November 30, 2025
Dark Light
Search

Blog Post

Cyber Intelligence > Cybersecurity
Tony Glover
Analysis European Union Government
0
17

Corruption allegations overshadow EU cyber rulings

The European Union (EU) has adopted its first Cybersecurity Certificate scheme to boost cybersecurity in products and services sold within the EU states, amid ongoing investigations of alleged corruption in Brussels.

The European Cybersecurity Scheme on Common Criteria (EUCC) drafted by the European Union Agency for Cybersecurity (ENISA) was adopted on Wednesday as the first scheme within the EU cybersecurity certification framework. ENISA is also already developing two additional cybersecurity certification schemes: EUCS on cloud services and EU5G on 5G security.

But the announcement coincided with another press release published by the EU on the same day. On Wednesday, Jan 31st, 2024, the Committee on Civil Liberties also endorsed the draft negotiating mandate for stronger rules against corrupt decision-makers across all levels in the EU. Members of the European Parliament (MEPs) amended the draft anti-corruption provisions to cover “any person entrusted with tasks of public interest or in charge of a public service”, with top EU decision-makers, European Commissioners, the President of the European Council and MEPs to be added to the category of “high-level officials” who will now be subjected to more severe rules than in the past.

Read More
admin
Uncategorized
0
20

Telegram: The New “Epicenter for Cybercrime” – February 1st

A report released by cybersecurity researchers at Guardio Labs called attention to the emergence of Telegram as the ‘epicenter for cybercrime’.

The Guardio researchers attribute the rise of Telegram for cybercrime to the “democratization” of the phishing ecosystem enabled by the messaging platform, allowing threat actors to initiate a mass attack for as low as $230.

Read More
Editorial Team
cybercrime News sextortion
0
22

Sextortion racket triggers US youth suicides

Financial sextortion is now the most rapidly growing crime targeting American, Canadian, and Australian youth. The US Federal Bureau of Investigation (FBI) has called it: “a global crisis that demands everyone’s attention” – having observed a one thousand percent increase in financial sextortion incidents over the last 18 months.

In a December 2023 hearing, FBI Director Wray warned Congress that sextortion is “a rapidly escalating threat,” and teenage victims “don’t know where to turn.” 

Almost all this activity is linked to West African cybercriminals known as the “Yahoo Boys”, who primarily target English-speaking minors and young adults on the online social networks: Instagram, Snapchat, and Wizz, according to the Network Contagion Research Institute (NCRI) report, “A Digital Pandemic: Uncovering the role of ‘Yahoo Boys’ in the Surge of Social Media-enabled Financial Sextortion Targeting Minors.

Read More
admin
News One Minute Roundup
0
10

Schneider Electric Confirms Data Breach from Ransomware Attack – January 31st

Schneider Electric announced that they were hit by a ransomware attack on January 17th, resulting in a data breach exposing their customer’s information. The ‘Cactus’ ransomware group claimed the ransomware attack.

Schneider has since informed the affected customers of the breach, which include Hilton, Pepsico, and Walmart. The attack also caused Schneider to shut down several division-specific systems.

Read More
admin
News One Minute Roundup
0
20

Critical Sectors Faced 13 Cyber Attacks per Second in 2023 – January 30th

A Forescout Research – Vedere Labs report disclosed that over 420 million attacks were recorded between January and December 2023 in the medical, power, communications, waste, manufacturing, and transportation equipment sectors, amounting to 13 attacks per second.

Forescout’s report “2023 Global Threat Roundup” states that despite the ongoing surge in cyber attacks, the cybersecurity landscape remains optimistic considering proceedingly enhanced visibility and proactive defense strategies in the affected sectors.

Read More
Editorial Team
Analysis cybercrime Supply Chain
0
25

Supply-chain attacks impacted 54m victims in 2023

Last year saw exponential growth in the number of organizations impacted by supply-chain attacks, although the increase in the number of organizations targeted has remained slow. According to the 2023 data breach report from the Identity Theft Resource Center (ITRC) the number of organizations impacted has surged by more than 2,600 percent since 2018, affecting over 54 million victims.

“We must acknowledge the significant impact of Supply Chain Attacks and their effect on all organizations. A single supply chain attack can directly or indirectly impact hundreds or thousands of businesses that rely on the same vendor,” warns the ITRC.

