Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Latest News

Sandworm’s Evolving Cyber Threat: BadPilot Expands Global Reach

  Sandworm, also known as Russia's Military Unit 74455 within the GRU, has established itself as one of the most notorious advanced pers...

All the recent news you need to know
SamCERT
APT40 Chinese Hacker Cyber Attacks Malicious Campaign SamCERT

China-backed APT40 Hacking Outfit Implicated for Samoa Cyberattacks

 

Samoa's national cybersecurity office issued an urgent advisory after the Chinese state-sponsored cyber outfit APT40 escalated its attacks on government and critical infrastructure networks across the Pacific. 

Samoa's Computer Emergency Response Team, or SamCERT, has warned that APT40 is using fileless malware and modified commodity malware to attack and persist within networks without being detected. 

The majority of Chinese nation-state activity has focused on Southeast Asia and Western nations, but the advisory, based on SamCERT investigations and intelligence from partner nations, warned of digital spying threats posed by the outfit's prolonged presence within targeted networks in the Blue Pacific region, which includes thousands of islands in the vast central Pacific Ocean. 

"It is essential to note that throughout our investigations we have observed the threat actor pre-positioning themselves in the networks for long periods of time and remaining undetected before conducting exfiltration activity," SamCERT noted. "This activity is sophisticated.” 

In August 2023, China-aligned APT40, also known as IslandDreams on Google, launched a phishing attack aimed at victims in Papua New Guinea. The emails had multiple attachments, including an exploit, a password-protected fake PDF that could not be read, and an.lnk file. The.lnk file was created to execute a malicious.dll payload from either a hard-coded IP address or a file-sharing website. 

The final stage of the assault attempts to install BoxRat, an in-memory backdoor for.NET that connects to the attackers' botnet command-and-control network via the Dropbox API. 

APT40, which was previously linked to operations in the United States and Australia, has moved its attention to Pacific island nations, where it employs advanced tactics such as DLL side-loading, registry alterations, and memory-based malware execution. The group's methods also include using modified reverse proxies to gather sensitive data while concealing command-and-control communications. 

SamCERT's findings indicate that APT40 gains long-term access to networks, executing reconnaissance and data theft operations over extended periods. The outfit relies on lateral movement across networks, often using legitimate administrative tools to bypass security measures and maintain control. 

The agency recommends organisations to use methodical threat hunting, enable complete logging, and assess incident response procedures. It further recommends that endpoints and firewalls be patched immediately to close the vulnerabilities exploited by APT40.
Read more »
Hackers
CVE CVE exploits CVE vulnerability Cyber Security data security Data Theft Hacker attack Hackers

Hackers Exploit ThinkPHP and ownCloud Vulnerabilities from 2022 and 2023

 

Hackers are increasingly exploiting outdated security flaws in poorly maintained systems, with vulnerabilities from 2022 and 2023 seeing a surge in attacks. According to threat intelligence platform GreyNoise, malicious actors are actively targeting CVE-2022-47945 and CVE-2023-49103, affecting the ThinkPHP Framework and the open-source ownCloud file-sharing solution. 

Both vulnerabilities are critical, allowing attackers to execute arbitrary commands or steal sensitive data, such as admin credentials and license keys. CVE-2022-47945 is a local file inclusion (LFI) flaw in ThinkPHP versions before 6.0.14. If the language pack feature is enabled, unauthenticated attackers can remotely execute operating system commands. 

Akamai reported that Chinese threat groups have exploited this flaw since late 2023, and GreyNoise recently detected 572 unique IPs actively attacking vulnerable systems. Despite having a low Exploit Prediction Scoring System (EPSS) rating of just 7% and not being listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, CVE-2022-47945 remains under heavy assault. 

The second vulnerability, CVE-2023-49103, impacts ownCloud’s file-sharing software. It stems from a third-party library that leaks PHP environment details through a public URL. After its disclosure in November 2023, hackers began exploiting the flaw to steal sensitive data. A year later, it was named one of the FBI, CISA, and NSA’s top 15 most exploited vulnerabilities. 

