Beijing-affiliated Hacking Group Targets Organizations in Taiwan and U.S. NGO In a recent development, organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have fallen victim to a state-sponsored hacking group known as Daggerfly, linked to Beijing. This group has been identified as using an advanced set of malware tools in their…
Cybersecurity Researchers Uncover FrostyGoop Malware Targeting Energy Company in Ukraine Cybersecurity researchers recently uncovered the ninth Industrial Control Systems (ICS)-focused malware called FrostyGoop. This malicious software was used in a disruptive cyber attack targeting an energy company in Lviv, Ukraine, in January. The industrial cybersecurity firm Dragos identified FrostyGoop as the first malware strain to…
The Spear-Phishing Campaign The Computer Emergency Response Team of Ukraine (CERT-UA) recently issued a warning about a spear-phishing campaign aimed at a scientific research institution within the country. This malicious campaign involved the deployment of two types of malware – HATVIBE and CHERRYSPY. These malware entities were used to infiltrate the targeted institution’s systems and…
The Risks of Sharing Temporary First-Day Passwords The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the risky practice of sharing temporary first-day passwords. This antiquated method can expose organizations to serious security risks, putting sensitive information at stake. The Traditional Dilemma for IT Departments Traditionally,…
European Commission Gives Meta Deadline to Address Concerns Over Advertising Model Meta, the parent company of popular social media platforms Facebook and Instagram, has been put on notice by the European Commission to address concerns regarding its “pay or consent” advertising model. The European Commission has given Meta a deadline of September 1, 2024, to…
Unveiling the Deceptive Use of Swap Files by Threat Actors In a recent discovery by Sucuri, threat actors have taken a devious approach to conceal a persistent credit card skimmer on compromised websites. The malicious actors leveraged swap files on a Magento e-commerce site’s checkout page to deploy the skimmer and stealthily harvest payment information….
Google’s U-turn on Phasing Out Third-Party Tracking Cookies After more than four years of debate and development, Google recently did a complete 180 on its decision to phase out third-party tracking cookies in its Chrome web browser. Initially introduced as part of the Privacy Sandbox initiative, the proposal aimed to address privacy concerns and improve…
The Intricate Web of TDSs, DNS, and Cybercrime Organized crime syndicates are constantly evolving their tactics and technology to stay ahead in the cybercrime game. Recently, a Chinese crime syndicate has been making waves with its advanced technology suite, linked to activities such as money laundering and human trafficking across Southeast Asia. One of the…
Financially Motivated Actor FLUXROOT Leverages Google Cloud for Credential Phishing A Latin America-based financially motivated actor known as FLUXROOT has recently caught the attention of security experts for its malicious activities. This actor has been seen exploiting Google Cloud serverless projects to carry out credential phishing campaigns, shedding light on the growing trend of abusing…
The Comprehensive Playbook for vCISOs: Your First 100 Days As a vCISO (Virtual Chief Information Security Officer), your role involves spearheading your client’s cybersecurity strategy, risk governance, and overall information security initiatives. This multifaceted position requires a broad skill set encompassing research, strategy development, execution, and reporting. To help vCISOs navigate their crucial initial phase…