Tag: tactics

Mastering SEO for Cybersecurity Entrepreneurs: A Strategic Guide to Dominating Search Rankings

Feb 2, 2025 1:12 AM

Tags: cybersecurity, guide, metric, strategy, tactics

Master fundamentals of SEO to elevate your online presence in 2025. From keyword research and on-page optimization to local SEO tactics, this guide covers essential strategies for entrepreneurs. Learn how to track key metrics, stay updated on the latest trends to drive more traffic and conversions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/mastering-seo-for-cybersecurity-entrepreneurs-a-strategic-guide-to-dominating-search-rankings/
5 Encrypted Attack Predictions for 2025

Feb 1, 2025 9:12 PM

Tags: access, ai, apt, attack, automation, cloud, communications, computer, computing, control, cryptography, cyber, cyberattack, cybercrime, data, data-breach, defense, detection, email, encryption, exploit, government, group, india, infrastructure, intelligence, Internet, malicious, malware, network, phishing, ransomware, risk, service, tactics, technology, threat, update, vpn, zero-trust

The cyberthreat landscape of 2024 was rife with increasingly sophisticated threats, and encryption played a pivotal role”, a staggering 87.2% of threats were hidden in TLS/SSL traffic. The Zscaler cloud blocked 32.1 billion attempted encrypted attacks, a clear demonstration of the growing risk posed by cybercriminals leveraging encryption to evade detection. ThreatLabz reported that malware…
Arcus Media group seen employing advanced tactics

Jan 29, 2025 10:39 PM

Tags: group, tactics

First seen on scworld.com Jump to article: www.scworld.com/brief/arcus-media-group-seen-employing-advanced-tactics
New Hellcat Ransomware Gang Employs Humiliation Tactics

Jan 29, 2025 4:36 PM

Tags: group, network, ransomware, tactics

Cato Networks highlighted how the recently emerged HellCat ransomware group is using novel psychological tactics to court attention and pressurize victims First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hellcat-ransomware-humiliation/
Threat Actors Exploit Government Websites for Phishing

Jan 29, 2025 3:36 PM

Tags: cybercrime, email, exploit, government, phishing, tactics, threat

Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threat-actors-exploit-gov-websites/
Hackers Attacking Windows, macOS, and Linux systems With SparkRAT

Jan 29, 2025 1:36 PM

Tags: cyber, framework, github, government, hacker, linux, macOS, malicious, tactics, threat, windows

Researchers have uncovered new developments in SparkRAT operations, shedding light on its persistent use in malicious campaigns targeting macOS users and government organizations. The findings, detailed in a recent report, underscore the evolving tactics of threat actors leveraging SparkRAT’s modular framework and cross-platform capabilities across Windows, macOS, and Linux. SparkRAT’s Communication Originally released on GitHub…
Hackers Mimic USPS To Deliver Malicious PDF In Attack Targeted Mobile Devices

Jan 28, 2025 11:36 AM

Tags: attack, communications, credentials, cyber, hacker, malicious, mobile, phishing, service, social-engineering, tactics

In a detailed analysis published on January 27, 2025, Zimperium’s zLabs team uncovered a sophisticated phishing campaign targeting mobile devices through malicious PDF files. Disguised as communications from the United States Postal Service (USPS), this campaign employs advanced social engineering and obfuscation tactics to steal user credentials and sensitive data. The campaign reportedly spans more…
New Hacker Group Using 7z UltraVNC Tool to Deploy Malware Evading Detection

Jan 28, 2025 11:36 AM

Tags: apt, attack, cyber, cybersecurity, detection, exploit, group, hacker, malware, military, open-source, russia, tactics, tool

A sophisticated cyber campaign targeting Russian-speaking entities has been identified by cybersecurity researchers, unveiling a deceptive operation imitating the Tactics, Techniques, and Procedures (TTPs) of the Gamaredon APT group. The attackers believed to be part of the GamaCopy group, exploited military-related content as bait, leveraging open-source tools to obscure their activities. The attacks utilized 7z…
GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

Jan 27, 2025 10:03 AM

Tags: attack, cyber, espionage, group, hacking, russia, tactics, threat

A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities.The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.…
Hackers imitate Kremlin-linked group to target Russian entities

Jan 23, 2025 6:22 PM

Tags: group, hacker, hacking, russia, tactics, threat

A little-known hacking group has been mimicking the tactics of a prominent Kremlin-linked threat actor to target Russian-speaking victims, according to new research.]]> First seen on therecord.media Jump to article: therecord.media/hacker-imitates-gamaredon-to-target-russia
Hackers Deliver Ransomware on Windows Via Microsoft Teams Voice Calls

Jan 23, 2025 1:22 PM

Tags: cyber, detection, email, exploit, hacker, microsoft, office, ransomware, social-engineering, sophos, tactics, threat, tool, windows

Sophos X-Ops’ Managed Detection and Response (MDR) team has uncovered two highly active threat actor clusters exploiting Microsoft Office 365 to target organizations. Identified as STAC5143 and STAC5777, these clusters use advanced social engineering tactics, such as email bombing, fake Microsoft Teams tech support calls, and misuse of Microsoft tools, like Quick Assist and Teams’…
Operation (Giá»— Tá»• HÃ¹ng VÆ°Æ¡ng) Hurricane: New OceanLotus Group Revealed in Espionage Campaigns

Jan 23, 2025 5:22 AM

Tags: cyber, espionage, group, tactics

A recent report from Qianxin details the sophisticated cyber-espionage tactics employed by the New OceanLotus group. Active intermittently First seen on securityonline.info Jump to article: securityonline.info/operation-gio-to-hung-vuong-hurricane-new-oceanlotus-group-revealed-in-espionage-campaigns/
Google Cloud Security Threat Horizons Report #11 Is Out!

