Tag: communications

Cybercriminals Exploit Pyramid Pentesting Tool for Covert C2 Communications

Feb 13, 2025 2:48 PM

Tags: communications, control, cyber, cybercrime, cybersecurity, detection, endpoint, exploit, framework, github, hacker, malicious, open-source, penetration-testing, tool

Cybersecurity analysts have identified that hackers are leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications. Originally designed as a post-exploitation framework for penetration testers, Pyramid has become an attractive option for malicious actors due to its ability to evade detection by endpoint security tools. The tool, first released on GitHub in…
The Rise of Non-Ransomware Attacks on AWS S3 Data

Feb 13, 2025 1:48 PM

Tags: access, attack, authentication, breach, cloud, communications, compliance, control, cyber, data, data-breach, detection, encryption, exploit, Hardware, iam, lessons-learned, malicious, monitoring, ransom, ransomware, regulation, risk, software, strategy, threat, tool, unauthorized

The Rise of Non-Ransomware Attacks on AWS S3 Data madhav Thu, 02/13/2025 – 04:39 A sophisticated ransomware gang, Codefinger, has a cunning new technique for encrypting data stored in AWS S3 buckets without traditional ransomware tools. Instead, they exploit the AWS server-side encryption with customer-provided keys (SSE-C), extorting payment in exchange for the encryption key.…
OpenSSL patched high-severity flaw CVE-2024-12797

Feb 11, 2025 11:55 PM

Tags: apple, communications, computer, cve, flaw, network, open-source, vulnerability

OpenSSL patched the vulnerability CVE-2024-12797, a high-severity flaw found by Apple that enables man-in-the-middle attacks. The OpenSSL Project addressed a high-severity vulnerability, tracked as CVE-2024-12797, in its secure communications library. The OpenSSL software library allows secure communications over computer networks against eavesdropping or need to identify the party at the other end. OpenSSL contains an open-source implementation…
The Rise of Typhoon Cyber Groups

Feb 11, 2025 11:55 PM

Tags: access, attack, breach, communications, control, cyber, cyberattack, cybersecurity, data, defense, dns, endpoint, espionage, exploit, finance, government, group, infrastructure, intelligence, iot, military, monitoring, network, phone, resilience, supply-chain, tactics, threat, tool, vulnerability, zero-day
EARLYCROW: Detecting APT Malware Command and Control Activities Over HTTPS

Feb 11, 2025 12:55 PM

Tags: apt, communications, control, cyber, cyberattack, detection, malware, network, tactics, threat

Advanced Persistent Threats (APTs) represent a sophisticated and stealthy category of cyberattacks targeting critical organizations globally. Unlike common malware, APTs employ evasive tactics, techniques, and procedures (TTPs) to remain undetected for extended periods. Their command-and-control (C&C) communications often mimic legitimate web traffic, making detection particularly challenging for traditional Network Intrusion Detection Systems (NIDS). To address…
WTF? Why the cybersecurity sector is overrun with acronyms

Feb 11, 2025 7:55 AM

Tags: ceo, communications, cyber, cybersecurity, email, guide, identity, jobs, mfa, risk, service, threat, tool, training, update, vpn, wifi

, a global online news organization. Let’s put it this way: Many academics, regardless of their area of expertise, have never met an acronym they didn’t prefer to typing out the entire phrase. That means our copyediting efforts too often involve spelling out or removing acronyms throughout, much to the chagrin of some of our…
Sky ECC encrypted service distributors arrested in Spain, Netherlands

Feb 10, 2025 9:55 PM

Tags: communications, service

Four distributors of the encrypted communications service Sky ECC, used extensively by criminals, were arrested in Spain and the Netherlands. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/sky-ecc-encrypted-service-distributors-arrested-in-spain-netherlands/
Phishing Season 2025: The Latest Predictions Unveiled

Feb 10, 2025 7:55 PM

Tags: access, ai, attack, authentication, automation, cloud, communications, control, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, defense, detection, election, email, exploit, finance, google, government, group, infrastructure, intelligence, login, malware, mfa, mobile, network, passkey, phishing, ransomware, risk, service, social-engineering, strategy, tactics, technology, threat, tool, update, voip, vulnerability, zero-trust

