Contents: News Analysis Events News: Ransomhub ransomware gang claims the hack of Mexican government legal Affairs Office https://securityaffairs.com/171257/data-breach/mexico-suffers-ransomware-attack.html The Ransomhub ransomware group has claimed responsibility for a cyberattack targeting Mexico’s Legal Affairs Office, alleging it has exfiltrated critical government documents. The group is threatening to …
Please join us in welcoming our newest CyAN member, Subela Bhatia, from the UAE! Subela is a seasoned business development and sales professional with diverse experience across IT, FMCG, express, and healthcare sectors. With over 17 years of experience, she has led cybersecurity/technology training and …
Si Vis Pacem…
A recent article published in the Frankfurter Allgemeine Zeitung (FAZ – soft paywall) about Germany’s “Operationsplan Deutschland” (English version of the informational brochure here), or OPLAN DEU, has drawn media attention to escalating tensions between the EU and aligned countries, and Russia, accelerated since Russia’s 2022 invasion of Ukraine. The operational plan is a national defense contingency plan created “in response to the aggravated security situation in Europe“.
Arguably, this type of plan is necessary regardless of Russia’s aggressive posture. European defense spending and preparedness have lagged since the end of the Cold War; although German spending has grown in absolute terms over the past decade, it has declined significantly as a percentage of GDP (Macrotrends.net).
Russian hostile acts against or in countries it perceives as adversaries include the 2018 assassination attempt on British soil against a former Russian spy, a threat by former Russian president and prime minister, and current deputy chairman of Security Council of Russia Dimitri Medvedev about sabotage of undersea communications cables, a foiled plot to assassinate the Rheinmetall CEO, interference in the 2016, 2020 (pdf), and 2024 US presidential elections, a likely 2024 arson attack on a German munitions-related firm, numerous disinformation campaigns (some examples from the Germany interior ministry), alleged sabotage of several European television satellites, to name a few examples.
The FAZ article was predictably represented on Kremlin-controlled website Russia Today as “German army warning companies of war with Russia” – interestingly, the “Ukrainian Military Center” Public Organization (Militarnyi) published an article titled with a very similar tone. Both make the German government recommendations sound more pressing (which in my opinion they should be) than an absolutely necessary and advisable, even routine part of ensuring critical industry and infrastructure is prepared for eventualities. At the same time, both Sweden and Finland, two countries accustomed to dealing with threats from their neighbor, have issued war preparedness pamphlets to their citizens as part of a more immediate crisis readiness plan.
Don’t Forget the “Cyber” Aspect
So, where does “cybersecurity”, as in a big part of CyAN’s very raison d’être, fit into this?
Many of the sample articles and information pieces I linked to above refer to Russian “hybrid warfare”. In the information space, this includes Russian government tolerance and even support for malicious cyber actors, including run-of-the-mill criminal APT groups. The Natto Thoughts team have covered this topic well in multiple articles. It entails digital sabotage, denial of service operations, espionage, and other active measures (e.g. the Sandworm/APT44 group prominent for its 2022-23 attacks on Ukrainian power infrastructure, but operating since 2008).
Russia has engaged in extensive social media disinformation campaigns, election interference, online defamation and threats against disinformation researchers, and other acts designed to damage the digital economy and confidence in democratic processes and institutions. CyAN is dedicated to supporting information security, and online trust and safety. As such, any systemic threat to these aspects of liberal democratic society is of interest to CyAN. Q.E.D.
Since the early 2000s, we’ve seen a gradual increase in the level of awareness and preparedness, from citizens, government, and companies, in the cyber-defense arena. The creation of the ISAC model in the US, with coordination bodies such as the US National Council of ISACs and Empowering EU ISACs initiatives, has improved intra- and inter-industry coordination and information sharing. Various national cybersecurity centres, public-private initiatives such as the UK NCSC’s Industry 100 Programme and US NCCIC (pdf) bring together commercial-sector and government specialists, including for more transparent and seamless sharing of classified information.
