, who reportedly urged their dismissal. Speaking to reporters on Air Force One after news of the firings broke, Trump questioned Haugh’s loyalty. Gen. Timothy Haugh. Image: C-SPAN. Virginia Senator Mark Warner, the top Democrat on the Senate Intelligence Committee, called it inexplicable that the administration would remove the senior leaders of NSA-CYBERCOM without cause or warning, and risk disrupting critical ongoing intelligence operations. “It is astonishing, too, that President Trump would fire the nonpartisan, experienced leader of the National Security Agency while still failing to hold any member of his team accountable for leaking classified information on a commercial messaging app – even as he apparently takes staffing direction on national security from a discredited conspiracy theorist in the Oval Office,” Warner said in a statement. On Feb. 28, The Record’s Martin Matishak cited three sources saying Defense Secretary Pete Hegseth ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions. The following day, The Guardian reported that analysts at CISA were verbally informed that they were not to follow or report on Russian threats, even though this had previously been a main focus for the agency. A follow-up story from The Washington Post cited officials saying Cyber Command had received an order to halt active operations against Russia, but that the pause was intended to last only as long as negotiations with Russia continue. The Department of Defense responded on Twitter/X that Hegseth had “neither canceled nor delayed any cyber operations directed against malicious Russian targets and there has been no stand-down order whatsoever from that priority.” But on March 19, Reuters reported several U.S. national security agencies have halted work on a coordinated effort to counter Russian sabotage, disinformation and cyberattacks. “Regular meetings between the National Security Council and European national security officials have gone unscheduled, and the NSC has also stopped formally coordinating efforts across U.S. agencies, including with the FBI, the Department of Homeland Security and the State Department,” Reuters reported, citing current and former officials. TARIFFS VS TYPHOONS President’s Trump’s institution of 125% tariffs on goods from China has seen Beijing strike back with 84 percent tariffs on U.S. imports. Now, some security experts are warning that the trade war could spill over into a cyber conflict, given China’s successful efforts to burrow into America’s critical infrastructure networks. Over the past year, a number of Chinese government-backed digital intrusions have come into focus, including a sprawling espionage campaign involving the compromise of at least nine U.S. telecommunications providers. Dubbed “Salt Typhoon” by Microsoft, these telecom intrusions were pervasive enough that CISA and the FBI in December 2024 warned Americans against communicating sensitive information over phone networks, urging people instead to use encrypted messaging apps (like Signal). The other broad ranging China-backed campaign is known as “Volt Typhoon,” which CISA described as “state-sponsored cyber actors seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.” Responsibility for determining the root causes of the Salt Typhoon security debacle fell to the Cyber Safety Review Board (CSRB), a nonpartisan government entity established in February 2022 with a mandate to investigate the security failures behind major cybersecurity events. But on his first full day back in the White House, President Trump dismissed all 15 CSRB advisory committee members — likely because those advisers included Chris Krebs. Last week, Sen. Ron Wyden (D-Ore.) placed a hold on Trump’s nominee to lead CISA, saying the hold would continue unless the agency published a report on the telecom industry hacks, as promised. “CISA’s multi-year cover up of the phone companies’ negligent cybersecurity has real consequences,” Wyden said in a statement. “Congress and the American people have a right to read this report.” The Wall Street Journal reported last week Chinese officials acknowledged in a secret December meeting that Beijing was behind the widespread telecom industry compromises. “The Chinese official’s remarks at the December meeting were indirect and somewhat ambiguous, but most of the American delegation in the room interpreted it as a tacit admission and a warning to the U.S. about Taiwan,” The Journal’s Dustin Volz wrote, citing a former U.S. official familiar with the meeting. Meanwhile, China continues to take advantage of the mass firings of federal workers. On April 9, the National Counterintelligence and Security Center warned (PDF) that Chinese intelligence entities are pursuing an online effort to recruit recently laid-off U.S. employees. “Foreign intelligence entities, particularly those in China, are targeting current and former U.S. government (USG) employees for recruitment by posing as consulting firms, corporate headhunters, think tanks, and other entities on social and professional networking sites,” the alert warns. “Their deceptive online job offers, and other virtual approaches, have become more sophisticated in targeting unwitting individuals with USG backgrounds seeking new employment.” Image: Dni.gov ELECTION THREATS As Reuters notes, the FBI last month ended an effort to counter interference in U.S. elections by foreign adversaries including Russia, and put on leave staff working on the issue at the Department of Homeland Security. Meanwhile, the U.S. Senate is now considering a House-passed bill dubbed the “Safeguard American Voter Eligibility (SAVE) Act,” which would order states to obtain proof of citizenship, such as a passport or a birth certificate, in person from those seeking to register to vote. Critics say the SAVE Act could disenfranchise millions of voters and discourage eligible voters from registering to vote. What’s more, documented cases of voter fraud are few and far between, as is voting by non-citizens. Even the conservative Heritage Foundation acknowledges as much: An interactive “election fraud map” published by Heritage lists just 1,576 convictions or findings of voter fraud between 1982 and the present day. Nevertheless, the GOP-led House passed the SAVE Act with the help of four Democrats. Its passage in the Senate will require support from at least seven Democrats, Newsweek writes. In February, CISA cut roughly 130 employees, including its election security advisors. The agency also was forced to freeze all election security activities pending an internal review. The review was reportedly completed in March, but the Trump administration has said the findings would not be made public, and there is no indication of whether any cybersecurity support has been restored. Many state leaders have voiced anxiety over the administration’s cuts to CISA programs that provide assistance and threat intelligence to election security efforts. Iowa Secretary of State Paul Pate last week told the PBS show Iowa Press he would not want to see those programs dissolve. “If those (systems) were to go away, it would be pretty serious,” Pate said. “We do count on a lot those cyber protections.” Pennsylvania’s Secretary of the Commonwealth Al Schmidt recently warned the CISA election security cuts would make elections less secure, and said no state on its own can replace federal election cybersecurity resources. The Pennsylvania Capital-Star reports that several local election offices received bomb threats around the time polls closed on Nov. 5, and that in the week before the election a fake video showing mail-in ballots cast for Trump and Sen. Dave McCormick (R-Pa.) being destroyed and thrown away was linked to a Russian disinformation campaign. “CISA was able to quickly identify not only that it was fraudulent, but also the source of it, so that we could share with our counties and we could share with the public so confidence in the election wasn’t undermined,” Schmidt said. According to CNN, the administration’s actions have deeply alarmed state officials, who warn the next round of national elections will be seriously imperiled by the cuts. A bipartisan association representing 46 secretaries of state, and several individual top state election officials, have pressed the White House about how critical functions of protecting election security will perform going forward. However, CNN reports they have yet to receive clear answers. Nevada and 18 other states are suing Trump over an executive order he issued on March 25 that asserts the executive branch has broad authority over state election procedures. “None of the president’s powers allow him to change the rules of elections,” Nevada Secretary of State Cisco Aguilar wrote in an April 11 op-ed. “That is an intentional feature of our Constitution, which the Framers built in to ensure election integrity. Despite that, Trump is seeking to upend the voter registration process; impose arbitrary deadlines on vote counting; allow an unelected and unaccountable billionaire to invade state voter rolls; and withhold congressionally approved funding for election security.” The order instructs the U.S. Election Assistance Commission to abruptly amend the voluntary federal guidelines for voting machines without going through the processes mandated by federal law. And it calls for allowing the administrator of the so-called Department of Government Efficiency (DOGE), along with DHS, to review state voter registration lists and other records to identify non-citizens. The Atlantic’s Paul Rosenzweig notes that the chief executive of the country — whose unilateral authority the Founding Fathers most feared — has literally no role in the federal election system. “Trump’s executive order on elections ignores that design entirely,” Rosenzweig wrote. “He is asserting an executive-branch role in governing the mechanics of a federal election that has never before been claimed by a president. The legal theory undergirding this assertion — that the president’s authority to enforce federal law enables him to control state election activity — is as capacious as it is frightening.”