Even though a patch was released over two years ago, many ownCloud systems remain unpatched and exposed. GreyNoise recently observed malicious activity from 484 unique IPs targeting this vulnerability. To defend against these active threats, users are strongly advised to upgrade to ThinkPHP 6.0.14 or later and ownCloud GraphAPI 0.3.1 or newer. 

Taking vulnerable systems offline or placing them behind a firewall can significantly reduce the attack surface and prevent exploitation. As hackers continue to leverage older, unpatched vulnerabilities, staying vigilant with timely updates and robust security practices remains crucial in protecting critical systems and sensitive data.
Read more »
Technolony
CyberCrime Cybercriminaks Cyberhackers Cybersecurity CyberThreat IoT Security Risks Technolony

Addressing the Security Risks Posed by IoT Devices

 


There has been a marked change in daily life as a result of the proliferation of IoT devices, and Transforma Insights estimates that 14 billion such devices are connected globally, indicating that this type of technology has profound effects. In today's modern lifestyle, the Internet of Things has become deeply integrated into our everyday lives, from smart home appliances to advanced automotive systems. IoT-enabled technology is increasingly prevalent thanks to the ubiquity of smartphones and wearables, which means that individuals are interacting with it nearly constantly. 

Although these interconnected devices are convenient and efficient for consumers, they also represent serious cyber threats, particularly for insurers and the people they insure on commercial policies. A growing reliance on the Internet of Things is being met with a growing number of threats, making it imperative to develop robust risk management strategies and implement enhanced protection mechanisms to combat these threats as they emerge. 

There is a vast network of internet-connected devices being used in the Internet of Things (IoT), which collects and exchanges data across a wide array of different devices, from smart appliances to systems critical to infrastructure. The Internet of Things involves making sure that devices are properly inventoried, visible and secure within interconnected ecosystems to ensure that they are monitored and controlled, as well as providing your data with the appropriate level of protection. We call this IoT security. Although IoT security is of the same kind as traditional network security, it is more complex as a result of the high stakes connected with IoT systems.

There is a serious risk of cyber attacks associated with IoT devices, as they can control power plants, healthcare systems, and surveillance systems differently than standard computers can. Security measures, authentication protocols, and proactive risk management are essential for safeguarding these systems from potential breaches that could have severe consequences if not taken care of promptly. There has been an explosion of the Internet of Things (IoT), which embraces a broader range of applications than just consumer applications, including critical sectors such as healthcare, utilities, and transport,t when it comes to security vulnerabilities. This has far-reaching consequences, both for consumers and for these sectors. 

In industries such as banking, health care, and information technology, data breaches can hurt the reputation of the organization, resulting in the loss of sensitive personal data, disruption of operations, and the potential for more serious problems. IoT technology is becoming increasingly reliant on security frameworks as a consequence of its use, and as a consequence, we need to reassess them. There is a need to strengthen device security, implement more rigorous industry standards, and create a culture in which security is valued, as these are crucial steps that will allow industries and infrastructure to be protected from threats. 

IoT has fundamentally changed industries across the globe, transforming them from devices that were initially used in smart homes to a system that is designed to integrate agricultural practices, healthcare, transport, and manufacturing all in one intricate, interconnected ecosystem. The Internet of Things has the potential to transform businesses, automate complex processes, and increase operational efficiency at unprecedented scales by enabling real-time decision-making and automating complex processes. However, despite its transformative potential, significant security vulnerabilities pose substantial risks, which may undermine its potential.

