Tag: intelligence
-
Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild.”Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies,” the Microsoft Threat Intelligence team said in a post shared on…
-
Unlocking OSINT: Top books to learn from
Discover the top Open-Source Intelligence (OSINT) books in this curated list. From investigative techniques to digital footprint analysis, these titles offer insights for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/17/osint-books/
-
South Korea Suspends DeepSeek AI Downloads Over Privacy Violations
South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations.Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The…
-
New XCSSET Malware Targets macOS Users Through Infected Xcode Projects
Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking its first update since 2022. This sophisticated malware continues to target macOS users by infecting Xcode projects, a critical tool for Apple developers. The latest variant introduces advanced obfuscation techniques, updated persistence mechanisms, and novel infection strategies, making it more challenging…
-
17th February Threat Intelligence Report
SimonMed Imaging, one of the largest diagnostic imaging companies in the US, has been breached by Medusa ransomware group, resulting in the theft of over 212 GB of sensitive data from its […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2025/17th-february-threat-intelligence-report/
-
How to evaluate and mitigate risks to the global supply chain
Tags: access, business, ceo, ciso, communications, compliance, control, cyberattack, cybersecurity, data, framework, governance, government, intelligence, international, ISO-27001, kaspersky, microsoft, mitigation, monitoring, office, resilience, risk, risk-assessment, risk-management, russia, service, soc, software, supply-chain, technology, threat, tool, update, vulnerabilityMaintain a diversified supply chain: Organizations that source from international technology suppliers need to ensure they are not overly reliant on a single vendor, single region or even a single technology. Maintaining a diversified supply chain can mitigate costly disruptions from a cyberattack or vulnerability involving a key supplier, or from disruptions tied to regulatory…
-
Google Chrome Introduces AI to Block Malicious Websites and Downloads
Google has taken a significant step in enhancing internet safety by integrating artificial intelligence (AI) into its >>Safe Browsing
-
CVE-2024-1709 and CVE-2023-48788: Exploits Fueling Russia’s BadPilot Campaign
Microsoft Threat Intelligence has exposed a multiyear cyber espionage campaign conducted by a subgroup of the Russian state-sponsored First seen on securityonline.info Jump to article: securityonline.info/cve-2024-1709-and-cve-2023-48788-exploits-fueling-russias-badpilot-campaign/
-
Storm-2372 used the device code phishing technique since August 2024
Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. Microsoft Threat Intelligence researchers warn that threat actor Storm-2372, likely linked to Russia, has been targeting governments, NGOs, and various industries across multiple regions since August 2024. The attackers employ a phishing technique called…
-
From Tools to Intelligence: The Evolution of SOCaaS
In the early days of cybersecurity, security teams faced a fragmented reality”, juggling multiple tools that operated in isolation. Managed Detection and Response (MDR) solutions watched for threats, while Endpoint Detection and Response (EDR) platforms monitored endpoints. However, these tools often spoke different languages, creating data silos and leaving security teams scrambling to connect the…
-
Hacker attackieren Bundeswehr-Universität
Tags: access, bug, conference, cyber, cyberattack, cybercrime, google, governance, hacker, infrastructure, intelligence, mail, mitigation, password, service, threatDie Studierenden an der Universität der Bundeswehr dürften wenig begeistert darüber sein, dass Hacker ihre Daten abgegriffen haben.Universität der BundeswehrHacker haben die Universität der Bundeswehr in Neubiberg bei München angegriffen. Laut einem Bericht des Handelsblatts seien dabei auch sensible Daten abgeflossen. Die Attacke sei von verschiedenen Quellen aus Universitätskreisen bestätigt worden, hieß es. Demzufolge habe…
-
Court: UnitedHealth Must Answer for AI-Based Claim Denials
Lawsuit Alleges Insurer Used AI Tool in Denying Patients Medically Necessary Care. A proposed class action lawsuit against UnitedHealth Group that claims the company’s insurance unit UnitedHealthCare used of artificial intelligence tools to deny Medicare Advantage claims for medically necessary care has the green light to proceed from a federal judge First seen on govinfosecurity.com…
-
Ukraine warns of growing AI use in Russian cyber-espionage operations
Russia is using artificial intelligence to boost its cyber-espionage operations, Ihor Malchenyuk of Ukraine’s State Service of Special Communications and Information Protection (SSCIP), said at the Munich Cyber Security Conference. First seen on therecord.media Jump to article: therecord.media/russia-ukraine-cyber-espionage-artificial-intelligence
-
UK accused of political ‘foreign cyber attack’ on US after serving secret snooping order on Apple
US administration asked to kick UK out of 65-year-old UK-US Five Eyes intelligence sharing agreement after secret order to access encrypted data of Apple users First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619170/UK-accused-of-political-foreign-cyberattack-on-US-after-serving-secret-snooping-order-on-Apple
-
Device Code Phishing Attack Exploits Authentication Flow to Hijack Tokens
Tags: attack, authentication, cyber, defense, exploit, government, intelligence, microsoft, phishing, service, threatA sophisticated phishing campaign leveraging the device code authentication flow has been identified by Microsoft Threat Intelligence, targeting a wide range of sectors, including government, NGOs, IT services, and critical industries such as defense and energy. The campaign, attributed to a threat actor known as Storm-2372, has been active since August 2024 and is assessed…