Every year, cybercriminals sharpen their tools and refine their tactics to exploit network and security vulnerabilities. Gone are the days of clumsy emails with glaring typos and suspicious attachments. Instead, we face an era of new sophistication. No longer just stealing credentials, attackers are creating intricate digital narratives that make it difficult to distinguish friend…
Worker distraction is on the rise. Digital employee experience (DEX) platforms can help

Feb 7, 2025 11:06 PM

Tags: business, ceo, cloud, communications, computer, control, data, email, endpoint, malware, network, office, sap, service, software, switch, technology, tool, training

With the dramatic increase in remote work in the last few years, many of us are actually working longer hours, ricocheting between communication platforms, learning new systems on the fly, and struggling to fix our own tech issues.It’s all adding up to a new kind of burnoutIt’s also focusing renewed attention on the digital employee experience…
Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Feb 7, 2025 6:06 PM

Tags: ai, attack, backdoor, communications, cyber, data, defense

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is transmitted by focusing on the meaning of data rather than raw content. Unlike traditional communication methods, these systems encode semantic features such as text, images, or speech into low-dimensional vectors, significantly reducing bandwidth usage while maintaining the integrity of transmitted information.…
CIOs and CISOs grapple with DORA: Key challenges, compliance complexities

Feb 7, 2025 9:06 AM

Tags: access, automation, banking, business, cio, ciso, communications, compliance, control, country, cyber, cybersecurity, data, dora, finance, framework, GDPR, governance, jobs, law, monitoring, network, nis-2, penetration-testing, privacy, regulation, resilience, risk, risk-management, service, skills, supply-chain, technology, threat, tool, training, vulnerability

In force since January, the Digital Operational Resilience Act (DORA) has required considerable effort from CIOs and CISOs at 20 types of financial entities to achieve compliance. For many, the journey is not complete.”In the past months, financial entities targeted by DORA have been busy internally defining roles and responsibilities related to ICT security, identifying…
New trojan hijacks Linux and IoT devices

Feb 5, 2025 6:12 AM

Tags: access, antivirus, attack, backup, breach, china, communications, computer, control, credentials, cyber, data, espionage, fortinet, group, Internet, iot, linux, malicious, malware, network, open-source, password, service

There’s a new trojan on the block, one that specifically targets network appliances and internet of things (IoT) devices running the open-source Linux operating system.FortiGuard Labs has identified a new malware kit, dubbed “ELF/Sshdinjector.A!tr”, that has the ability to infect and remotely control systems, establish root privilege, maintain malware presence, exfiltrate data such as user…
Anomalies are not Enough

Feb 5, 2025 5:12 AM

Tags: ai, attack, ciso, communications, country, cybersecurity, data, data-breach, defense, email, government, LLM, mail, marketplace, mitre, ml, network, resilience, risk, service, siem, threat, tool

Mitre Att&ck as Context Introduction: A common theme of science fiction authors, and these days policymakers and think tanks, is how will the humans work with the machines, as the machines begin to surpass us across many dimensions. In cybersecurity humans and their systems are at a crossroads, their limitations daily exposed by ever more innovative,…
Devil-Traff: Emerging Malicious SMS Platform Powering Phishing Attacks

Feb 3, 2025 12:12 PM

Tags: attack, communications, cyber, cybercrime, email, exploit, malicious, phishing, scam, tool, update

In the ever-evolving landscape of cybercrime, bulk SMS platforms like Devil-Traff have emerged as powerful tools for phishing campaigns, exploiting trust and compromising security on a massive scale. Employees in organizations today face an increasing volume of communications emails, instant messages, and ticket updates, providing fertile ground for phishing scams to blend seamlessly into routine…
5 Encrypted Attack Predictions for 2025

Feb 1, 2025 9:12 PM

Tags: access, ai, apt, attack, automation, cloud, communications, computer, computing, control, cryptography, cyber, cyberattack, cybercrime, data, data-breach, defense, detection, email, encryption, exploit, government, group, india, infrastructure, intelligence, Internet, malicious, malware, network, phishing, ransomware, risk, service, tactics, technology, threat, update, vpn, zero-trust