While supply chain attacks have been around for many years, the ability to automate and launch the attacks at scale accelerated in 2018. The MOVEit attack last year shows the scope and scale a Supply Chain Attack can have. According to the report, 102 entities were directly impacted by threat actors exploiting a MOVEit product. However, 1,271 organizations were indirectly affected when information stored in or accessed by a MOVEit product or service was compromised via a vendor or vendors.

Read More
Editorial Team
AI News Trends
0
31

Businesses turn their back on GenAI

The reaction of businesses to the introduction of generative AI (GenAI) in the year since the launch of Microsoft-backed ChatGPT is one of increasing suspicion and disappointment.

Over one in four organizations have banned the use of GenAI outright. The majority of companies are now also refusing to trust a technology that has already gained a reputation for making errors and even entirely fabricating information, a failing that is referred to as “hallucinating”.

According to Cisco’s newly-released 2024 Data Privacy Benchmark Study, 68 percent of organizations mistrust GenAI because it gets results wrong and 69 percent also believe it could hurt their company’s legal rights. The study draws on responses from 2,600 privacy and security professionals across 12 geographies. 

Read More
Editorial Team
Cyber Budget cybercrime News
0
14

Budget shortfalls power cybercrime surge

Over half of all companies worldwide quote inadequate cybersecurity budgets as a key factor underpinning a dramatic rise in global cybercrime in the first three quarters of 2023.

According to a survey of almost 2,000 cybersecurity practitioners worldwide undertaken by the Ponemon Institute and commissioned by cybersecurity firm Barracuda:  “There are a number of common factors that contribute to organizations’ exposable security postures. These include significant IT security budget shortfalls, a general lack of consistent enterprise-wide security policies and programs, ineffective (or no) incident response plans, and an inability to protect against automated security attacks criminals create using generative AI technology.”

Fifty-five percent of respondents quoted inadequate IT security budgets as the chief cause of their growing vulnerability to cyber-attacks. A further  42 percent highlighted inadequate enterprise-wide security policies and programs. A lack of inventory of third parties with access to sensitive and confidential data adversely impacted 38 percent. Another key factor is a lack of support from senior leadership, with 25 percent of respondents saying that management teams fail to regard cyberattacks as a significant risk.

Read More
admin
News One Minute Roundup
0
14

Exfiltrated Info Automatically Spread on Discord Bot Channel – January 23rd

On an analysis published by Trellix security researcher Gurumoorthi Ramanathan, the “NS-STEALER” malware distributed via a hidden ZIP file could lead to captured data automatically displayed on the Discord bot channel “EventListener”.

The hidden malware “NS-STEALER” when deployed onto a user’s system, can automatically collect screenshots, cookies, credentials, autofill data, and system information from web browsers.

Read More
Editorial Team
Cyber Espionage Hacktivism News
0
17

Iran targets Western journalists

Hackers with close ties to the intelligence arm of Iran’s military, the Islamic Revolutionary Guard, are now personally targeting journalists, professors, and researchers. According to Microsoft, which detected the new activity, Iran is anxious to gather information on the entire range of Western views regarding the ongoing conflict in the Middle East.

“Based on the identities of the targets observed in this campaign and the use of lures related to the Israel-Hamas war, this campaign may be an attempt to gather perspectives on events related to the war from individuals across the ideological spectrum,” says Microsoft.

The Iran-backed hackers, known as Mint Sandstorm, a composite name used to describe several subgroups of activity with ties to the Islamic Revolutionary Guard, use a range of new techniques. For example, the hackers use legitimate but compromised email accounts to conduct highly planned phishing attacks against key journalists.

Read More
admin
News One Minute Roundup
0
17

Russia-Backed Hackers Infiltrate Microsoft’s Corporate Email System – January 22nd

Microsoft announced on a blog post that the email intrusion attack began in November 2023 and was discovered on January 12th, 2024. Microsoft deduced that the attack originated from a Russian nation-state hacking group.

The Microsoft blog post stated the attack gained access to a small percentage of Microsoft corporate email accounts, consisting of Microsoft leadership, security, and IT team members. The incident is still under investigation and reported to the SEC, Microsoft vowed to take any further necessary action while being as transparent as possible.

Read More
Editorial Team
Breaking News Business Email Compromise News
0
27

Third-Party Attacks on the Rise

Criminal gangs are exploiting a new “side door” into organizations via connected third-party applications including everything from calendars to creative tools. Thwarted by the recent success of anti-phishing cybersecurity and aided by artificial intelligence (AI), criminal gangs are now compromising email accounts through third-party attacks.

“Third-party applications connected to the email environment are being exploited, and organizations are making the lives of bad actors easier as they continue to connect more applications with high-risk permissions. Application overload is a common and dangerous trend,” says cybersecurity firm Abnormal Security.

Abnormal Security believes that, although vulnerabilities in third-party software accounted for 13% of all breaches in 2022, costing organizations an average of US$4.55 million per incident, the problem has since worsened considerably. It quotes a recent vendor email compromise (VEC) attack that almost netted the criminals US$36 million, although most VEC attacks target less than US$150,000.

Read More
admin
News One Minute Roundup
0
7

Cybersecurity Experts Question ‘Cyber Scam Warning’ Effectiveness – January 19th

The concern of official cyber scam warnings potentially being ineffective was raised by cybersecurity firms, Praxis Labs, eSentire, stemming from Dubai and Ghana cyber and law enforcement agency reports.

After multiple cyber scam warnings issued by the Dubai Police and the Cyber Security Authority of Ghana, reports of victims continuously poured in for these “search engine scams”. Following the incidents, researchers at Praxis Labs and eSentire released statements on human behavior corresponding to cyber, by being on “default mode” and for search engines, the issuance of “implicit trust”.

Read More
admin
News One Minute Roundup
0
11

JP Morgan Chase Combats 45 Billion Cyber Attacks Daily – January 18th

On Wednesday, January 17th, JPMorgan Chase’s asset and wealth management division head, Mary Callahan Erdoes, said during the World Economic Forum in Davos that the firm faces a staggering 45 billion breach attempts daily.

Mary explained on a panel session that they have more security engineers than Google and Amazon, out of necessity, as threat actors increasingly get “smarter, savvier, quicker, more devious and mischievous.”

Read More
Tony Glover
Geopolitics Malicious Bots News
0
19

Geopolitical tensions fuel botnet boom

Recent weeks have seen an exponential rise in malicious botnets performing reconnaissance scanning to scout out victims. According to researchers at cybersecurity firm Netscout, the number of potentially compromised devices rose from around 10,000 to roughly 144,000 over December, with no sign of the trend letting up.

“The trend continued into the new year, with the largest spikes occurring on January 5 and 6, eclipsing one million distinct devices. The levels reached an unprecedented 1,294,416 on the 5th,” reports Netscout.

The Netscout researchers say that this increased malicious scanning has been isolated to five key countries: The United States, China, Vietnam, Taiwan, and Russia. All have seen a rise in attackers using cheap or free cloud and hosting servers to create botnet launch pads.

Read More
admin
News One Minute Roundup
0
14

CISA and FBI Release IOCs Associated with Androxgh0st Malware – January 17th

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory (CSA) containing the Indicators of Compromise (IOC) associated with the Androxgh0st malware.

The joint CSA also contained the dangerous Androxgh0st malware tactics, techniques, and procedures associated with the malware’s threat actors. The malware establishes a botnet for victim identification, exploits vulnerable networks, targets the theft of sensitive data, and may lead to remote code execution.

Read More
admin
News One Minute Roundup
0
12

77% of CEOs Believe AI More Risk Than Reward in Cyber – January 16th

Despite the hype of AI in cybersecurity, a PwC survey revealed that 77% of CEOs still believe AI increases the risk of breaches rather than boosts cybersecurity.

The PwC survey interviewed 4,700 executives globally, the majority of whom are CEOs. The survey also found that 63% of respondents believed AI to be a misinformation risk, causing a barrier for legal and reputational damage stemming from generative AI.

Read More
Tony Glover
Climate Hacktivism News
0
14

‘Hacktivists’ target environmental services

Politically-motivated hacking, known as ‘hacktivism’, is now on the rise across large sections of the globe. Politically motivated groups are increasingly attacking their enemies with primitive but effective distributed denial-of-service (DDoS) attacks, which involve overwhelming the target’s servers with vast volumes of internet traffic.

