Tag: tactics

Swan Vector APT Targets Organizations with Malicious LNK and DLL Implants

May 13, 2025 7:38 PM

Tags: apt, cyber, finance, infection, malicious, social-engineering, tactics, threat

A newly identified advanced persistent threat (APT) campaign, dubbed >>Swan Vector
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures

May 13, 2025 5:38 PM

Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-day

Executive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
Hackers Abuse PyInstaller to Deploy Stealthy macOS Infostealer

May 13, 2025 2:38 PM

Tags: apple, cyber, cybercrime, exploit, hacker, macOS, open-source, tactics, threat, tool

Jamf Threat Labs has identified a novel macOS infostealer that exploits PyInstaller, a legitimate open-source tool used to bundle Python scripts into standalone Mach-O executables. This marks the first documented instance of PyInstaller being weaponized to deploy infostealers on macOS, highlighting a sophisticated evolution in the tactics of cybercriminals targeting Apple’s ecosystem. Discovered in April…
Deepfake Defense in the Age of AI

May 13, 2025 1:38 PM

Tags: ai, attack, cybersecurity, deep-fake, defense, social-engineering, tactics

The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models (LLMs) to impersonate trusted individuals and automate these social engineering tactics at scale. Let’s review the status of these rising attacks, what’s fueling them, and how to actually prevent, not detect, them. The Most Powerful Person…
Redefining IABs: Impacts of compartmentalization on threat tracking and modeling

May 13, 2025 12:38 PM

Tags: attack, cisco, defense, tactics, threat

Threat actors are teaming up, splitting attacks into stages and making defense harder than ever. In Part 1, Cisco Talos examines their tactics and defines their motivations. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/redefining-initial-access-brokers/
Deepfake attacks are inevitable. CISOs can’t prepare soon enough.

May 13, 2025 9:10 AM

Tags: advisory, ai, attack, authentication, awareness, blockchain, business, ciso, compliance, control, cybersecurity, data, deep-fake, defense, detection, espionage, finance, fraud, governance, grc, identity, incident response, jobs, law, mfa, north-korea, password, privacy, resilience, risk, scam, software, strategy, tactics, technology, threat, tool, training, update

Real-world fabrications: Even security vendors have been victimized. Last year, the governance risk and compliance (GRC) lead at cybersecurity company Exabeam was hiring for an analyst, and human resources (HR) qualified a candidate that looked very good on paper with a few minor concerns, says Kevin Kirkwood, CISO.”There were gaps in how the education represented…
Hackers Target IT Admins by Poisoning SEO to Push Malware to Top Search Results

May 9, 2025 4:10 PM

Tags: cyber, cybercrime, hacker, malicious, malware, tactics, tool

Cybercriminals are increasingly targeting IT administrators through sophisticated Search Engine Optimization (SEO) poisoning techniques. By leveraging SEO tactics typically used for legitimate online marketing, attackers manipulate search engine rankings to push malicious websites to the top of results on platforms like Google. Disguised as trusted tools, these malicious payloads trick even seasoned admins into downloading…
New Mamona Ransomware Targets Windows Systems Using Abused Ping Command

May 9, 2025 4:10 PM

Tags: cyber, cybersecurity, detection, exploit, ransomware, tactics, windows

Cybersecurity researchers are raising the alarm about a newly discovered commodity ransomware strain dubbedMamona, which is rapidly spreading across Windows systems. Unlike traditional ransomware, Mamona employs a unique set of tactics, notably exploiting the humble Windows “ping” command as a timing mechanism, and operates entirely offline, making detection and response more difficult. Emerging on the…
Threat Actors Leverage Multimedia Systems in Stealthy Vishing Attacks

May 9, 2025 4:10 PM

Tags: attack, cyber, exploit, Internet, phishing, phone, service, social-engineering, tactics, threat, voip

Threat actors have begun exploiting multimedia systems as a pivotal component of their voice phishing (vishing) attacks. Unlike traditional vishing schemes that rely solely on spoofed phone numbers and social engineering tactics, these advanced operations integrate compromised multimedia platforms, such as VoIP (Voice over Internet Protocol) systems and streaming services, to orchestrate highly convincing and…
Double-extortion tactics used in PowerSchool ransomware attack

May 8, 2025 10:10 PM

Tags: attack, extortion, ransomware, tactics

First seen on scworld.com Jump to article: www.scworld.com/news/double-extortion-tactics-used-in-powerschool-ransomware-attack
ESET Reveals How to Spot Fake Calls Demanding Payment for ‘Missed Jury Duty’

May 8, 2025 7:10 PM

Tags: cyber, cybersecurity, government, law, scam, tactics

ESET, a leading cybersecurity firm, has shed light on one particularly insidious scheme: fake calls purportedly from government officials demanding payment for ‘missed jury duty’. Here’s how to identify and protect against these scams. Scammers employing these tactics often impersonate law enforcement officers or court officials, using a blend of urgency and authority to intimidate…
Phishing-Resistant MFA: Why FIDO is Essential