The cyberthreat landscape of 2024 was rife with increasingly sophisticated threats, and encryption played a pivotal role”, a staggering 87.2% of threats were hidden in TLS/SSL traffic. The Zscaler cloud blocked 32.1 billion attempted encrypted attacks, a clear demonstration of the growing risk posed by cybercriminals leveraging encryption to evade detection. ThreatLabz reported that malware…
Devil-Traff: A New Bulk SMS Platform Driving Phishing Campaigns

Jan 29, 2025 9:36 PM

Tags: communications, email, exploit, finance, phishing, scam, update

Employees in most organizations receive countless communications daily”, emails, Slack messages, or ticket updates, for example. Hidden among these routine interactions are phishing scams designed to exploit trust and compromise security. Imagine an employee receiving a text that appears to be from their bank: “Suspicious activity detected on your account. Click here to secure your…
Whatsup Gold, Observium and Offis vulnerabilities

Jan 29, 2025 6:36 PM

Tags: cisco, communications, monitoring, network, vulnerability

Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold. These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries and applications implementing DICOM (Digital Imaging and Communications First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/whatsup-gold-observium-offis-vulnerabilities/
TorNet Backdoor Exploits Windows Scheduled Tasks to Deploy Malware

Jan 28, 2025 8:36 PM

Tags: backdoor, cisco, communications, cyber, email, exploit, finance, germany, malware, phishing, threat, windows

Cisco Talos researchers have identified an ongoing cyber campaign, active since mid-2024, deploying a previously undocumented backdoor known as >>TorNet.
Hackers Mimic USPS To Deliver Malicious PDF In Attack Targeted Mobile Devices

Jan 28, 2025 11:36 AM

Tags: attack, communications, credentials, cyber, hacker, malicious, mobile, phishing, service, social-engineering, tactics

In a detailed analysis published on January 27, 2025, Zimperium’s zLabs team uncovered a sophisticated phishing campaign targeting mobile devices through malicious PDF files. Disguised as communications from the United States Postal Service (USPS), this campaign employs advanced social engineering and obfuscation tactics to steal user credentials and sensitive data. The campaign reportedly spans more…
Over 100 LTE, 5G vulnerabilities threaten widespread communications disruptions

Jan 27, 2025 9:03 PM

Tags: 5G, communications, vulnerability

First seen on scworld.com Jump to article: www.scworld.com/brief/over-100-lte-5g-vulnerabilities-threaten-widespread-communications-disruptions
Sweden seizes ship suspected of Baltic Sea cable sabotage

Jan 27, 2025 3:03 PM

Tags: communications

Swedish authorities seized and boarded the Vezhen after the cargo ship was suspected of sabotaging a communications cable beneath the Baltic Sea.]]> First seen on therecord.media Jump to article: therecord.media/sweden-seizes-ship-suspected-cable-sabotage
US hits back against China’s Salt Typhoon group

Jan 18, 2025 5:22 AM

Tags: attack, backdoor, china, cisa, ciso, communications, computer, control, crypto, cve, cyber, cyberattack, cybersecurity, defense, detection, disinformation, espionage, exploit, finance, government, group, infosec, infrastructure, intelligence, ivanti, law, malicious, mandiant, microsoft, network, north-korea, office, tactics, technology, theft, threat, tool, vpn, vulnerability

The US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.On Friday the Department of the Treasury’s Office of Foreign Assets Control (OFAC) said it is sanctioning Sichuan Juxinhe Network Technology, a…
Zoom Security Update Patches Multiple Vulnerabilities That Let Attackers Escalate Privileges

Jan 15, 2025 10:02 AM

Tags: communications, cve, cyber, flaw, software, update, vulnerability

Zoom Video Communications has released a critical security update addressing multiple vulnerabilities in its suite of applications, including a high-severity flaw that could allow attackers to escalate privileges. The company urges users to update their software immediately to mitigate potential risks. The most severe vulnerability, CVE-2025-0147, is a type confusion issue affecting the Zoom Workplace…
Sechs Technologietrends für den Sicherheitssektor im Jahr 2025

