February 1, 2024 at 03:56PM A Russian advanced persistent threat (APT) group, believed to be related to Shuckworm, has initiated a targeted PowerShell attack campaign against the Ukrainian military using a newly discovered backdoor, STEADY#URSA. The attackers employ various evasion and obfuscation techniques, and their approach involves distributing malicious payloads through phishing emails and USB … Read more
February 1, 2024 at 03:35PM China is rapidly enhancing its military, including cyber operations, to deter and confront the United States. Chinese cyberattackers are increasingly targeting critical infrastructure, indicating a strategic shift in tactics. US officials and experts are deeply concerned about China’s disruptive cyber activities and the increasing difficulty in detecting these attacks. This … Read more
February 1, 2024 at 02:11PM CERT-UA warns about the PurpleFox malware infecting over 2,000 computers in Ukraine. The malware, first seen in 2018, has evolved to switch to using WebSocket for stealthy command and control communications. CERT-UA provides detailed information on how to locate and remove the malware and recommends measures to prevent further spreading. … Read more
February 1, 2024 at 01:53PM Gartner predicts that cyber attacks using AI-generated deepfakes will cause doubt in the effectiveness of facial biometrics for identity verification. Deepfakes pose a challenge for security systems that rely on facial recognition and liveness detection, requiring additional layers of security. This could include verifying device information and using AI to … Read more
February 1, 2024 at 10:09AM The Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) is a significant nudge for companies in the defense industrial base and critical infrastructure to enhance cybersecurity. However, achieving CMMC compliance alone may not safeguard against sophisticated threats such as China’s PLA Unit 61398. To truly protect against cyber threats, companies … Read more
February 1, 2024 at 03:33AM Mandiant, owned by Google, reported identifying new malware used by espionage threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. The malware includes web shells like BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE, enabling arbitrary command execution and data exfiltration. Ivanti has disclosed and fixed security … Read more
January 31, 2024 at 12:17PM Volt Typhoon, a Chinese-government-backed cyberespionage group, has been targeting US energy, satellite, and telecommunications systems, according to security firm Dragos’ CEO Robert Lee. The group’s tactics, which include a slow and strategic approach, have raised concerns about potential disruptions to critical infrastructure. Lee also highlighted the threat posed by the … Read more
January 31, 2024 at 11:15AM CISA and the FBI have issued a warning to small office/home office (SOHO) router manufacturers to enhance security against attacks by Chinese state-backed hacking group Volt Typhoon. The agencies urge eliminating vulnerabilities, automating security updates, and safeguarding against Volt Typhoon activity. This follows ongoing attacks targeting U.S. critical infrastructure organizations … Read more
January 31, 2024 at 07:42AM Summary: Publicly traded organizations must comply with the SEC incident disclosure regulations by reporting cyber incidents deemed “material” within four business days. The new rules stress the importance of well-practiced IR programs and comprehensive cyber IR plans. However, traditional IR simulations can be challenging and costly, prompting the need for … Read more
January 30, 2024 at 08:23AM The Cyber Claims Report observes the evolving nature of cyber threats, particularly ransomware. In 1H 2023, ransomware frequency increased by 27% from 2H 2022, with an average loss of over $365,000 and an average ransom demand of $1.62 million. Businesses with more than $100 million in revenue were hit the … Read more