Microsoft Busts Hackers Selling Illegal Azure AI Access

LLMjacking operation leveraged illicit access GenAI services to produce explicit celebrity images and other harmful content, Microsoft's digital crimes unit says.

US Soldier Intends to Admit Hacking 15 Telecom Carriers

The federal government views the defendant as a flight risk and danger to the community due to his ability to access sensitive and private information.

Targeted by Ransomware, Middle East Banks Shore Up Security

As the UAE financial sector finished up its annual cyberattack exercise, its worries about ransomware compromises and geopolitical attacks are on the rise.

Cleveland Municipal Court Remains Closed After Cyber Incident

No details yet on what forced the court to shut down affected systems and halt operations as of late Feb. 23.

Nakivo Fixes Critical Flaw in Backup & Replication Tool

The vendor's products fall in a category that ransomware operators like to target to circumvent victims' ability to recover from a successful attack.

Microsoft Rolls Out Fresh Outlook Fix After Faulty Windows Update

Windows 11 users can deploy a workaround or await the update rollout.

Water Utility Co. Still Paying the Breach Price a Year Later

The UK's Southern Water has been forced to shell out millions due to a Black Basta cyberattack, and it has come to light that the total could include a ransom payment.

'Silver Fox' APT Skirts Windows Blocklist in BYOVD Attack

There's an untapped universe of exploitable drivers in the wild today. By exploiting just one of them, attackers were able to defeat security tools and infect Asian citizens with Gh0stRAT.

Name That Toon: Ka-Ching!

Feeling creative? Have something to say about cybersecurity? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

AI Tricksters Spin Up Fake DeepSeek Sites to Steal Crypto

The fake websites trick users into downloading and running malware that searches for personal information, especially anything related to crypto currency.

Max Severity RCE Vuln in All Versions of MITRE Caldera

In the wrong hands, the popular red-teaming tool can be made to access networks, escalate privileges, conduct reconnaissance, and disguise malicious activity as a simulated exercise.

North Korea's Lazarus Pulls Off Biggest Crypto Heist in History

Cyberattackers believed to be affiliated with the state-sponsored threat group pulled off the largest crypto heist reported to date, stealing $1.5 billion from exchange Bybit. It was carried out by interfering with a routine transfer between wallets.

Australia Latest Domino to Fall in Gov't Kaspersky Bans

This move comes less than a year after the United States banned Kaspersky products, out of the same fear that the company is under Russian government control.

Could the Plot of Netflix's 'Zero Day' Occur IRL?

A new streaming series about a catastrophic, nationwide cyberattack against US critical infrastructure is about as believable as its main character: an honest, bipartisan, universally beloved politician.

How APT Naming Conventions Make Us Less Safe

Only by addressing the inefficiencies of current naming conventions can we create a safer, more resilient landscape for all defenders.

Thailand Targets Cyber Sweatshops to Free 1,000s of Captives

Thai police said it was expecting to soon welcome 7,000 human trafficking victims, forced to work on cybercrime scams in call centers in Mynmar, in a first wave of people being freed from captivity.

Black Basta Goes Dark Amid Infighting, Chat Leaks Show

One of 2024's most active ransomware outfits has been asleep through early 2025, thanks to reality-show-style, behind-the-scenes drama.

Cisco Confirms Salt Typhoon Exploitation in Telecom Hits

In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using stolen login credentials for initial access.

Nations Open 'Data Embassies' to Protect Critical Info

Estonia and Monaco back up their citizens' information to a data center in Luxembourg, while Singapore looks to India as its safe haven for data. But geopolitical challenges remain.

4 Low-Cost Ways to Defend Your Organization Against Deepfakes

Every organization should be exploring a layered approach in which artificial and human intelligences come together to form a rich, dynamic, and multifaceted deepfake defense strategy tailored to its needs.

Data Suggests It's Time to Rethink Cloud Permissions

Excessive privileges and visibility gaps create a breeding ground for cyber threats.