Jan 13, 2025 6:26 AM

Tags: communications

Verschiedene Technologietrends für den Sicherheitssektor bringen sowohl Herausforderungen als auch Chancen mit sich, um beispielsweise mehr Flexibilität, Effizienz und verbesserte Wertschöpfung für Hersteller, Systemintegratoren und Endkunden zu erreichen. Bei einigen der von Axis Communications identifizierten Trends handelt es sich um Entwicklungen, die sich aus Trends der vergangenen Jahre ergeben haben. Dazu zählt beispielsweise das… First…
Meloni Says Italy Is Exploring Deals on Telecoms Security, but Denies Private Talks With Musk

Jan 11, 2025 11:42 AM

Tags: communications, encryption, government, infrastructure, military, service

If the deal is sealed, SpaceX would provide encryption services for the Italian government and communications infrastructure for the military and emergency services. The post Meloni Says Italy Is Exploring Deals on Telecoms Security, but Denies Private Talks With Musk appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/meloni-says-italy-is-exploring-deals-on-telecoms-security-but-denies-private-talks-with-musk/
2025 Cybersecurity and AI Predictions

Jan 11, 2025 11:42 AM

Tags: access, ai, api, attack, backdoor, backup, browser, business, chrome, communications, compliance, control, corporate, crowdstrike, crypto, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, exploit, finance, firmware, flaw, framework, fraud, GDPR, hacker, Hardware, identity, intelligence, international, korea, LLM, malicious, mitigation, monitoring, network, open-source, privacy, regulation, resilience, risk, risk-assessment, scam, service, skills, supply-chain, switch, technology, threat, tool, training, unauthorized, vulnerability

The cybersecurity and AI landscape continues to evolve at a breathtaking pace, and with it, the associated risks. Snowballing cybercrime costs are compounded by a cybersecurity workforce gap of nearly 4.8 million professionals, as reported by ISC2. Meanwhile, ISACA’s end-2024 State of Cybersecurity Report shows that nearly half of those surveyed claim no involvement in…
China-linked hackers target Japan’s national security and high-tech industries

Jan 9, 2025 2:20 PM

Tags: advisory, ai, attack, automation, breach, business, china, ciso, communications, corporate, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, endpoint, espionage, exploit, finance, government, group, hacker, healthcare, incident response, infrastructure, intelligence, malicious, malware, microsoft, network, organized, penetration-testing, phishing, powershell, risk, risk-management, social-engineering, spear-phishing, strategy, supply-chain, tactics, technology, threat, tool, training, vulnerability, windows, zero-day

Japan’s National Police Agency (NPA) and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) have exposed a long-running cyber espionage campaign, “MirrorFace” (also known as Earth Kasha), allegedly linked to China.The campaign, operational since 2019, has targeted Japanese organizations, businesses, and individuals, primarily to exfiltrate sensitive data related to national security and…
UN agency’s job application database breached, 42,000 records stolen

Jan 9, 2025 5:18 AM

Tags: access, attack, breach, communications, cybersecurity, data, data-breach, email, finance, international, jobs, password, sans, security-incident, tactics, threat

The International Civil Aviation Organization (ICAO) on Tuesday said that it is “actively investigating reports of a potential information security incident allegedly linked to a threat actor known for targeting international organizations,” and has initially concluded that “approximately 42,000 recruitment application data records from April 2016 to July 2024” were stolen.In its initial statement, the…
The US has a new cybersecurity safety label for smart devices

Jan 9, 2025 5:18 AM

Tags: communications, cyber, cybersecurity, Internet

The White House this week announced a new label for internet-connected devices, the U.S. Cyber Trust Mark, intended to help consumers make more-informed decisions about the cybersecurity of products they bring into their homes. To earn the U.S. Cyber Trust Mark, which is being administered by the Federal Communications Commission, companies have to test their…
FCC Launches ‘Cyber Trust Mark’ for IoT Devices to Certify Security Compliance

Jan 8, 2025 11:18 AM

Tags: communications, compliance, cyber, cybersecurity, government, Internet, iot, vulnerability

The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices.”IoT products can be susceptible to a range of security vulnerabilities,” the U.S. Federal Communications Commission (FCC) said. “Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear…