Tag: detection
-
APT28 Exploits Signal Messenger to Deploy eardShell and Covenant Malware
Sekoia.io’s Threat Detection and Response (TDR) team has uncovered a sophisticated campaign by APT28 that weaponizes Signal Messenger to deploy two previously undocumented malware families”, BeardShell and the Covenant framework. In early 2025, a trusted partner supplied samples that did not match any known infection chain, prompting a joint investigation. On 21 June 2025, CERT-UA…
-
Seon Receives $80M to Grow Autonomous AML and KYC Platform
Series C Funding to Drive R&D, Fuel Vision for End-to-End Compliance Capabilities. Texas-based fraud detection startup Seon closed an $80 million Series C funding round to support its shift toward an all-in-one AML and KYC compliance platform powered by AI, as it pursues aggressive international expansion and deeper product integration. First seen on govinfosecurity.com Jump…
-
SmokeLoader Employs Optional Plugins to Steal Data and Launch DoS Attacks
Active since 2011, SmokeLoader (also known as Smoke or Dofoil) has cemented its reputation as a versatile malware loader engineered to deliver second-stage payloads, including trojans, ransomware, and information stealers. Over the years, it has evolved to evade detection and optimize payload delivery, extending its reach through an extensible plugin framework capable of credential harvesting,…
-
Improve Your Cyber Resilience with Data Security Platformization
Tags: access, ai, attack, breach, business, cloud, compliance, computing, container, control, cyber, cybersecurity, data, defense, detection, encryption, ibm, infrastructure, mitigation, resilience, risk, software, strategy, threat, toolImprove Your Cyber Resilience with Data Security Platformization madhav Tue, 09/16/2025 – 05:14 Data Security Lynne Murray – Director of Product Marketing for Data Security More About This Author > Today’s organizations are drowning in the growth of many different cybersecurity tools”, an unintended consequence of trying to keep up with an evolving threat landscape.…
-
CISOs grapple with the realities of applying AI to security functions
Tags: ai, automation, breach, business, ceo, ciso, compliance, cybersecurity, data, detection, email, endpoint, finance, governance, incident response, intelligence, law, malicious, malware, microsoft, risk, service, soc, threat, toolThe agentic edge: The financial services is often an early adopter of cutting-edge security technologies.Erin Rogers, SVP and director of cybersecurity risk and compliance at BOK Financial, tells CSO that AI-based upgrades are helping threat detection and response systems to autonomously analyze threats, make real-time decisions, and adapt responses, significantly improving early detection and mitigation.While…
-
CISOs grapple with the realities of applying AI to security functions
Tags: ai, automation, breach, business, ceo, ciso, compliance, cybersecurity, data, detection, email, endpoint, finance, governance, incident response, intelligence, law, malicious, malware, microsoft, risk, service, soc, threat, toolThe agentic edge: The financial services is often an early adopter of cutting-edge security technologies.Erin Rogers, SVP and director of cybersecurity risk and compliance at BOK Financial, tells CSO that AI-based upgrades are helping threat detection and response systems to autonomously analyze threats, make real-time decisions, and adapt responses, significantly improving early detection and mitigation.While…
-
Spring Framework Security Flaws Allow Authorization Bypass and Annotation Detection Issues
A pair of medium-severity vulnerabilities in the Spring Framework and Spring Security libraries were disclosed on September 15, 2025. Both flaws involve the annotation detection mechanism used by Spring Security’s method security features and can lead to authorization bypass in applications that rely on parameterized types or unbounded generic superclasses. Users of affected versions should…
-
Attackers Adopt Novel LOTL Techniques to Evade Detection
HP Wolf has reported the use of multiple, uncommon binaries and novel uses of legitimate image files in recent malicious campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attackers-novel-lotl-detection/
-
Hackers using generative AI “ChatGPT” to evade anti-virus defenses
The Kimsuky APT group has begun leveraging generative AI ChatGPT to craft deepfake South Korean military agency ID cards. Phishing lures deliver batch files and AutoIt scripts designed to evade anti-virus scanning through sophisticated obfuscation. Organizations must deploy endpoint detection and response (EDR) solutions to unmask hidden scripts and secure endpoints. On July 17, 2025,…
-
Your SOC is the parachute, Will it open?