Ghost Ransomware Targets Orgs in 70+ Countries

The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups.

Google Adds Quantum-Resistant Digital Signatures to Cloud KMS

The new Cloud Key Management Service is part of Google’s new roadmap for implementing the new NIST-based post-quantum cryptography (PQC) standards.

Content Credentials Show Promise, But Ecosystem Still Young

While AI-generation services and major camera makers are adopting the specification for digitally signed metadata, creating a workflow around the nascent ecosystem is still a challenge.

Australian Critical Infrastructure Faces 'Acute' Foreign Threats

The continent faces "relentless" military espionage, and increased cyber sabotage at the hands of authoritarian regimes, according to a high-ranking intelligence director.

Insight Partners, VC Giant, Falls to Social Engineering

The startup incubator and PR firm with holdings in more than 70 cybersecurity firms has announced a data breach with as-yet-unknown effects.

Russian Groups Target Signal Messenger in Spy Campaign

These sorts of attacks reveal growing adversary interest in secure messaging apps used by high-value targets for communication, Google says.

SANS Institute Launches AI Cybersecurity Hackathon

China-Linked Threat Group Targets Japanese Orgs' Servers

Winnti once used a variety of malware, but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access.

Microsoft: New Variant of macOS Threat XCSSET Spotted in the Wild

Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.

Introducing enQase for Quantum-Safe Security

This Security Firm's 'Bias' Is Also Its Superpower

Credible Security's founders bring their varied experiences to help growing companies turn trust into a strategic advantage.

Warning: Tunnel of Love Leads to Scams

Romance-baiting losses were up 40% last year, as more and more pig-butchering efforts crop up in the wild.

CyberArk Makes Identity Security Play With Zilla Acquisition

CyberArk announced the Zilla deal on the same day leading identity and access governance provider SailPoint returned to the public markets.

Roundtable: Is DOGE Flouting Cybersecurity for US Data?

Cybersecurity experts weigh in on the red flags flying around the new Department of Government Efficiency's handling of the mountains of US data it now has access to, potentially without basic information security protections in place.

Chinese APT 'Emperor Dragonfly' Moonlights With Ransomware

Pivoting from prior cyber espionage, the threat group deployed its backdoor tool set to ultimately push out RA World malware, demanding $2 million from its victim.

Japan Goes on Offense With New 'Active Cyber Defense' Bill

Japan is on a mission to catch up to the US standard of national cyber preparedness, and its new legislation is a measure intended to stop escalating Chinese cyber-espionage efforts, experts say.

President Trump to Nominate Former RNC Official as National Cyber Director

Sean Cairncross will be one of the primary advisers to the administration on national cybersecurity matters.

Feds Sanction Russian Hosting Provider for Supporting LockBit Attacks

US, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang.

Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally

Sandworm (aka Seashell Blizzard) has an initial access wing called "BadPilot" that uses standard intrusion tactics to spread Russia's tendrils around the world.

India's Cybercrime Problems Grow as Nation Digitizes

More than half of attacks on Indian businesses come from outside the country, while 45% of those targeting consumers come from Cambodia, Myanmar, and Laos.

Microsoft's February Patch a Lighter Lift Than January's

But there's plenty in it — including two zero-days — that need immediate attention.

Apple Releases Urgent Patch for USB Vulnerability

The vulnerability could allow a threat actor to disable the security feature on a locked device and gain access to user data.

CISA Places Election Security Staffers on Leave

The staffers were tasked with building relationships on the ground across the country in local election jurisdictions, teaching election officials tactics on mitigating cyber threats, cyber hygiene, combating misinformation and foreign influence, and more.

XE Group Shifts From Card Skimming to Supply Chain Attacks

The likely Vietnam-based threat actor has been using two zero-days in VeraCore's warehouse management software in some of its latest cyberattacks.

