Tag: control
-
Who is the Kimwolf Botmaster “Dort”?
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks…
-
iOS Penetration Testing: Definition, Process and Tools
Tags: breach, control, data, flaw, iphone, penetration-testing, reverse-engineering, tool, vulnerabilityWhile iPhones boast robust security, attackers constantly seek weak points. Enter iOS penetration testing the security validation exercise against your controls attempting to stop data breaches and unauthorised access. Through manual and automated techniques like vulnerability scanning and reverse engineering, it uncovers hidden flaws in your iOS apps, protecting sensitive data and user trust…. First…
-
Hackers Exploit Windows File Explorer and WebDAV to Distribute Malware
Cybersecurity researchers at Cofense Intelligence have uncovered an ongoing campaign where threat actors abuse Windows File Explorer to distribute malware. By exploiting the legacy WebDAV protocol, attackers are tricking victims into downloading Remote Access Trojans (RATs) while bypassing traditional web browser security controls and some Endpoint Detection and Response (EDR) systems.”‹ WebDAV Exploit WebDAV (Web-based…
-
Security hole could let hackers take over Juniper Networks PTX core routers
The hole is “especially dangerous, because these devices often sit in the middle of the network, not on the fringes,” said Piyush Sharma, CEO of Tuskira. “If an attacker gains control of a PTX, the impact is bigger than a single device compromise because it can become a traffic vantage point and a control point…
-
Aeternum botnet hides commands in Polygon smart contracts
Aeternum botnet uses Polygon blockchain smart contracts for C&C, making its infrastructure harder to detect and disrupt. Qrator Labs researchers uncovered Aeternum, a botnet that runs its command-and-control infrastructure through smart contracts on the Polygon blockchain. By decentralizing its C2, the malware avoids traditional server-based takedowns and becomes far harder to disrupt or shut down,…
-
Juniper PTX Flaw Could Allow Full Router Takeover
A critical Juniper flaw could let attackers take full control of PTX core routers. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/juniper-ptx-flaw-could-allow-full-router-takeover/
-
NDSS 2025 CASPR: Context-Aware Security Policy Recommendation
Session 14A: Software Security: Applications & Policies Authors, Creators & Presenters: All From The Institute of Information Engineering, Chinese Academy of Sciences: Lifang Xiao, Hanyu Wang, Aimin Yu, Lixin Zhao, Dan Meng PAPER CASPR: Context-Aware Security Policy Recommendation Nowadays, SELinux has been widely used to provide flexible mandatory access control and security policies are critical…
-
Researchers Unveil Aeternum C2 Infrastructure with Advanced Evasion and Persistence Tactics
For years, defenders have relied on a simple strategy to dismantle botnets find and seize their command-and-control (C2) servers. That weakness enabled global law enforcement operations to disrupt massive botnets such as Emotet, TrickBot, and QakBot. But a newly identified C2 framework,Aeternum, may render those tactics obsolete. Instead of using centralized servers or domains, Aeternum…
-
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks.The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves the…
-
Why application security must start at the load balancer
Tags: application-security, attack, authentication, breach, business, compliance, control, credentials, defense, detection, encryption, exploit, finance, guide, healthcare, identity, incident response, infrastructure, Internet, nist, risk, service, technology, threat, tool, waf, zero-trustInternet traffic hits the load balancerThe load balancer forwards traffic as fast as possibleSecurity happens laterThe problem is simple. If the first system doesn’t enforce trust, everything behind it is already compromised by design. Example 1: Financial services: The team invested heavily in downstream security tools. But the load balancer accepted weak TLS versions and…
-
Android 17 second beta expands privacy controls for contacts, SMS and local networks
Google’s second beta of Android 17 continues updates to platform behavior and introduces new APIs focused on protecting sensitive data. Protecting contact and local network … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/27/android-17-beta-privacy-updates/
-