Exercises involving both public and private domains, such as the NATO-and-friends annual Locked Shields simulation run by the CCDCOE in Estonia, help identify gaps and enhance cooperation. Actionable guidance to industry, such as ENISA’s excellent ISAC in a Box toolkit, public institution-led critical sector cooperation bodies such as the European Central bank’s CIISI group for key financial market infrastructure actors, and various national crisis coordination bodies such as Germany’s UP-KRITIS group organized by the German cybersecurity agency BSI also stimulate and enable active cooperation and preparation at a national level. TIBER (Threat Intelligence Based Ethical Red Teaming) forces key financial sector firms to toughen up their defense.
What’s Next?
There’s much more to do, though. I wrote an article about the need for improved and more active public-private cooperation in the area of national cyber defense for CyCon 2022 (my talk is here – starts around 50:00 if you have a few minutes to admire my choice of conference wardrobe). While it’s clear that any activity tasked with something as important as national and regional cyber-defense must be cautious about factors such as whom it admits and trusts, sharing of classified information, cost and resources, and respect for legal restrictions, we could do a lot more as a society (not just a collection of individual countries) to prepare for, and respond to, state actors who seek to destabilize and undermine us.
In my view, the “to-dos” fall primarily into three main heavily overlapping categories:
Awareness and Education
Western governments can and should do a much better job explaining to both citizens and companies what cyber-threats they face – not only to their daily lives, but also to the functioning of their economy and democratic institutions. There are already many great resources; Europe would benefit from standardized information and education channels and content.
Who are the actors? What motivates them? What kinds of threats can they face? Finland’s media literacy school curriculum is a great example of how to prepare young people to critically approach (dis-/mis-)information they will face online. Making information about risks, threats, and good practices more easily available to citizens through active outreach would be a good start.
Education and mentorship of new information security professionals is another issue. While the shortage of skilled security experts is an ongoing trope, and stress/burnout of staff from technicians to CISOs has been rising to frightening degrees (a big shoutout to CyAN’s “sister” organization dedicated to improving mental health in the cybersecurity industry, CyberMindz), much of the activity aimed at addressing these challenges seems to consist of cranking out more cybersecurity graduates. Meanwhile, recruiting remains a complex process, many new career entrants lack access to the kind of multidisciplinary experience-gathering opportunities and mentorship that are vital for building true experience, and company traineeship programs are often disconnected and inconsistent.
Helping to solve this is a role tailor-made for national and EU public sector agencies. A major part of government’s role should be to provide opportunity- and prosperity-building initiatives that on their own would not be profitable for industry to run. This could include, for example, giving tax incentives for hiring and paying new graduates as part of training programs, bringing academia and industry together at new talent events, encouraging and sponsoring industry mentorship initiatives, even providing guidelines for just how to better encourage the development and retention of talent.
Better communication of expectations, for example of senior corporate leadership, also presents great opportunities. European cybersecurity-related regulation such as the NIS2 Directive and Digital Operational Resilience Act are generally pretty well written, but create significant overhead for a lot of firms; based on the same principles of accessibility and clarity that make the ISACs in a Box toolkit so powerful and useful, agencies like ENISA can do more to not only issue actionable, practical mini-guidance, but to proactively provide easily navigable collections of these, especially to small and midsize firms, as well as local and regional governments.
There are many small business resources that provide cybersecurity hygiene and risk management best practices. These are frequently inconsistent, badly updated, and hard to find. Providing a simple “meta view” for smaller and less mature firms, alongside easy-to-follow checklists under an “80-20” approach (fix 80% of problems with 20% of the effort, figure out how to make things perfect once you’ve done that) would go a long way towards making security practices more accessible.