image for Hertz Falls Victim t ...

 Feed

Customer data such as birth dates, credit card numbers and driver's license information were stolen when threat actors exploited zero-day vulnerabilities in Cleo-managed file transfer products.

 Feed

A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks

 Feed

Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, nearly a year after it paused its efforts due to data protection concerns from Irish regulators. "This training will better support millions of people and businesses in Europe, by teaching our generative AI models to better

 Feed

Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’ excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025, This report is the first and only report to merge

 Feed

The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as Slow Pisces, which is also known as Jade Sleet, PUKCHONG,

 Feed

The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. "Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save money and, in this case, plausibly blend in with the pool of

 Feed

A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and including 6.1.4.

 Feed

Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens. The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency eXchange Trading),

 AI

In episode 46 of The AI Fix, China trolls US tariffs, a microscopic pogoing flea-bot makes a tiny leap forward for robotics, Google unveils the Agent2Agent protocol, a robot dog is so cute it ruins Graham's entire day, and Europe commits €20 billion and all of its buzzwords to five moonshot AI gigafactories.   show more ...

Graham brings his clone to work for a game of “Cluley or Cloney”, and Mark introduces Graham to a mind-reading technology that could transform the lives of people with serious neurological disorders. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

 Data loss

RansomHouse is a cybercrime operation that follows a Ransomware-as-a-Service (RaaS) business model, where affiliates (who do not require technical skills of their own) use the ransomware operator's infrastructure to extort money from victims. Read more in my article on the Fortra blog.