Guilty Plea in Hacking of the SEC's X Account That Caused Bitcoin Value Spike

Newspaper Giant Lee Enterprises Reels From Cyberattack

The newspaper company expects the investigation to take some time, but said in an SEC filing that it has not yet identified any material impact.

Analyst Burnout Is an Advanced Persistent Threat

For too long, we've treated our analysts as mere cogs in a machine, expecting them to conform to the limitations of our tools and processes. It's time to revolutionize security operations.

Magecart Attackers Abuse Google Ad Tool to Steal Data

Attackers are smuggling payment card-skimming malicious code into checkout pages on Magento-based e-commerce sites by abusing the Google Tag Manager ad tool.

2024 Breaks Records With Highest Ever Ransomware Attacks

Databarracks Launches Air Gap Recover

Google's DMARC Push Pays Off, but Email Security Challenges Remain

A year after Google and Yahoo started requiring DMARC, the adoption rate of the email authentication specification has doubled; and yet, 87% of domains remain unprotected.

US Cybersecurity Efforts for Spacecraft Are Up in the Air

While President Trump supported federal space efforts during his first administration, the addition of SpaceX chief Elon Musk to his circle likely means challenges for regulating spacecraft cybersecurity, experts say.

Researcher Outsmarts, Jailbreaks OpenAI's New o3-mini

OpenAI's latest tech can reason better than its previous models could, but not well enough to ferret out careful social engineering.

DeepSeek Phishing Sites Pursue User Data, Crypto Wallets

Riding the wave of notoriety from the Chinese company's R1 AT chatbot, attackers are spinning up lookalike sites for different malicious use cases.

Agencies Sound Alarm on Patient Monitors With Hardcoded Backdoor

CISA and the FDA are warning that Contec CMS8000 and Epsimed MN-120 patient monitors are open to meddling and data theft; Claroty Team82 flagged the vulnerability as an avoidable insecure design issue.

The Cyber Savanna: A Rigged Race You Can't Win, but Must Run Anyway

When it comes to protecting your company from cyberattacks, you don't have to be the fastest gazelle — you just can't afford to be the slowest.

Basket of Bank Trojans Defraud Citizens of East India

Cheap banking scams are often easier to pull off in a country with older devices, fewer regulations, and experienced fraudsters.

Abandoned AWS Cloud Storage: A Major Cyberattack Vector

New research highlights how bad actors could abuse deleted AWS S3 buckets to create all sorts of mayhem, including a SolarWinds-style supply chain attack.

Why Cybersecurity Needs Probability — Not Predictions

While probabilities may be based on subjective information, when used in an objective framework, they demonstrate an effective way to improve the value of hard decisions.

Ferret Malware Added to 'Contagious Interview' Campaign

Targets are lured into a fake interview process that convinces them to download malware needed for a virtual interview.

Cybercriminals Court Traitorous Insiders via Ransom Notes

Ransomware actors are offering individuals millions to turn on their employers and divulge private company information, in a brand-new cybercrime tactic.

Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud

Funnull CDN rents IPs from legitimate cloud service providers and uses them to host criminal websites, continuously cycling cloud resources in and out of use and acquiring new ones to stay ahead of cyber-defender detection.

AI Malware Dressed Up as DeepSeek Packages Lurk in PyPi

Adversaries looking to ride the DeepSeek interest wave are taking advantage of developers in a rush to deploy the new technology, by using AI-generated malware against them.

Ransomware Groups Weathered Raids, Profited in 2024

Cybercriminals posted nearly 6,000 breaches to data-leak sites last year — and despite significant takedowns, continued to thrive in a record-breaking year for ransomware.

Black Hat USA 2024 Highlights

Check out all the highlights from Black Hat USA 2024 at the Mandalay Bay in Las Vegas. Visit our Flickr page for the event photos: https://ift.tt/MPRfUXq #cybersecurity #infosec #blackhat

Proactive Vulnerability Management for Engineering Success

By integrating security into CI/CD, applying automated policies, and supporting developers with the right processes and tools, infosec teams can increase efficiency and build secure software.