OpenClaw Insights: A CISO’s Guide to Safe Autonomous Agents FireTail Blog
Tags: access, ai, api, breach, ciso, compliance, control, data, data-breach, detection, endpoint, finance, firewall, framework, governance, guide, LLM, network, open-source, risk, risk-management, software, strategy, technology, tool, vulnerabilityFeb 27, 2026 – Alan Fagan – The “OpenClaw” crisis has board members asking, “Could this happen to us?” The answer isn’t to ban AI agents. It’s to govern them. By now, the dust is settling on the OpenClaw (aka MoltBot) incident. The technical post-mortems (including our own) have been written, the exposed ports have…
-
Ransomware groups switch to stealthy attacks and long-term access
Tags: access, application-security, attack, ciso, control, crime, cyber, cybercrime, cybersecurity, data, detection, encryption, endpoint, exploit, extortion, group, identity, intelligence, monitoring, organized, ransomware, service, software, strategy, supply-chain, switch, theft, threat, tool, vulnerability38% drop in encryption over the past 12 months as more cybercriminals turn to silently exfiltrating data for extortion as their main stock in trade.Picus’ suggestion that the volume of ransomware attacks is dropping is disputed by other experts.Tony Anscombe, chief security evangelist at endpoint security vendor Eset, offered a contrasting perspective.”In the recent Eset…
-
NDSS 2025 Retrofitting XoM For Stripped Binaries Without Embedded Data Relocation
Tags: attack, conference, control, data, Hardware, Internet, network, programming, software, threat, update, vulnerabilitySession 13D: Software Security: Code and Compiler Authors, Creators & Presenters: Chenke Luo (Wuhan University), Jiang Ming (Tulane University), Mengfei Xie (Wuhan University), Guojun Peng (Wuhan University), Jianming Fu (Wuhan University) PAPER Retrofitting XoM For Stripped Binaries Without Embedded Data Relocation System programs are frequently coded in memory-unsafe languages such as C/C++, rendering them susceptible…
-
The 2026 CISO Mandate: Proactive, Passwordless, and Context-Aware Identity Assurance
<div cla In our opinion, Gartner’s 2026 research reflects this broader evolution. Identity has expanded beyond perimeter controls and point-in-time authentication to encompass verification of the human, contextual risk assessment, and automated trust decisions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/the-2026-ciso-mandate-proactive-passwordless-and-context-aware-identity-assurance/
-
MSP Strategic Defense: Building Compliance on Dynamic Attack Surface Reduction
Tags: attack, compliance, control, cyber, defense, dora, HIPAA, insurance, ISO-27001, msp, nis-2, PCI, regulation, soc, supply-chain<div cla Compliance expectations across SMB markets are rising as supply chain regulations and cyber insurance requirements raise the baseline for security maturity. Regulatory standards such as CIS Controls v8, the NIS2 Directive, ISO 27001, SOC 2, PCI DSS, HIPAA, Cyber Essentials, CMMC 2.0, DORA, and the Essential Eight now shape what that baseline looks…
-
Microsoft Copilot DLP Bypass: A Data Trust Wake-Up Call for AI Security
Tags: access, ai, business, ciso, cloud, compliance, control, data, data-breach, detection, email, endpoint, infrastructure, leak, microsoft, monitoring, risk, risk-management, saas, toolWhen Microsoft confirmed that a bug allowed Copilot to surface and summarize emails marked confidential despite existing DLP controls, it reignited urgent questions about Microsoft Copilot security, DLP bypass risk and enterprise AI data protection. The reaction was immediate. For many CISOs and security leaders responsible for Microsoft 365 security and AI risk management, it…
-
Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown
Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts.”Instead of relying on traditional servers or domains for command-and-control, Aeternum stores its instructions on the public Polygon blockchain,” Qrator Labs said in a report shared with The First…
-
Suspected Chinese Cyberespionage Operation Hits 53 Telecoms
Google Unmasks, Disrupts Group Using Sheets for Command-and-Control Purposes. Likely Chinese nation-state hackers used online spreadsheets as infrastructure for hacking campaigns that affected at least 53 telecom operators across 42 countries, Google disclosed Wednesday. Incident responders discovered a backdoor being remotely controlled through Google Sheets. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/suspected-chinese-cyberespionage-operation-hits-53-telecoms-a-30857