 0CISO2CISO

Get to know Amar Dabaja, a SWE member who designs automotive crash detection and airbag control modules. Source Views: 0 La entrada Arab American Women in Engineering: Meet Amar Dabaja se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Prof. Lilia Labidi and engineer Besma Wchir share the state of women engineers in Tunisia, including data, historical context, and women who are making an impact in the government. Source Views: 0 La entrada Women Engineers in Tunisia: Data and Representation se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.techrepublic.com – Author: TechRepublic Staff We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Learn how to set up and use LastPass password manager. Start managing and   show more ...

storing your passwords with […] La entrada How to Use LastPass Password Manager – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Each month throughout the year, we’ll be spotlighting a SWE Affinity Group. We are excited to highlight SWE’s GradSWE Community Affinity Group! Source Views: 0 La entrada Meet the GradSWE Affinity Group se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Learn about the medical technology field and the mentoring opportunities at Smith+Nephew in this roundtable discussion on Diverse: a SWE podcast! Source Views: 0 La entrada SWE Diverse Podcast Ep 224: Medical Technology Roundtable with Smith+Nephew se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

The Program Development Grant (PDG) Committee provides opportunities for Society of Women Engineers (SWE) groups to receive money to host outreach and professional development events. Source Views: 0 La entrada SWE UCLA Virtual Conference Helps Over 250 Women Break Barriers in STEM se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

SWE’s advocacy team met with leaders at the White House’s Office of Science and Technology Policy about efforts to update the Five-Year Federal STEM Education Plan. Learn more about SWE’s recommendations and concerns in this article. Source Views: 0 La entrada SWE Weighs in With White House on Federal STEM Education Plan se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Interested in taking on a leadership role in the SWE Senate? Learn about the role of Senator in our interview with these current and past SWE Senators! Source Views: 0 La entrada SWE Senate Spotlight: Learn About the Senator Role se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Iain Thomson Canny Windows users who’ve spotted a mysterious folder on hard drives after applying last week’s security patches for the operating system can rest assured – it’s perfectly benign. In fact, it’s recommended you leave the directory there.   show more ...

The folder, typically C:inetpub, is empty and related to Microsoft’s Internet Information […] La entrada Don’t delete that mystery empty folder. Windows put it there as a security fix – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: Gary By Gary S. Miliefsky, Publisher, Cyber Defense Magazine In today’s hyperconnected world, protecting critical infrastructure has become a national imperative. From energy grids and transportation systems to water treatment facilities and manufacturing   show more ...

plants—operational technology (OT) environments are the backbone of our society, and they’re under siege like never before. As […] La entrada Publisher’s Spotlight: Industrial Defender – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team We’ve spent months analyzing how AI-powered coding assistants like GitHub Copilot handle security risks. The results? Disturbing. The Hidden Risks of AI Code Assistants GitHub Copilot is marketed as a productivity tool for developers, helping them write   show more ...

code faster. However, our vulnerabilities researcher, Fufu Shpigelman, uncovered vulnerabilities that expose […] La entrada Why Securing Prompts Will Never Be Enough: The GitHub Copilot Case – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team As the number of endpoint devices increases, managing and securing them becomes complex. The traditional way of using separate security tools for desktops, mobile devices, tablets, and other endpoints is starting to fall short of maintaining security.   show more ...

Today, organizations need to smartly manage their devices and security in a […] La entrada Unified Endpoint Management: One Tool to Rule All – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 A Little Sunshine

Source: krebsonsecurity.com – Author: BrianKrebs President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House   show more ...

memo, which also suspended clearances for other security professionals at […] La entrada Trump Revenge Tour Targets Cyber Leaders, Elections – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: If you are a developer working on cryptocurrency projects, beware of people trying to hire you on LinkedIn – they could be North Korean hackers. In an April 14 report, Unit 42, Palo Alto Networks’ research branch, shared new findings about Slow Pisces, a   show more ...

hacking group affiliated with the North Korean […] La entrada North Korean Hackers Exploit LinkedIn to Infect Crypto Developers with Infostealers – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Compliance

Source: www.infosecurity-magazine.com – Author: Complying with regulations is the biggest cybersecurity challenge for UK financial services firms, according to new research by Bridewell Consulting. Nearly half (44%) of financial services organizations surveyed cited compliance as one of the top five cyber   show more ...

challenges they face at present. This was followed by data protection and privacy (39%), […] La entrada Compliance Now Biggest Cyber Challenge for UK Financial Services – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-04
Aggregator history
Tuesday, April 15
TUE
WED
THU
FRI
SAT
SUN
MON
AprilMayJune