May 8, 2025 11:11 AM

Tags: access, ai, attack, authentication, breach, business, cloud, compliance, credentials, cryptography, cybersecurity, data, data-breach, defense, dora, encryption, exploit, fido, framework, GDPR, Hardware, iam, identity, ISO-27001, malicious, mfa, mobile, network, nist, passkey, password, phishing, phone, ransomware, regulation, risk, service, social-engineering, software, strategy, tactics, technology, theft, threat, tool, unauthorized

Phishing-Resistant MFA: Why FIDO is Essential madhav Thu, 05/08/2025 – 04:47 Phishing attacks are one of the most pervasive and insidious threats, with businesses facing increasingly sophisticated and convincing attacks that exploit human error. Traditional Multi-Factor Authentication (MFA), while a step up from password-only security, is no longer enough to fight modern phishing schemes. Today’s…
OpenCTI: Free Cyber Threat Intelligence Platform for Security Experts

May 8, 2025 11:11 AM

Tags: cyber, intelligence, open-source, tactics, threat

OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically designed to address this need-delivering robust capabilities for cyber threat intelligence (CTI) management and analysis. Created by Filigran, OpenCTI allows organizations to structure, store, and visualize both technical details (like Tactics, Techniques, and Procedures-TTPs-and observables) and non-technical information (such as attribution…
Smishing Triad Upgrades Tools and Tactics for Global Attacks

May 6, 2025 5:50 PM

Tags: attack, china, cybercrime, smishing, tactics, tool

Global smishing campaigns linked to Chinese cybercriminals escalate with Smishing Triad’s new tools and techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/smishing-triad-upgrades-tools/
Smishing on a Massive Scale: ‘Panda Shop’ Chinese Carding Syndicate

May 6, 2025 8:50 AM

Tags: china, cybercrime, group, smishing, tactics

Resecurity found a new smishing kit called ‘Panda Shop,’ mimicking Smishing Triad tactics with improved features and new templates. Resecurity (USA) was the first company to identify the Smishing Triad, a group of Chinese cybercriminals targeting consumers across the globe. In August 2023, our team was able to identify their activity and locate the smishing…
Warning issued to retailers’ CISOs worldwide after three attacks in UK

May 5, 2025 11:50 PM

Tags: access, attack, authentication, ciso, cloud, credentials, defense, detection, intelligence, login, mfa, microsoft, monitoring, network, password, resilience, service, tactics, threat, unauthorized, vpn

Advice to CISOs: In its weekend post, the UK’s NCSC said, “Preparation and resilience does not mean just having good defenses to keep out attackers. No matter how good your defenses are, sometimes the attacker will be successful. It also means detecting threat actors when they are using your employees’ legitimate access (or are on…
Are IoT Devices the New Attack Vector for Ransomware Groups?

May 5, 2025 2:49 PM

Tags: attack, cybersecurity, exploit, group, iot, password, ransomware, tactics, threat, vulnerability

Phosphorus Cybersecurity’s Phillip Wylie on Asset Inventory, Password Hygiene. Organizations inadvertently create cybersecurity gaps by trusting connected devices. Threat actors are shifting tactics to exploit IoT vulnerabilities when traditional attack vectors strengthen, said Phillip Wylie, xIoT security evangelist at Phosphorous Cybersecurity. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/are-iot-devices-new-attack-vector-for-ransomware-groups-a-28280
âš¡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors

May 5, 2025 2:49 PM

Tags: access, ai, backdoor, deep-fake, malware, software, spyware, supply-chain, tactics, threat

What if attackers aren’t breaking in”, they’re already inside, watching, and adapting?This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under new names. The real danger isn’t just the…
12 most innovative launches at RSA 2025

May 5, 2025 8:49 AM

Tags: ai, attack, awareness, ciso, cloud, communications, compliance, control, cyber, cybersecurity, data, deep-fake, detection, email, endpoint, finance, framework, governance, healthcare, identity, insurance, intelligence, login, malicious, network, nist, open-source, openai, phishing, privacy, RedTeam, resilience, risk, risk-analysis, risk-management, saas, service, siem, social-engineering, tactics, threat, tool, training, update, zero-day, zero-trust

AuditBoard: AI governance solution: AuditBoard announced its AI governance solution, designed to help organizations accelerate AI risk management and promote responsible AI adoption. The solution is designed to streamline AI use case intake, review, and approval processes, establish a centralized repository for approved AI models, and dynamically link AI risks to vendors, assets, and controls…
Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

May 4, 2025 8:50 AM

Tags: attack, cyber, cybercrime, cybersecurity, email, exploit, malicious, phishing, social-engineering, tactics, threat

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting U.S. citizens, according to a detailed report from Seqrite Labs. Security researchers have uncovered a malicious campaign exploiting the tax season through sophisticated social engineering tactics, primarily phishing attacks. These cybercriminals are deploying deceptive emails and malicious attachments to steal sensitive…
Threat Actors Use AiTM Attacks with Reverse Proxies to Bypass MFA

May 4, 2025 5:49 AM

Tags: attack, authentication, cyber, cybercrime, defense, mfa, phishing, spam, tactics, threat, training