Tags: ai, automation, breach, cyber, cybersecurity, data, detection, exploit, finance, resilience, risk, soc, threat, tool, updateComplexity is the enemy of resilience: I recently had a fascinating conversation with a friend in Cambridge. We were debating what’s wrong with cybersecurity, and he said something that stuck with me: “The answer is simple if it’s done very well.”It echoes a point I explored in a collaborative essay with Abbas Kudrati: Cyber Security…
-
Mustang Panda Uses SnakeDisk USB Worm and Toneshell Backdoor to Target Air-Gap Systems
IBM X-Force researchers have uncovered sophisticated new malware campaigns orchestrated by the China-aligned threat actor Hive0154, also known as Mustang Panda. The discovery includes an advanced Toneshell backdoor variant that evades detection systems and a novel USB worm called SnakeDisk specifically targeting Thailand-based devices. Enhanced Toneshell Backdoor Evades Detection The latest iteration of Toneshell, dubbed…
-
How Wesco cut through the noise and reimagined risk management
Tags: ai, application-security, automation, awareness, business, conference, container, control, data, defense, detection, exploit, github, intelligence, kubernetes, microsoft, mitigation, risk, risk-management, software, strategy, threat, tool, vulnerability, zero-dayProactive defense: Real-time threat intelligence feeds allow Wesco to spot and neutralize vulnerabilities before they escalate.Improved awareness: Developers and security teams have clearer visibility into zero-day threats and can act faster.Application security posture enhancement: A “security champions program” ensures accountability doesn’t sit only with the security team but across development and executive teams, too.AI-driven risk…
-
Australian Banks Deploy Army of AI Bots to Scam Scammers
Apate.ai CEO Dali Kaafar on Turning the Tables on Fraudsters With AI-Powered Bots. Major banks in Australia are now using bots to foil scammers. The bots are designed to pose as potential victims, extract real-time intelligence and waste scammers’ resources. The data is then pushed directly into fraud detection systems used by banks, telecom providers…
-
Attackers Adopting Novel LOTL Techniques to Evade Detection
HP Wolf has reported the use of multiple, uncommon binaries and novel uses of legitimate image files in recent malicious campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attackers-novel-lotl-detection/
-
EvilAI: Leveraging AI to Steal Browser Data and Evade Detection
EvilAI, a new malware family tracked by Trend Research, has emerged in recent weeks disguised as legitimate AI-driven utilities. These trojans sport professional user interfaces, valid code signatures, and functional features, allowing them to slip past both corporate and personal defenses undetected. Leveraging lightweight installers and AI-generated code, EvilAI rapidly establishes persistent footholds while masquerading…
-
EvilAI: Leveraging AI to Steal Browser Data and Evade Detection
EvilAI, a new malware family tracked by Trend Research, has emerged in recent weeks disguised as legitimate AI-driven utilities. These trojans sport professional user interfaces, valid code signatures, and functional features, allowing them to slip past both corporate and personal defenses undetected. Leveraging lightweight installers and AI-generated code, EvilAI rapidly establishes persistent footholds while masquerading…
-
12 digital forensics certifications to accelerate your cyber career
Tags: access, apt, attack, browser, chrome, cloud, computer, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, email, endpoint, exploit, google, government, group, hacker, hacking, Hardware, incident response, international, jobs, law, malicious, malware, microsoft, mobile, network, phone, service, skills, soc, technology, threat, tool, training, windowsCellebrite Certified Mobile Examiner (CCME)Certified Computer Examiner (CCE)CyberSecurity Forensic Analyst (CSFA)EC-Council Computer Hacking Forensic Investigator (CHFI)EnCase Certified Examiner (EnCE)Exterro AccessData Certified Examiner (ACE)GIAC Advanced Smartphone Forensics Certification (GASF)GIAC Certified Forensics Analyst (GCFA)GIAC Certified Forensic Examiner (GCFE)GIAC Cloud Forensic Responder (GCFR)GIAC Network Forensic Analysis (GNFA)Magnet Certified Forensics Examiner (MCFE) Cellebrite Certified Mobile Examiner (CCME) Out of…