-
UK accused of political ‘foreign cyberattack’ on US after serving secret snooping order on Apple
US administration asked to kick UK out of 65-year-old UK-USA “Five Eyes” intelligence sharing agreement after secret order to access encrypted data of Apple users First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619170/UK-accused-of-political-foreign-cyberattack-on-US-after-serving-secret-snooping-order-on-Apple
-
Intelligence agencies must explain what they do, says UK’s former cyber spy chief
Speaking at the Munich Cyber Security Conference on Thursday, Sir Jeremy Fleming, who headed the cyber and signals intelligence agency GCHQ from 2017 to 2023, said he felt “really strongly” the agency’s “license to operate” had to be based on public understanding and trust. First seen on therecord.media Jump to article: therecord.media/intel-agencies-must-explain-what-they-do-fleming-gchq
-
Unusual attack linked to Chinese APT group combines espionage and ransomware
Tags: apt, attack, breach, china, cloud, country, credentials, crime, crimes, crypto, cyber, cybercrime, cyberespionage, data, encryption, espionage, exploit, finance, firewall, government, group, hacker, infection, insurance, intelligence, korea, microsoft, network, north-korea, ransom, ransomware, russia, software, tactics, technology, threat, veeam, vulnerabilityThe attacker demanded a $2-million ransom: The attack that resulted in the deployment of the RA World ransomware program, as well as data exfiltration, had the same chain: the toshdpdb.exe loading toshdpapi.dll then decrypting toshdp.dat which resulted in the PlugX variant being deployed. The difference is the attacker then chose to deploy the RA World…
-
Cyberkriminalität als globale Bedrohung: Neuer Report der Google Threat Intelligence Group
Laut den Daten des Dienstes ‘Mandiant Managed Defense” haben finanziell motivierte Akteure im Jahr 2024 fast viermal mehr Vorfälle verursacht als staatlich unterstützte Gruppen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/cyberkriminalitaet-als-globale-bedrohung-neuer-report-der-google-threat-intelligence-group/a39809/
-
BadPilot Attacking Network Devices to Expand Russian Seashell Blizzard’s Attacks
A newly uncovered cyber campaign, dubbed >>BadPilot,
-
Russian hacking group targets critical infrastructure in the US, the UK, and Canada
Tags: access, attack, blizzard, computer, control, cyber, cyberattack, cybersecurity, data, espionage, exploit, fortinet, group, hacker, hacking, infrastructure, intelligence, international, microsoft, military, network, ransomware, russia, software, strategy, supply-chain, threat, tool, ukraine, update, vulnerability, zero-trustWeaponizing IT software against global enterprises: Since early 2024, the hackers have exploited vulnerabilities in widely used IT management tools, including ConnectWise ScreenConnect (CVE-2024-1709) and Fortinet FortiClient EMS (CVE-2023-48788). By compromising these critical enterprise systems, the group has gained undetected access to networks, Microsoft warned.”Seashell Blizzard’s specialized operations have ranged from espionage to information operations…
-
Barcelona-based spyware startup Variston shuts down, per filing
Variston, a Barcelona-based spyware vendor, has reportedly shut down. Intelligence Online, a trade publication that covers the surveillance and intelligence industry, reports that a legal notice published in Barcelona’s registry on February 10 confirmed that Variston has been liquidated. TechCrunch has also seen the legal notice saying Variston has shuttered. This comes almost exactly a…
-
Threat Actors in Russia, China, and Iran Targeting Local communities in the U.S
Foreign adversaries, including Russia, China, and Iran, are intensifying their efforts to manipulate public opinion and destabilize local communities across the United States. These campaigns, once primarily focused on national-level politics, have increasingly targeted state and local governments, community groups, and individuals. Leveraging advanced technologies such as generative artificial intelligence (AI), these actors aim to…
-
AI and Security – A New Puzzle to Figure Out
AI is everywhere now, transforming how businesses operate and how users engage with apps, devices, and services. A lot of applications now have some Artificial Intelligence inside, whether supporting a chat interface, intelligently analyzing data or matching user preferences. No question AI benefits users, but it also brings new security challenges, especially Identity-related security First…
-
Cybercrime evolving into national security threat: Google
“The vast cybercriminal ecosystem has acted as an accelerant for state-sponsored hacking, providing malware, vulnerabilities, and in some cases full-spectrum operations to states,” said Ben Read of Google Threat Intelligence Group. First seen on therecord.media Jump to article: therecord.media/cybercrime-evolving-nation-state-threat
-
Barcelona-based spyware startup Variston reportedly shuts down
Variston, a Barcelona-based spyware vendor, is reportedly being liquidated. Intelligence Online, a trade publication that covers the surveillance and intelligence industry, reported that a legal notice published in Barcelona’s registry on February 10 confirmed that Variston has gone into liquidation. This comes almost exactly a year after TechCrunch reported that Variston was in the process…
-
China’s Salt Typhoon hackers continue to breach telecom firms despite US sanctions
Threat intelligence firm Recorded Future said it had observed Salt Typhoon breaching 5 telcos between December 2024 and January 2025. First seen on techcrunch.com Jump to article: techcrunch.com/2025/02/13/chinas-salt-typhoon-hackers-continue-to-breach-telecom-firms-despite-us-sanctions/