-
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories
Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update.Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder.Here is a quick look at the signals worth paying attention…
-
Aeternum Botnet Shifts Command Control to Polygon Blockchain
New botnet Aeternum shifted C2 operations to Polygon blockchain, complicating takedown efforts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/aeternum-botnet-c2-polygon/
-
The Global Fight Over Who Controls Your Data Just Escalated, Here’s What the Numbers Say
A new diplomatic offensive against foreign privacy laws collides with fresh research showing that weakening data sovereignty protections is the last thing organizations need right now. The post The Global Fight Over Who Controls Your Data Just Escalated, Here’s What the Numbers Say appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-data-sovereignty-cloud-security-report/
-
When Payment Data Becomes the Weakest Link
Tags: access, awareness, breach, cloud, compliance, container, control, cybersecurity, data, data-breach, encryption, fraud, least-privilege, PCI, radius, risk, service, software, strategy, threatWhen Payment Data Becomes the Weakest Link madhav Thu, 02/26/2026 – 10:56 Most cybersecurity incidents don’t begin with an attack. They begin with a design decision. Four people experienced that reality in the same week. Different roles. Different systems. One shared outcome. Cybersecurity Karen Kelvie – Product Marketing, Data Protection More About This Author >…
-
Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control
Cisco SD-WAN vulnerability CVE-2026-20127 has been exploited since 2023 to gain unauthenticated admin access. A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), has been actively exploited since 2023. The flaw affects Catalyst SD-WAN Controller and Manager and allows remote, unauthenticated attackers to bypass authentication and gain full administrative access by sending…
-
ResidentBat Android Malware Grants Belarusian KGB Ongoing Mobile Access
ResidentBat is a custom Android spyware implant used by the Belarusian KGB to turn seized smartphones into long”‘lived surveillance platforms against journalists and civil society targets. Operating outside the Play Store ecosystem and requiring hands”‘on installation, it combines deep data collection with remote control features, including the ability to wipe a device on demand. RSF’s…
-
ResidentBat Android Malware Grants Belarusian KGB Ongoing Mobile Access
ResidentBat is a custom Android spyware implant used by the Belarusian KGB to turn seized smartphones into long”‘lived surveillance platforms against journalists and civil society targets. Operating outside the Play Store ecosystem and requiring hands”‘on installation, it combines deep data collection with remote control features, including the ability to wipe a device on demand. RSF’s…
-
The farmers and the mercenaries: Rethinking the ‘human layer’ in security
Tags: access, attack, authentication, awareness, ciso, control, cybersecurity, defense, detection, intelligence, jobs, monitoring, risk, soc, threat, tool, trainingThe evidence is already in: This isn’t a theoretical complaint, it shows up in research on how real SOCs work. A study by the University of Oxford based on surveys and interviews with SOC practitioners found they “confirmed the high” false-positive rates of tools in use, and that many “false positives” are actually benign triggers…
-
Samsung’s Galaxy S26 turns privacy into a visible and invisible feature
The Samsung Galaxy S26 series is out, offering plenty of security features that protect personal data while providing users with transparency and control over how their … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/26/samsung-galaxy-s26-privacy-display-security-feature/
-
New $300 Android RAT Boasts Automated Permission Bypass and Hidden Remote Control
Every so often, a new piece of malware emerges that truly shifts the threat landscape. Oblivion, a newly discovered Android Remote Access Trojan (RAT), appears to be one such moment. Unlike recycled or buggy Remote Access Trojan (RATs) seen across underground markets, Oblivion is promoted as a ground”‘up build, tested for months before public release. The…