IoT devices often lack the basics of security, such as encryption, regular firmware updates, and secure boot processes, which leaves them vulnerable to cyber threats if they are not secured. In addition to the overwhelming number of IoT devices being deployed, cyber attackers can exploit each device as a potential entry point for a cyber attack. This makes the situation even more difficult. Once an IoT device is compromised, it can serve as a gateway for more critical systems that enable malicious actors to take advantage of the interconnected nature of networks and escalate security breaches across interconnected networks. Because infrastructures are interconnected, there is a greater risk of widespread vulnerabilities cascading into the entire infrastructure, which can lead to compromise.

There is an urgency for security gaps, as well as a need to take a comprehensive approach that includes the development of robust authentication protocols, standardizing security measures across industries, and committing to continuous risk assessment as a proactive measure. In a rapidly evolving digital ecosystem driving innovation and efficiency, it is important to protect these devices from emerging cyber threats to ensure the integrity and resilience of the ecosystem as it continues to grow. IoT devices have grown rapidly over the past few years, providing businesses with considerable convenience and operational efficiency as a result of their internet-connected nature. This expansion, however, presents significant security challenges that must be addressed if sensitive information is going to be safeguarded and essential infrastructure is going to be protected from malicious threats posed by cybercriminals. 

Weak default passwords pose a primary vulnerability, as well as insufficient software updates and a breach in data protection can all lead to unauthorized access, operational disruptions, and serious security breaches, all of which pose a serious threat. Since IoT systems are increasingly being relied upon for several tasks, effective measures must be implemented to mitigate cyber risks and increase the defences against potential cyberattacks. As a result of the use of robust authentication methods like multi-factor verification and biometric authentication, IoT systems need to be protected from unauthorized access.

A rigorous application of encryption protocols is required for secure data exchanges to ensure that sensitive information is protected from interception and exploitation. As a further step towards strengthening IoT security frameworks, the use of encryption protocols and firewalls can also be used to establish secure network connections. Furthermore, IoT devices need to be regularly updated and constantly monitored to be able to detect vulnerabilities and to be able to respond proactively to potential threats. 

A further enhancement to IoT infrastructure protection is the implementation of physical security measures, including tamper-resistant device designs and secure storage solutions. IoT ecosystems can only be strengthened by utilizing a comprehensive, multi-layered approach that integrates policy enforcement, software security, and network segmentation. In an increasingly interconnected digital environment, organizations need to take steps to mitigate cybersecurity risks to ensure IoT systems remain secure, resilient, and capable of sustaining critical operations to combat emerging cyber threats. 

IoT (Internet of Things) adoption is becoming more and more prevalent in both personal and industrial environments, thus posing the need to consider the associated security risks critically. In today's ever so complex and interconnected world, every interconnected device presents a unique set of challenges, leading to the need for companies and governments to adopt a proactive and comprehensive security strategy to ensure sensitive data is protected, system integrity is maintained, and unauthorized access is prevented. There is no single approach to IoT security, and the framework should incorporate multiple elements that encompass device discovery, risk analysis, and continuous monitoring as part of the overall approach.

To ensure effective security management, it is essential to identify and classify all connected devices so that visibility and control can be maintained across the entire network. As a result of conducting comprehensive risk assessments, organizations may be able to identify vulnerabilities in real-time and implement targeted security measures to mitigate any potential threats to their business. For continuous protection to be ensured, regular monitoring and sophisticated defence mechanisms are essential, allowing rapid detection of emerging cyber risks and enforcing rapid response to them. 

It is imperative for maximizing IoT security that advanced security tools and platforms are incorporated into the design. As organizations are aware of the importance of cybersecurity, solutions such as Continuous Automated Asset and Security Management (CAASM) and Cyber Risk Quantification (CRQ) provide an organization with the capability of automatically identifying and profiling IoT devices as well as dynamically assessing risks and implementing effective security protocols. Utilizing these advanced technologies can enable organizations to enhance their cybersecurity posture, minimize the exposure of their IoT ecosystems to cyber threats, and ensure the resilience of their system against cyberattacks. 

