Iran Exploits Cyber Domain to Aid Kinetic Strikes
The country deploys “cyber-enabled kinetic targeting” prior to — and following — real-world missile attacks against ships and land-based targets.
-
-
FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams
The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to facilitate account takeover (ATO) fraud schemes. The activity targets individuals, businesses, and organizations of varied sizes and across sectors, the agency said, adding the fraudulent schemes have led to more…
-
Advanced Security Isn’t Stopping Ancient Phishing Tactics
New research reveals that sophisticated phishing attacks consistently bypass traditional enterprise security measures.
-
Cheap Hardware Module Bypasses AMD, Intel Memory Encryption
Researchers built an inexpensive device that circumvents chipmakers’ confidential computing protections and reveals weaknesses in scalable memory encryption.
-
DPRK’s FlexibleFerret Tightens macOS Grip
The actor behind the “Contagious Interview” campaign is continuing to refine its tactics and social engineering scams to wrest credentials from macOS users.
-
Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys
New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code. Cybersecurity company watchTowr Labs said it captured a dataset of over 80,000 files on these sites, uncovering thousands of
-
With Friends Like These: China Spies on Russian IT Orgs
State-linked hackers stayed under the radar by using a variety of commercial cloud services for command-and-control communications.
-
As Gen Z Enters Cybersecurity, Jury Is Out on AI’s Impact
Despite possibly supplanting some young analysts, one Gen Z cybersecurity specialist sees AI helping teach those willing to learn and removing drudge work.
-
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
Cybersecurity researchers are calling attention to a new campaign that’s leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a “critical” Windows security update. “Campaign leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributed via malvertising,” Acronis said in…
-
‘JackFix’ Attack Circumvents ClickFix Mitigations
A new ClickFix variant ratchets up the psychological pressure to 100 and addresses some technical mitigations to classic ClickFix attacks.