Tag: intelligence
-
Over 20 Malicious Google Play Apps Steal Users’ Login Credentials
Tags: android, credentials, crypto, cyber, cybersecurity, google, intelligence, login, malicious, phishingA major security alert has been issued for Android users after cybersecurity researchers uncovered more than 20 malicious applications on the Google Play Store designed to steal users’ login credentials, specifically targeting cryptocurrency wallet holders. The campaign, identified by Cyble Research and Intelligence Labs (CRIL), reveals a sophisticated phishing operation that has already compromised the…
-
Operationelle Resilienz Koordination & Kooperation im Fokus
Tags: bsi, business, ciso, cloud, cyber, cyberattack, cyersecurity, edr, iam, incident response, infrastructure, intelligence, RedTeam, resilience, strategy, threat, tool, zero-trustUm Unternehmen auf Cybervorfälle vorzubereiten, brauchen CISOs operationelle Resilienz.Die Aufgabe des CISOs besteht darin, sowohl technologische als auch prozessuale und organisatorische Voraussetzungen für die IT-Sicherheit seines Unternehmens zu schaffen. CISOs schaffen eine auf Resilienz abzielende Sicherheitsarchitektur, treiben die Integration interoperabler Plattformen voran und etablieren Prozesse zur kontinuierlichen Risikoüberwachung.Darüber hinaus sorgen sie für den Aufbau von…
-
EU AI ACT
What is the EU AI Act? The EU AI Act (European Union Artificial Intelligence Act) is the world’s first comprehensive legal framework regulating artificial intelligence. Introduced by the European Commission in April 2021 and formally adopted in 2024, the Act is designed to ensure AI systems developed or used in the EU are safe, transparent,……
-
Black Basta Leaks Highlight Phishing, Google Takeover Risks
Defunct Ransomware Group’s Diaspora Includes Hackers With Focus on Microsoft Teams Based on intelligence gleaned from the leak of Black Basta ransomware messages, researchers are warning organizations to beware phishing attacks launched via Microsoft partner domains and via Teams, as well as the targeting of personal Google accounts accessed via corporate devices. First seen on…
-
‘No Kings’ Protests, Citizen-Run ICE Trackers Trigger Intelligence Warnings
Army intelligence analysts are monitoring civilian-made ICE tracking tools, treating them as potential threats, as immigration protests spread nationwide. First seen on wired.com Jump to article: www.wired.com/story/no-kings-protests-citizen-run-ice-trackers-trigger-intelligence-warnings/
-
Fog ransomware gang abuses employee monitoring tool in unusual multi-stage attack
Tags: attack, china, cloud, control, corporate, encryption, espionage, exploit, google, group, intelligence, microsoft, monitoring, network, open-source, penetration-testing, ransomware, service, threat, toolOpen-source pen testers for executing commands: Another peculiarity observed in the attack was the use of open-source penetration testing tools, like GC2 and Adaptix C2, rarely seen with ransomware attacks.Google Command and Control (GC2) is an open-source post-exploitation tool that allows attackers to control compromised systems using legitimate cloud services like Google Sheets and Google…
-
How to log and monitor PowerShell activity for suspicious scripts and commands
Block executable content from email client and webmailBlock executable files from running unless they meet a prevalence, age, or trusted list criterionBlock execution of potentially obfuscated scriptsBlock JavaScript or VBScript from launching downloaded executable contentBlock process creations originating from PSExec and WMI commands Log workstation PowerShell commands: Even without Microsoft Defender resources you need to…
-
Securonix Buys ThreatQuotient for Integrated Threat Intel
ThreatQuotient Deal Brings Deeper Context to Alerts and Streamlines SOC Workflows. Securonix has acquired ThreatQuotient to modernize SOC platforms with external threat intelligence and agentic AI. The combined solution aims to help CISOs manage alert overload, boost detection precision and support global scale across regulated industries. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/securonix-buys-threatquotient-for-integrated-threat-intel-a-28681
-