IoT security should be viewed as a strategic and systematic approach to mitigate risks, maintain a secure digital infrastructure and mitigate the potential risks of the Internet of Things. Investing in cutting-edge security solutions will empower businesses to take proactive moves in addressing vulnerabilities, assuring network defences are strengthened, and safeguarding critical assets in the face of an ever-evolving cyber threat landscape.
Read more »
Youtube
2FA Data Breach Emails Google Youtube

Google Fixes YouTube Security Flaw That Exposed User Emails

 



A critical security vulnerability in YouTube allowed attackers to uncover the email addresses of any account on the platform. Cybersecurity researchers discovered the flaw and reported it to Google, which promptly fixed the issue. While no known attacks exploited the vulnerability, the potential consequences could have been severe, especially for users who rely on anonymity.


How the Vulnerability Worked

The flaw was identified by researchers Brutecat and Nathan, as reported by BleepingComputer. It involved an internal identifier used within Google’s ecosystem, known as the Gaia ID. Every YouTube account has a unique Gaia ID, which links it to Google’s services.

The exploit worked by blocking a YouTube account and then accessing its Gaia ID through the live chat function. Once attackers retrieved this identifier, they found a way to trace it back to the account’s registered email address. This loophole could have exposed the contact details of millions of users without their knowledge.


Google’s Reaction and Fix

Google confirmed that the issue was present from September 2024 to February 2025. Once informed, the company swiftly implemented a fix to prevent further risk. Google assured users that there were no reports of major misuse but acknowledged that the vulnerability had the potential for harm.


Why This Was a Serious Threat

The exposure of email addresses poses various risks, including phishing attempts, hacking threats, and identity theft. This is particularly concerning for individuals who depend on anonymity, such as whistleblowers, journalists, and activists. If their private details were leaked, it could have led to real-world dangers, not just online harassment.

Businesses also faced risks, as malicious actors could have used this flaw to target official YouTube accounts, leading to scams, fraud, or reputational damage.


Lessons and Preventive Measures

The importance of strong security measures and rapid responses to discovered flaws cannot be emphasized more. Users are encouraged to take precautions, such as enabling two-factor authentication (2FA), using secure passwords, and being cautious of suspicious emails or login attempts.

Tech companies, including Google, must consistently audit security systems and respond quickly to any potential weaknesses.

Although the security flaw was patched before any confirmed incidents occurred, this event serves as a reminder of the omnipresent risks in the digital world. By staying informed and following security best practices, both users and companies can work towards a safer online experience.



Read more »
identity-based attacks
AI-driven cyberattacks Credential Theft Cyber Attacks Cybercrime economy Cybersecurity Threats identity-based attacks

Data Reveals Identity-Based Attacks Now Dominate Cybercrime

 

Cyberattacks are undergoing a significant transformation, shifting away from malware-driven methods toward identity exploitation. According to the CrowdStrike 2024 Global Threat Report, three out of four cyberattacks now leverage valid credentials instead of malicious software.

This change is fueled by the expanding cybercrime economy, where stolen identities are becoming as valuable as exploitable system vulnerabilities. A booming underground market for credentials, combined with AI-powered deception and automated phishing, is rendering traditional security measures ineffective.

“You may have really locked down environments for untrusted external threats, but as soon as you look like a legitimate user, you’ve got the keys to the kingdom,” said Elia Zaitsev, CTO at CrowdStrike. This shift presents a pressing challenge for enterprises: if attackers no longer need malware to infiltrate networks, how can they be stopped?

The CrowdStrike report also highlights the speed at which attackers escalate privileges once inside a network. The fastest recorded eCrime breakout time—the duration between initial access and lateral movement—was just 2 minutes and 7 seconds.

Traditional security models that focus on malware detection or manual threat investigation are struggling to keep up. In identity-driven attacks, there are no suspicious payloads to analyze—just adversaries impersonating authorized users. This has led to a rise in living-off-the-land techniques, where attackers use built-in system tools to evade detection. Instead of deploying custom malware, they exploit legitimate credentials and remote monitoring tools to blend seamlessly into network activity.

A key challenge outlined in the 2024 Global Threat Report is the expansion of identity attacks beyond a single environment. Cybercriminals now utilize stolen credentials to move laterally across on-premises, cloud, and SaaS environments, making detection even more difficult.

Jim Guinn, a cybersecurity leader at EY, explained this evolving strategy: “You have to get in, and you have to be able to laterally move throughout the network, which means you have some level of access. And access requires identity.”

Guinn also emphasized the growing role of nation-state actors, who infiltrate networks months or even years in advance, waiting for the right moment to launch an attack.

For companies that still treat endpoint security, cloud security, and identity protection as separate entities, this shift presents a major challenge. Attackers increasingly pivot between these environments, making detection and prevention even more complex.

“The moment that man created AI, he also created a way for bad actors to use AI against you,” Guinn noted. “They're creating a quicker way to get to a set of targets that cybercriminals can use, and they're creating code bases and ways to manipulate users' credentials faster than the human can think about it.”

With identity-based attacks outpacing traditional security defenses, organizations are rethinking their cybersecurity strategies.

One crucial change is the adoption of continuous identity verification. Historically, authentication has been a one-time process, where users log in and remain trusted indefinitely. However, as attackers increasingly impersonate legitimate users, companies are implementing real-time behavioral monitoring to detect anomalies.

Another key adaptation is just-in-time privileges, where employees are granted administrative access only when required—and revoked immediately afterward—to minimize risk.

“We're bringing all that to bear,” Zaitsev explained. “We are taking that cross-domain, multi-domain visibility approach, unifying it all, and then, of course, also focusing heavily on continuous detection, prevention, and response.”

Guinn shared a compelling example of an organization recognizing the importance of identity security. “One of their senior executives said, ‘I think the only reason we haven’t really had a breach—like a significant breach—is because we have multi-factor authentication for our user credentials.’”

The CrowdStrike 2024 Global Threat Report underscores a fundamental shift in cybersecurity: identity, not malware, is the new battleground. Attackers no longer rely on complex exploits or hidden backdoors when they can buy access credentials, phish an employee, or manipulate AI-driven authentication systems.

Simply put, without access to valid credentials, cybercriminals are powerless. This makes identity security the core of modern cybersecurity strategies.

As organizations adapt to this evolving threat landscape, one thing is clear: failing to prioritize identity security leaves businesses vulnerable to adversaries who no longer need to break in—they already have the keys.
Read more »
Ransomware
Credential Theft Cyber Attacks Healthcare Ransomware

Healthcare Sector Faces Highest Risk in Third-Party Cyber Attacks

 



Cybersecurity experts have identified the healthcare industry as the most frequently targeted sector for third-party breaches in 2024, with 41.2% of such incidents affecting medical institutions. This highlights a critical need for improved security measures across healthcare networks.


The Growing Threat of Unnoticed Cyber Breaches  

A recent cybersecurity study warns of the increasing risk posed by “silent breaches.” These attacks remain undetected for extended periods, allowing hackers to infiltrate systems through trusted third-party vendors. Such breaches have had severe consequences in multiple industries, demonstrating the dangers of an interconnected digital infrastructure.

Research from Black Kite’s intelligence team examined cybersecurity incidents from regulatory disclosures and public reports, revealing an alarming rise in sophisticated cyber threats. The findings emphasize the importance of strong third-party risk management to prevent security lapses.


Why Healthcare is at Greater Risk  

Several factors contribute to the vulnerability of healthcare institutions. Medical records contain highly valuable personal and financial data, making them prime targets for cybercriminals. Additionally, the healthcare sector relies heavily on external vendors for essential operations, increasing its exposure to supply chain weaknesses. Many institutions also struggle with outdated security infrastructures, further amplifying risks.

Encouragingly, the study found that 62.5% of healthcare vendors improved their security standards following a cyber incident. Regulatory requirements, such as HIPAA compliance, have played a role in compelling organizations to enhance their cybersecurity frameworks.


Major Findings from the Report

The study highlights key security challenges that organizations faced in 2024:

1. Unauthorized Access to Systems: More than half of third-party breaches involved unauthorized access, underscoring the need for stronger access control measures.

2. Ransomware Attacks on the Rise: Ransomware remained a leading method used by cybercriminals, responsible for 66.7% of reported incidents. Attackers frequently exploit vendor-related weaknesses to maximize impact.

3. Software Vulnerabilities as Entry Points: Cybercriminals took advantage of unpatched or misconfigured software, including newly discovered weaknesses, to infiltrate networks.

4. Credential Theft Increasing: About 8% of attacks involved stolen or misused credentials, highlighting the necessity of robust authentication methods, such as multi-factor authentication.

5. Targeting of Software Vendors: A major 25% of breaches were linked to software providers, reflecting an increased focus on exploiting weaknesses in the software supply chain.


With organizations becoming increasingly reliant on digital tools and cloud-based systems, cyber risks continue to escalate. A single vulnerability in a widely used platform can trigger large-scale security incidents. 

To mitigate risks, businesses must adopt proactive strategies, such as continuous monitoring, prompt software updates, and stricter access controls. Strengthening third-party security practices is essential to minimizing the likelihood of breaches and ensuring the safety of sensitive data.

The healthcare sector, given its heightened exposure, must prioritize comprehensive security measures to reduce the impact of future breaches.



Read more »
DeepSeek
AI Models AI technology AI Threat China Cyber Security Data Mining Data Privacy data security DeepSeek

DeepSeek AI Raises Data Security Concerns Amid Ties to China

 

The launch of DeepSeek AI has created waves in the tech world, offering powerful artificial intelligence models at a fraction of the cost compared to established players like OpenAI and Google. 

However, its rapid rise in popularity has also sparked serious concerns about data security, with critics drawing comparisons to TikTok and its ties to China. Government officials and cybersecurity experts warn that the open-source AI assistant could pose a significant risk to American users. 

On Thursday, two U.S. lawmakers announced plans to introduce legislation banning DeepSeek from all government devices, citing fears that the Chinese Communist Party (CCP) could access sensitive data collected by the app. This move follows similar actions in Australia and several U.S. states, with New York recently enacting a statewide ban on government systems. 

The growing concern stems from China’s data laws, which require companies to share user information with the government upon request. Like TikTok, DeepSeek’s data could be mined for intelligence purposes or even used to push disinformation campaigns. Although the AI app is the current focus of security conversations, experts say that the risks extend beyond any single model, and users should exercise caution with all AI systems. 

Unlike social media platforms that users can consciously avoid, AI models like DeepSeek are more difficult to track. Dimitri Sirota, CEO of BigID, a cybersecurity company specializing in AI security compliance, points out that many companies already use multiple AI models, often switching between them without users’ knowledge. This fluidity makes it challenging to control where sensitive data might end up. 

Kelcey Morgan, senior manager of product management at Rapid7, emphasizes that businesses and individuals should take a broad approach to AI security. Instead of focusing solely on DeepSeek, companies should develop comprehensive practices to protect their data, regardless of the latest AI trend. The potential for China to use DeepSeek’s data for intelligence is not far-fetched, according to cybersecurity experts. 

With significant computing power and data processing capabilities, the CCP could combine information from multiple sources to create detailed profiles of American users. Though this might not seem urgent now, experts warn that today’s young, casual users could grow into influential figures worth targeting in the future. 

To stay safe, experts advise treating AI interactions with the same caution as any online activity. Users should avoid sharing sensitive information, be skeptical of unusual questions, and thoroughly review an app’s terms and conditions. Ultimately, staying informed and vigilant about where and how data is shared will be critical as AI technologies continue to evolve and become more integrated into everyday life.
Read more »
Subscribe to: Posts (Atom)