Cybercriminals are intensifying their efforts to undermine multi-factor authentication (MFA) through adversary-in-the-middle (AiTM) attacks, leveraging reverse proxies to intercept sensitive data. As phishing tactics grow more advanced, traditional defenses like spam filters and user training are proving insufficient. Attackers deploy reverse proxies as intermediary servers to forward victim traffic to legitimate websites, creating an illusion…
BSidesLV24 Proving Ground And What If It Was Hacked? Tactics And Impacts Of Adversarial Machine Learning

May 2, 2025 9:50 PM

Tags: conference, tactics

Author/Presenter: Larissa Fonseca Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/bsideslv24-proving-ground-and-what-if-it-was-hacked-tactics-and-impacts-of-adversarial-machine-learning/
Cybersecurity Snapshot: CISA’s Best Cyber Advice on Securing Cloud, OT, Apps and More

May 2, 2025 6:50 PM

Tags: access, ai, attack, authentication, best-practice, breach, business, cisa, ciso, cloud, computer, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, exploit, firewall, flaw, framework, government, guide, hacker, iam, identity, incident, incident response, infrastructure, injection, international, Internet, iot, kubernetes, login, mfa, microsoft, mitigation, mitre, network, nist, open-source, organized, password, phishing, programming, RedTeam, risk, risk-management, sbom, service, software, sql, supply-chain, tactics, technology, threat, tool, unauthorized, update, usa, vulnerability, vulnerability-management, windows, xss, zero-day

In this special edition of the Cybersecurity Snapshot, we’re highlighting some of the most valuable guidance offered by the U.S. Cybersecurity and Infrastructure Security Agency in the past 12 months. Check out best practices, recommendations and insights on protecting your cloud environments, OT systems, software development processes and more. In case you missed it, here’s…
DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics

May 1, 2025 12:50 PM

Tags: attack, cybersecurity, finance, insurance, malware, phishing, russia, tactics, ukraine

Russian companies have been targeted as part of a large-scale phishing campaign that’s designed to deliver a known malware called DarkWatchman.Targets of the attacks include entities in the media, tourism, finance and insurance, manufacturing, retail, energy, telecom, transport, and biotechnology sectors, Russian cybersecurity company F6 said.The activity is assessed to be the work of a…
Earth Kasha Refines Spear-Phishing Tactics in Espionage Campaign Targeting Taiwan and Japan

May 1, 2025 5:53 AM

Tags: apt, cyber, espionage, group, phishing, spear-phishing, tactics

In a renewed cyber-espionage campaign observed in March 2025, the notorious APT group Earth Kasha, believed to operate First seen on securityonline.info Jump to article: securityonline.info/earth-kasha-refines-spear-phishing-tactics-in-espionage-campaign-targeting-taiwan-and-japan/
Researchers Reveal Threat Actor TTP Patterns and DNS Abuse in Investment Scams

Apr 30, 2025 5:49 PM

Tags: crypto, cyber, cybersecurity, dns, scam, tactics, threat

Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat actors in investment scams, which, according to the Federal Trade Commission (FTC), resulted in a record-breaking loss of US$5.7 billion in 2024-a 24% surge from the previous year. These scams, often disguised as legitimate opportunities such as cryptocurrency exchanges, leverage advanced…
Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks

Apr 30, 2025 5:49 PM

Tags: access, attack, communications, control, cyber, cybersecurity, espionage, group, infrastructure, malware, rat, russia, tactics

Cybersecurity researchers have shed light on a Russian-speaking cyber espionage group called Nebulous Mantis that has deployed a remote access trojan called RomCom RAT since mid-2022.RomCom “employs advanced evasion techniques, including living-off-the-land (LOTL) tactics and encrypted command and control (C2) communications, while continuously evolving its infrastructure leveraging First seen on thehackernews.com Jump to article: thehackernews.com/2025/04/nebulous-mantis-targets-nato-linked.html
Feel Relieved with Effective Least Privilege Tactics

Apr 30, 2025 5:55 AM

Tags: cybersecurity, finance, healthcare, least-privilege, risk, service, strategy, tactics

Why are Least Privilege Tactics Crucial in the Cybersecurity Landscape? The question that frequently arises among cybersecurity experts is, “How can we effectively mitigate these risks?” One noteworthy strategy adopted by professionals across various industries, including financial services, healthcare, and travel, is the use of least privilege tactics. This approach is particularly valuable for organizations……
Phorpiex Botnet Delivers LockBit Ransomware with Automated Tactics

Apr 29, 2025 5:52 PM

Tags: botnet, lockbit, ransomware, tactics

A new ransomware campaign is automating LockBit deployment via the Phorpiex botnet, according to Cybereason First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phorpiex-botnet-delivers-lockbit/
Beyond the Score: Rethinking AI Benchmarks for Real Utility

Apr 28, 2025 9:52 PM

Tags: ai, tactics

Analyzing Measuring What Matters, Not What Models Practice. In the frenzy to top leaderboards, AI teams optimize for benchmarks rather than genuine progress, and as a result, scores on static tests tell us more about a model’s memorization tactics than its ability to navigate real world environments. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/beyond-score-rethinking-ai-benchmarks-for-real-utility-a-28097