-
Microsoft Teams Launches Automatic Alerts for Malicious Links
Microsoft is significantly enhancing security for its Teams platform by introducing automatic warning systems that alert users about malicious links in chat messages. This new protective feature represents a crucial advancement in safeguarding collaboration platforms from increasingly sophisticated cyber threats targeting workplace communications. Enhanced Real-Time Threat Detection System The new security feature operates as part…
-
BSidesSF 2025: Your Intrusion Detection Still Sucks (And What To Do About It)
Creator, Author and Presenter: Jason Craig Our deep appreciation to Security BSides – San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon – certainly a venue like no other; and via the organization’s YouTube…
-
‘Gentlemen’ Ransomware Abuses Vulnerable Driver to Kill Security Gear
By weaponizing the ThrottleStop.sys driver, attackers are disrupting antivirus and endpoint detection and response (EDR) systems. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/gentlemen-ransomware-vulnerable-driver-security-gear
-
Permiso Uncovers Unicode Technique to Compromise Microsoft Exchange Rules
Permiso researchers uncovered a Unicode obfuscation technique, “Inboxfuscation,” that exploits Microsoft Exchange inbox rules to evade detection and exfiltrate email data. Learn how it works and how security teams can defend against it. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/permiso-uncovers-unicode-technique-to-compromise-microsoft-exchange-rules/
-
OT security: Why it pays to look at open source
Tags: access, ai, attack, compliance, control, data, defense, detection, edr, endpoint, Hardware, intelligence, iot, microsoft, ml, monitoring, network, open-source, PCI, service, strategy, threat, tool, vulnerabilityOT security at the highest level thanks to open-source alternatives: Commercial OT security solutions such as those from Nozomi Networks, Darktrace, Forescout or Microsoft Defender for IoT promise a wide range of functions, but are often associated with license costs in the mid to high six-figure range per year. Such a high investment is often…
-
ChillyHell macOS Malware: Three Methods of Compromise and Persistence
A new wave of macOS-targeted malware has emerged under the radar”, despite employing advanced process reconnaissance and maintaining successful notarization status for years. Jamf Threat Labs recently uncovered a developer-signed sample on VirusTotal that used sophisticated endpoint profiling and established persistence using several different mechanisms. The malware, dubbed ChillyHell, has evaded popular antivirus detections even…
-
BSidesSF 2025: How To Train Your Detection Dragon
Creator, Author and Presenter: Geet Pradhan Our deep appreciation to Security BSides – San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon – certainly a venue like no other; and via the organization’s YouTube…
-
How Mitsubishi-Nozomi Deal Will Boost OT Cyber Capabilities
CMO Mike Plante on Nozomi Expanding Industrial Reach, Operating as Independent Unit. Japanese Industrial giant Mitsubishi Electric will acquire San Francisco-based cybersecurity firm Nozomi Networks for $883 million. The two companies aim to fuse industrial data insights with advanced threat detection while keeping Nozomi as an independent brand. First seen on govinfosecurity.com Jump to article:…
-
We’ve crossed the security singularity – Impart Security
Tags: access, ai, api, attack, authentication, breach, ciso, compliance, credentials, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, framework, group, hacker, incident response, injection, intelligence, Internet, msp, password, penetration-testing, ransomware, risk, risk-assessment, skills, software, sql, strategy, supply-chain, threat, update, vulnerability, zero-day, zero-trustThe Bottom Line: We’ve Crossed the Security Singularity “ The Security Singularity: When AI Democratized Cyberattacks We’ve crossed a threshold that fundamentally changes cybersecurity forever. Not with fanfare or headlines, but quietly, in the background of our AI-powered world. The expertise barrier that once separated script kiddies from sophisticated threat actors has simply… vanished. I…