Jan 22, 2025 11:22 PM

Tags: access, api, apt, attack, authentication, breach, business, cloud, corporate, credentials, cybersecurity, data, detection, exploit, extortion, google, identity, intelligence, leak, mfa, password, phishing, ransomware, service, tactics, theft, threat, tool, vulnerability

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #11 (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9 and #10). My favorite quotes from the report follow below:…
25 on 2025: APAC security thought leaders share their predictions and aspirations

Jan 22, 2025 8:22 PM

Tags: access, advisory, ai, api, attack, authentication, awareness, best-practice, breach, business, ciso, cloud, compliance, control, cryptography, csf, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, data-breach, deep-fake, detection, disinformation, encryption, endpoint, exploit, extortion, finance, framework, fraud, government, group, hacking, Hardware, identity, incident, incident response, infrastructure, injection, intelligence, international, iot, malicious, malware, microsoft, monitoring, network, nist, phishing, privacy, ransomware, regulation, resilience, risk, risk-management, scam, service, skills, social-engineering, software, spear-phishing, strategy, supply-chain, tactics, technology, threat, tool, training, update, vulnerability, warfare, zero-trust

As threat actors and security teams harness the growing potential of artificial intelligence (AI), who will prevail? From generative AI (GenAI) to agentic AI, we look through the lens of 25 of Asia-Pacific’s thought leaders in security and dive into their predictions and goals for the year. src=”https://b2b-contenthub.com/wp-content/uploads/2025/01/Athikom.jpg?quality=50&strip=all” alt=”athikom” loading=”lazy” width=”400px”>Athikom Kanchanavibhu Chief Information Security…
Cybersecurity is tough: 4 steps leaders can take now to reduce team burnout

Jan 22, 2025 7:22 AM

Tags: ai, attack, breach, business, ciso, compliance, control, corporate, cybercrime, cybersecurity, group, incident response, international, jobs, risk, soc, tactics, threat

Working in cybersecurity is only getting harder. Cybercriminals continue to up their game as security teams scramble to catch up with attack tactics and techniques. Organizations put near-impossible demands on their security departments, often with little or no support.The “always-on” nature of many roles in cybersecurity (from SOC analyst to incident response to the CISO)…
Weaponized VS Code Impersonate Zoom App Steals Cookies From Chrome

Jan 22, 2025 7:22 AM

Tags: browser, chrome, cyber, cybercrime, exploit, google, malicious, software, tactics

A newly identified extension for Visual Studio Code (VS Code) has been found to impersonate a legitimate Zoom application, enabling cybercriminals to steal sensitive cookies from Google Chrome. This incident marks a significant escalation in the tactics employed by malicious actors to exploit trusted software ecosystems. The Discovery The nefarious extension, uploaded to the VS…
DLL Sideloading Proxying: New Campaign Delivers Sliver Implants to German Targets

Jan 22, 2025 5:22 AM

Tags: cyber, intelligence, tactics

Cyble Research and Intelligence Labs (CRIL) has uncovered an ongoing cyber campaign targeting German organizations using sophisticated tactics First seen on securityonline.info Jump to article: securityonline.info/dll-sideloading-proxying-new-campaign-delivers-sliver-implants-to-german-targets/
Ransomware groups pose as fake tech support over Teams

Jan 22, 2025 12:22 AM

Tags: group, ransomware, sophos, tactics

A researcher at Sophos told CyberScoop that the company observed these tactics being used against multiple individuals and at least 15 organizations. First seen on cyberscoop.com Jump to article: cyberscoop.com/ransomware-groups-pose-as-fake-tech-support-over-teams/
Email Bombing, ‘Vishing’ Tactics Abound in Microsoft 365 Attacks

Jan 22, 2025 12:22 AM

Tags: attack, email, microsoft, sophos, tactics

Sophos noted more than 15 attacks have been reported during the past three months. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/email-bombing-vishing-tactics-abound-microsoft-365-attacks
Microsoft Teams vishing attacks trick employees into handing over remote access

Jan 21, 2025 9:23 PM

Tags: access, attack, backdoor, control, credentials, cybercrime, data, detection, email, exploit, group, hacking, lockbit, malicious, malware, microsoft, monitoring, network, office, password, phishing, powershell, ransomware, russia, service, social-engineering, sophos, spam, tactics, threat, tool, vpn, windows