AitM Phishing Attacks on Microsoft 365 and Google Aimed at Stealing Login Credentials
A dramatic escalation in phishing attacks leveraging Adversary-in-the-Middle (AiTM) techniques has swept across organizations worldwide in early 2025, fueled by the rapid evolution and proliferation of Phishing-as-a-Service (PhaaS) platforms. Sekoia researchers and threat intelligence teams are sounding the alarm as these attacks become more complex, harder to detect, and increasingly effective at bypassing even advanced…
-
AI May Fix a 15-Year-Old Bug It Helped Spread
Researchers Turn to AI to Fix a Zombie Flaw that AI Helped Propagate. Artificial intelligence tools that inadvertently perpetuated a decade-old bug may now also help eliminate it. The path traversal vulnerability became so embedded in developer culture that it found its way into training data for today’s AI models. First seen on govinfosecurity.com Jump…
-
Linux Malware Authors Targeting Cloud Environments with ELF Binaries
Unit 42, Palo Alto Networks’ threat intelligence division, has recently conducted investigations that have revealed a worrying trend: threat actors are increasingly creating and modifying Linux Executable and Linkable Format (ELF) malware to attack cloud infrastructure. With cloud adoption skyrocketing and Linux-based systems underpinning the vast majority of cloud workloads estimates suggest between 70% and…
-
295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager
Threat intelligence firm GreyNoise has warned of a “coordinated brute-force activity” targeting Apache Tomcat Manager interfaces.The company said it observed a surge in brute-force and login attempts on June 5, 2025, an indication that they could be deliberate efforts to “identify and access exposed Tomcat services at scale.”To that end, 295 unique IP addresses have…
-
Black Duck Elevates Leadership with New Chief Product Technology Officer
Black Duck has announced the appointment of Dipto Chakravarty as Chief Product & Technology Officer. Mr. Chakravarty brings a 30+ year track record of leading product development and technology teams, with domain expertise in AI, data intelligence, cloud security, and open-source technologies. At Black Duck, he will drive the product strategy, product management, and R&D…
-
China-linked hackers target cybersecurity firms, governments in global espionage campaign
Tags: access, awareness, china, ciso, cyber, cybersecurity, defense, detection, espionage, government, hacker, infrastructure, intelligence, Internet, monitoring, threatDeployed PurpleHaze for broader espionage: Researchers reported that in October 2024, they detected and mitigated a reconnaissance operation targeting SentinelOne, which they identified as part of a broader activity cluster known as PurpleHaze.As noted earlier, this PurpleHaze activity shared infrastructure with the campaign behind the re-compromise of the South Asian government entity, suggesting a stronger…
-
Apple Intelligence Is Gambling on Privacy as a Killer Feature
Many new Apple Intelligence features happen on your device rather than in the cloud. While it may not be flashy, the privacy-centric approach could be a competitive advantage. First seen on wired.com Jump to article: www.wired.com/story/apple-intelligence-is-gambling-on-privacy-as-a-killer-feature/
-
Supply Chain Attacks Really Are Surging
Software Supply Chain Providers Under Fire by Ransomware Rings, Nation-State Groups. Hackers are doubling down on software supply chain attacks, with known attacks surging from over 12 last year to more than 24 per month in April and May, threat intelligence researchers report. Ransomware-wielding groups and nation-state hackers, alike, have been tied to such attacks.…
-
OpenAI Shuts Down 10 Malicious AI Ops Linked to China, Russia, Iran, N. Korea
OpenAI, a leading artificial intelligence company, has revealed it is actively fighting widespread misuse of its AI tools… First seen on hackread.com Jump to article: hackread.com/openai-shuts-down-ai-ops-china-russia-iran-nkorea/
-
OpenAI’s ChatGPT a Hit With Nation-State Hackers
Malicious Accounts Linked to Malware, Influence Operations. OpenAI is using its artificial intelligence models to detect and counter abuse and has banned accounts associated with malicious state-linked operations. Hackers aligned with Russia, China, North Korea and Iran have used OpenAI’s tools for malware development and social media manipulation. First seen on govinfosecurity.com Jump to article:…
