November 4, 2024 at 10:39PM SOC teams aim to enhance cybersecurity by breaking data silos and integrating tools into a unified platform, leveraging AI for faster threat response. Key technologies to explore include AI, zero-trust architectures, and identity management. Utilizing managed services can optimize resources, while a comprehensive platform approach ensures effective risk mitigation and … Read more
October 26, 2024 at 12:25AM The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a malicious email campaign targeting government and military bodies, linked to the Russian hacking group APT29. These emails use fake AWS domains to deploy Remote Desktop Protocol files for unauthorized access. CERT-UA also reports multiple ongoing cyber threats against Ukraine. … Read more
September 30, 2024 at 03:23PM The FCC settled with T-Mobile for $31.5 million over data breaches compromising millions of U.S. consumers’ personal information. T-Mobile is required to invest $15.75 million in cybersecurity, pay a civil penalty, and implement enhanced security measures. The FCC emphasizes the importance of strong cybersecurity protections for consumer data and has … Read more
September 26, 2024 at 12:35AM A threat actor known as “SloppyLemming,” identified as an advanced persistent threat (APT) by Crowdstrike, is conducting espionage against government and law enforcement targets in the Indian subcontinent. They utilize Cloudflare Worker cloud services and various tools in phishing attack chains for credential harvesting and email compromise, targeting sensitive organizations … Read more
August 14, 2024 at 02:53PM Zimperium and Okta’s collaboration marks a milestone in mobile security, integrating Zimperium Mobile Threat Defense with Okta Identity Threat Protection. This partnership enables continuous risk monitoring and automated threat response, upholding a zero trust framework. The integration empowers organizations with real-time threat intelligence, comprehensive mobile threat protection, and stronger zero-trust … Read more
June 24, 2024 at 10:03AM The recent settlement between the US Securities and Exchange Commission (SEC) and Intercontinental Exchange Inc. (ICE) emphasizes cybersecurity and corporate accountability issues. The severe cyberattack on ICE’s subsidiary exposed sensitive information and highlighted inadequate cybersecurity measures. The SEC’s proactive investigation and the $10 million settlement underscore the need for robust … Read more
May 31, 2024 at 11:15AM A month-long phishing campaign by the Russia-aligned threat actor group FlyingYeti used a WinRAR vulnerability to deliver the Cookbox malware to Ukrainian citizens. The attack aimed to exploit financial distress following the lifting of a government moratorium on evictions and utility disconnections. Cloudforce One recommended security measures to mitigate potential … Read more
May 28, 2024 at 11:02AM Over 90 malicious mobile apps, including the Anatsa banking Trojan, have been downloaded over 5.5M times from the Google Play store. These apps act as decoys and spread various malware. The Anatsa Trojan uses evasive tactics to steal sensitive banking credentials, primarily targeting Android users in Europe but expanding globally. … Read more
May 16, 2024 at 09:38AM Microsoft Threat Intelligence revealed that a financially motivated threat actor, Storm-1811, is conducting a vishing campaign using Quick Assist for remote access, posing as trusted contacts. The attacker delivers Black Basta ransomware and additional malware through various means, emphasizing the need for vigilance and user education to combat social engineering … Read more
March 13, 2024 at 10:45AM The White House has released a $7.3 trillion budget proposal for fiscal year 2025, emphasizing increased cybersecurity spending. This includes specific allocations such as $13 billion across civilian departments, $3 billion for the cybersecurity agency CISA, and additional funding for the Justice Department and healthcare sector. The budget also addresses … Read more