Attackers believed to be affiliated with ransomware groups have recently been observed using a technique in which they bombard employees with spam emails and then call them on Microsoft Teams posing as technical support representatives from their organizations.The goal of this formerly uncovered social engineering tactic is to create a sense of urgency and trick…
Forescout Report Detail Hunters International Ransomware Gang Tactics

Jan 21, 2025 5:22 PM

Tags: cybercrime, international, ransomware, service, tactics

An analysis of the operations of Hunters International, the ransomware-as-a-service platform that has been used to compromise more than 200 organizations, conducted by Forescout Technologies reveals the cybercriminal syndicate that created it is employing a wide range of new and old tactics and techniques. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/forescout-report-detail-hunters-international-ransomware-gang-tactics/
Gootloader Malware Employs Blackhat SEO Techniques To Attack Victims

Jan 21, 2025 1:22 PM

Tags: attack, conference, cyber, google, malware, social-engineering, tactics, wordpress

The Gootloader malware family employs sophisticated social engineering tactics to infiltrate computers. By leveraging compromised legitimate WordPress websites, Gootloader’s operators manipulate Google search results to redirect users to a deceptive online message board. They link the malware to a simulated conversation featuring fictitious users, effectively answering the exact queries victims input into search engines. Investigate…
Star Blizzard Shifts Tactics: Spear-Phishing Campaign Targets WhatsApp Accounts

Jan 20, 2025 5:22 AM

Tags: blizzard, intelligence, microsoft, phishing, russia, spear-phishing, tactics, threat

Microsoft Threat Intelligence has uncovered a new spear-phishing campaign orchestrated by the Russian threat actor known as Star First seen on securityonline.info Jump to article: securityonline.info/star-blizzard-shifts-tactics-spear-phishing-campaign-targets-whatsapp-accounts/
US hits back against China’s Salt Typhoon group

Jan 18, 2025 5:22 AM

Tags: attack, backdoor, china, cisa, ciso, communications, computer, control, crypto, cve, cyber, cyberattack, cybersecurity, defense, detection, disinformation, espionage, exploit, finance, government, group, infosec, infrastructure, intelligence, ivanti, law, malicious, mandiant, microsoft, network, north-korea, office, tactics, technology, theft, threat, tool, vpn, vulnerability

The US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.On Friday the Department of the Treasury’s Office of Foreign Assets Control (OFAC) said it is sanctioning Sichuan Juxinhe Network Technology, a…
Black Basta-Style Cyberattack Hits Inboxes with 1,165 Emails in 90 Minutes

Jan 15, 2025 9:02 PM

Tags: cyberattack, email, group, ransomware, tactics

A recent cyberattack, mimicking the tactics of the notorious Black Basta ransomware group, targeted one of SlashNext’s clients…. First seen on hackread.com Jump to article: hackread.com/black-basta-cyberattack-hits-inboxes-with-1165-emails/
Stop wasting money on ineffective threat intelligence: 5 mistakes to avoid

Jan 15, 2025 8:02 AM

Tags: business, ciso, compliance, cyber, cybersecurity, data, detection, edr, finance, group, incident response, infrastructure, intelligence, jobs, malware, monitoring, risk, risk-management, siem, soc, strategy, tactics, technology, threat, tool, update, vulnerability, vulnerability-management

Strong capabilities in cyber threat intelligence (CTI) can help take a cybersecurity program to the next level on many different fronts. When organizations choose quality sources of threat intelligence that are relevant to their technology environments and their business context, these external sources can not only power swifter threat detection but also help leaders better…
What 2024 taught us about security vulnerabilties

Jan 14, 2025 8:46 AM

Tags: exploit, Hardware, software, tactics, threat, vulnerability, zero-day

From zero-day exploits to weaknesses in widely used software and hardware, the vulnerabilities uncovered last year underscore threat actors’ tactics and the critical … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/14/cybersecurity-vulnerabilities-2024/
Inside a 90-Minute Attack: Breaking Ground with All-New AI Defeating Black Basta Tactics

Jan 14, 2025 8:46 AM

Tags: ai, attack, cyberattack, group, tactics

Have you ever had your lunch interrupted by a sudden barrage of security alerts? That’s exactly what happened to one of our clients when a frantic call from their Security Operations Center revealed a flood of suspicious emails. The culprit? A brand-new cyberattack mimicking the notorious Black Basta group’s latest technique”, and it hit with…
Hackers Using YouTube Links and Microsoft 365 Themes to Steal Logins

Jan 13, 2025 12:26 PM

Tags: attack, cyber, cybercrime, hacker, login, malicious, microsoft, password, phishing, social-engineering, tactics

Cybercriminals are executing sophisticated phishing attacks targeting Microsoft 365 users by employing deceptive URLs that closely resemble legitimate O365 domains, creating a high degree of trust with unsuspecting victims. The attackers leverage social engineering tactics, often claiming imminent password expiration, to induce panic and pressure users into clicking malicious links. Upon clicking, users are redirected…
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics

Jan 10, 2025 2:18 PM

Tags: ai, cybersecurity, data, encryption, extortion, group, hacker, intelligence, ransom, ransomware, tactics, theft

Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date.”The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms,” Check Point Research said in a new report…