But, according to cybersecurity firm Cloudflare’s DDoS Threat Report, the organizations being targeted most are environmental agencies pursuing green agendas such as Net Zero. While Cloudflare reported an overall increase of 117 percent in DDoS attacks around Black Friday and the holiday season, DDoS attacks on environmental agencies have soared over sixty-thousand-fold over the same period.

Read More
Tony Glover
Data Leak Finance News
0
17

FNF hack exposes 1.3m customer details

US real estate financial services fat cat, Fidelity National Financial (FNF), has revealed details of a cybersecurity breach that occurred in November, exposing the details of 1.3 million customers. An updated filing to the US Securities and Exchange Commission (SEC) claims the attack, which occurred on November 19, 2023, was detected early on and successfully contained.

But despite FNF’s best efforts, over a million customers will wonder if the threat actors behind the breach also believe that their attack has been successfully “contained.” The nature of their target suggests otherwise. A Fortune 500 company, FNF is one of the largest companies of its kind in the US, with an annual revenue of over $10 billion, a market capitalization of $13.3 billion, and a staff of over 23,000 people.

Read More
admin
News One Minute Roundup
0
17

Microsoft’s GitHub: A Growing Platform for Delivering Malicious Payloads – January 12th

A Recorded Future report discloses that Microsoft-owned GitHub is a growing and lucrative platform for threat actors to effectively deliver malicious payloads by blending the payloads with legitimate traffic.

The open-source data repository platform’s legitimacy is now being leveraged cleverly by threat actors who are “living-off-trusted-sites”. However, the limitations in the site’s file size and storage stopped large-scale payloads used for data exfiltration from being delivered.

Read More
Editorial Team
cybercrime News ransomware
0
23

British Library breach highlights new threat

The British Library, which houses about 14 million books plus manuscripts and items dating back to 2000 BC, was forced offline in October after refusing to pay a £600,000 ransomware demand.

According to The Financial Times, the digital destruction caused by the  “deep and extensive” ransomware attack means that the world-renowned library will now be forced to pay ten times that sum to rebuild its online services at a cost of £6 million to £7 million, taking it offline for up to a year. The British Library breach is further evidence of the devastating speed of the latest generation of ransomware attacks.

Cybersecurity firm Sophos’s State of Ransomware 2023 report says that threat actors now succeed in encrypting data in 76 percent of ransomware attacks, up from 65 percent in 2022. According to Sophos, there has also been a 62 percent year-on-year rise in intentional remote encryption attacks since 2022

Read More
Tony Glover
Breaking News Cryptocurrency News
0
13

Blockchains lose $1.8 billion to cybercrime

Web 3.0, the blockchain version of the traditional internet that hosts decentralized blockchain crypto-currencies, lost over US$1.8 billion in 2023 to cybercrime.

Newly released findings from cybersecurity firm Certik’s latest Hack3D Annual Report cast a pall over the US Securities and Exchange Commission (SEC)’s much-anticipated approval of up to a dozen Bitcoin ETFs (exchange-traded funds) on Wednesday. It will also cast a long shadow over the hoped-for institutional acceptance of crypto-currencies by influential financial entities, including Swift, the Hong Kong Monetary Authority, and the Australia and New Zealand Banking Group (ANZ). In the second half of last year, the SEC scrutinized a series of proposals, notably extending review periods for Bitcoin ETF applications from major firms like BlackRock, ARK, and Fidelity.

Read More
admin
News One Minute Roundup
0
9

Cyberattack Shuts Down loanDepot IT Systems – January 8th

In response to complaints regarding its payment portal, loanDepot informed its customers that they fell victim to a cyberattack that shut down its IT systems, disrupting its business operations.

Currently in coordination with law enforcement and forensics experts to further investigate the attack. The attack on loanDepot marks the second major cyberattack on a US mortgage loan provider in the past few months, after the cyberattack on Mr. Cooper.