-
Censys untersucht die Ausbreitung von sechs Schwachstellen via Salt-Typhoon in Netzwerkdiensten
Censys, einer der führenden Anbieter von Tools für Threat-Intelligence, Threat-Hunting und Attack-Surface-Management, hat sechs Schwachstellen untersucht, die mit Salt-Typhoon in Verbindung gebracht werden. Die staatlich unterstützte Gruppe von Bedrohungsakteuren hat bekannte Schwachstellen in öffentlich zugänglichen Schnittstellen zu Netzwerkgeräten ausgenutzt und damit weltweit Telekommunikationsanbieter kompromittiert. Als kritische Schwachstellen ermöglichen sie oft den direkten Zugang zu internen…
-
Russia-linked PathWiper malware hits Ukrainian infrastructure
Tags: apt, attack, backup, cisco, ciso, compliance, control, cyber, detection, endpoint, finance, fortinet, infrastructure, insurance, intelligence, malware, network, PurpleTeam, resilience, risk, russia, tactics, threat, tool, ukraine, vulnerability, zero-trustEchoes of past attacks: While PathWiper shares tactical similarities with HermeticWiper, its enhanced capabilities reveal a clear evolution in wiper malware sophistication. The new variant employs advanced techniques, such as querying registry keys to locate network drives and dismounting volumes to bypass protections, a stark contrast to HermeticWiper’s simpler approach of sequentially targeting drives numbered…
-
Multicloud security automation is essential, but no silver bullet
Tags: access, ai, automation, best-practice, bsi, business, cloud, compliance, control, corporate, data, framework, guide, infrastructure, intelligence, monitoring, risk, risk-management, service, soar, strategy, threat, tool, training, update, vulnerabilityDefining multicloud automation strategies: As an engineering leader, how should you approach implementing security automation in a multicloud environment? The experts we spoke to emphasized intentional design, layered planning, and a commitment to continual refinement.”I like to consider the planning process in terms of layers,” says Protiviti’s Armknecht. “The foundational layer involves achieving observability across…
-
Exploitation of Critical Wazuh Server RCE Vulnerability Leads to Mirai Variant Deployment
The Akamai Security Intelligence and Response Team (SIRT) has uncovered active exploitation of a critical remote code execution (RCE) vulnerability in Wazuh servers, identified as CVE-2025-24016 with a CVSS score of 9.9. Disclosed in February 2025, this vulnerability affects Wazuh versions 4.4.0 through 4.9.0 and stems from unsafe deserialization in the Distributed API (DAPI) requests,…
-
Securing agentic AI systems before they go rogue
In this Help Net Security video, Eoin Wickens, Director of Threat Intelligence at HiddenLayer, explores the security risks posed by agentic AI. He breaks down how agentic AI … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/10/securing-agentic-ai-systems-video/
-
Why We’re Going All In on Application Protection – Impart Security
Tags: access, ai, application-security, attack, business, captcha, container, control, cybersecurity, detection, framework, infrastructure, intelligence, monitoring, network, programming, risk, software, startup, threat, tool, update, vulnerabilityWhen we started Impart, the cybersecurity world was obsessed with visibility. Every startup was racing to build the next agentless monitoring platform, building broad sets of product features across multiple areas while carefully sidestepping the unglamorous reality of actually securing anything. Coming from the world of WAF in the trenches of real security enforcement, this felt…
-
How to Use Risk-Based Metrics in an Exposure Management Program
Tags: attack, business, cloud, control, cybersecurity, data, exploit, guide, intelligence, iot, metric, mobile, monitoring, risk, service, threat, tool, update, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable security engineers Arnie Cabral and Jason Schavel share how you can use risk-based metrics. You can read the entire Exposure Management Academy series here. We’re information security engineers at…