Read More
admin
News One Minute Roundup
0
13

CISA Warns Google Chrome Users of Open Source Vulnerabilities – January 4th

In an announcement addressed to US Federal Agencies, the Cybersecurity and Infrastructure Security Agency (CISA) warned Google Chrome users of a vulnerability (CVE-2023-7101) impacting the web browser’s open-source Perl library.

The Google vulnerability affects an open-source project, Google Chromium WebRTC, which as a result allows threat actors to cause browser crashes and launch other actions.

Read More
admin
News One Minute Roundup
0
12

$80M in Crypto Stolen from Orbit Chain Cyberattack – January 3rd

Orbit Chain revealed to its users that as a result of a cyber attack, $84.5M worth of Ethereum and DAI (cryptocurrencies) were illicitly transferred to seven wallet addresses on the 1st of January.

Orbit Chain is now coordinating with the Korean National Police Agency and the Korea Internet & Security Agency (KISA) to find the threat actors behind the cyber attacks, and to further protect its customers’ crypto wallets.

Read More
Editorial Team
Analysis Cyber Media cybercrime
0
20

Cyber-gangs to launch media offensive in 2024

Cybercrime, which has become a multi-trillion-dollar industry over recent decades, became increasingly sophisticated during 2023, with criminal groups now adopting many of the business practices used by legitimate enterprises. According to a new report from cybersecurity firm, Sophos, leading ransomware gangs now increasingly employ their own internal HR and PR departments.

Far from shying away from the media, as criminals always have in the past, some ransomware gangs have been swift to seize the opportunities it affords them. Some regularly issue press releases and take great pains to forge relationships with individual journalists using the same PR methods as those employed by legitimate corporations. Threat actors also offer Frequently Asked Questions (FAQs) and answers for journalists visiting their leak sites, encouraging reporters to get in touch, give in-depth interviews, and recruit writers, reports Sophos.

Read More
admin
News One Minute Roundup
0
17

Researchers Uncover a Tesla Autopilot Exploit – January 2nd

Researchers from the Technische Universität Berlin managed to hack into Tesla’s autopilot system, granting them access to internal hardware and hidden capabilities.

The university’s researchers using inexpensive tools amounting to $600 hacked into Tesla’s ARM64-based circuit board of the car’s autopilot system. The researchers’ hack on Tesla allowed them access to arbitrary code, user data, cryptographic keys, system parts, a deleted GPS coordinates video, and the hidden “Elon-mode” allowing the cars to have a fully hands-free self-driving feature.

Read More
admin
News One Minute Roundup
0
13

62% of Top Ransomware Groups Activated Remote Attacks in 2023 – December 27th

According to Sophos’ latest report, 62% of the most active ransomware groups in the world deliberately enable remote encryption for their attacks.

Sophos’ report entitled “CryptoGuard: An Asymmetric Approach to the Ransomware Battle,” gathered the data based on Sophos’ detected and halted ransomware attacks in 2023. The report further stated that remote encryption is used as a tactic for effective, widespread ransomware attacks within organizations, aiming to steal as much sensitive information as possible.

Read More
Editorial Team
Data Leak Finance News
0
21

Mr. Cooper breach exposes 14m victims’ data

US mortgage service provider Mr. Cooper has disclosed a breach to the U.S. Securities and Exchange Commission (SEC) affecting over 14.5 million people. Breached data includes names, addresses, phone numbers, social security numbers, dates of birth, and bank account numbers. The Mr Cooper breach is indicative of several trends likely to shape the cybersecurity industry in 2024. 

  

The new obligation to report material cyber breaches within four days that came into effect last week on December 15 is widely expected to reveal a huge iceberg of what might have previously been unreported and, therefore, uncounted cyber breaches. The obligation to detail the loss and those affected also puts a big onus on organizations in all sectors to implement systems capable of identifying and tracking any intrusions into their network. 

Read More
admin
News One Minute Roundup
0
10

US White House Issues Executive Order to Improve Nation’s Cybersecurity – December 22nd

On December 21st, the U.S. White House issued Executive Order (EO) 14028, “Executive Order on Improving the Nation’s Cybersecurity,” which emphasized modernizing cybersecurity infrastructure by coding in more secure ways.

A more detailed excerpt from the Executive Order stated; “Software engineers, developers, and coders must build secure code and security controls into the code they create. They need to make security by design and security by default software-design requirements.”

Read More