Channel / Process Identification, Use, and Creation
In short: all the above, and more. ISACs, critical infrastructure get-togethers, newsletters for senior leadership, exercises and testing, and good practices communiqués are all important. We need more of these. Similarly, there are not enough inter-industry forums for sharing cyber-threat intelligence or good practices at an operational, hands-on level. Conferences and lectures only go so far; people learn better from interaction than passive consumption of information, hands down.
A concrete, highly anecdotal example that is relevant for private citizens: my small Catalan village neighborhood has its own WhatsApp group, in addition to the overall town group – a large percentage of residents subscribe, and sometimes contribute, to these. It’s a resource they understand and trust. At the same time, very few of my neighbors realize just how much disinformation they face on Facebook and other Internet forums, especially around election time, or what kinds of cybercrime they are at risk of. Rather than creating informational websites (to directly quote a friend currently working for a major national cybersecurity center, “oh god, not another portal”), why not seek to identify and contribute to these? Issue simple flyers to local governments to share with their citizens through proven, reliable means.
In my opinion, the single biggest gap in European public-private cybersecurity capabilities is the unconditional provision of forums and channels to private sector organizations seeking cooperation and guidance. Especially at EU level, coordination and communication tend to be extremely focused on member-state verticals such as national CERTs and cybersecurity agencies. ISACs are a superb way of democratizing and streamlining alerts and information for companies, local governments, NGOs, and educational organizations.
Such coordination initiatives need money for expenses like analysts, coordinators, events, and communications resources. Funding can only come through a) government contributions, b) membership dues, c) sponsorships, and d) donations. B) and c) bear major logistical challenges, d) is undependable, leaving a) – as anyone who has ever applied to an EU Horizon grant can attest, this is a very challenging undertaking. Governments prefer to invest in shiny new things rather than funding boring, existing initiatives that work. Why is that? Even just creating and running mailing lists, get-togethers for intelligence analysts and specialists,
Preparation
Again, more please. No plan survives first contact with the enemy. Practice makes perfect. Insert additional clichés and mix to taste.
TIBER should be expanded to more of the many critical industry verticals defined in NIS2 – and made lightweight and more accessible for smaller firms, if possible. Locked Shields is a massive, complex undertaking – but cyber-range and table-top (TTX) exercises are nothing new, and could be offered in much less cost- and time-intensive “mini-versions”.
For private citizens, this becomes a bit trickier; for example, one could offer fairly harmless individual versions of the common corporate fake phishing email to citizens, or create simple, fun quizzes to disseminate via known channels, see above.
In short, make testing simple, affordable, and accessible, be ruthless about exposing gaps, and make remediating shortfalls as painless as possible.
Conclusion
We should not have to deal with this. Cybercrime and -abuse are a serious issue even without atavistic state actors entering the picture.
Some initiatives already exist to help build society- and industry-wide cybersecurity maturity and resilience. These should be lauded and expanded. The same applies to sectors, such as the financial industry as well as oil & natural gas, which have a comparatively high degree of security capability – the mistakes and innovations these verticals have undergone can help other, less cybersecurity-evolved industries, reach a higher degree of readiness and robustness more rapidly.
At the same time, there are a lot of simple, low-cost opportunities for dramatically enhancing our ability to cope with malicious information campaigns that are part of essentially hybrid warfare. Much of this is nothing more than identifying and expanding existing resources, sharing information, and coordinating between activities to ensure that private citizens, businesses, as well as democratic institutions and free markets across the liberal world are less vulnerable to hostile cyber-acts.
Also, I want a pony.
Please welcome our newest member from Belgium, Didier Annet! Didier Annet brings nearly 30 years of experience in information technology, with a deep specialization in cyber resilience. His expertise focuses on safeguarding critical enterprise data through the development of Cyber Recovery Plans and the design …
Mohit Makhija is a cyber assurance lead for a fintech company, holding a CISM certification with 8 years of extensive experience in cyber assurance, risk management, compliance, and third-party risk management. He has worked with American and Australian financial institutions, advising them on managing third-party …
Black Friday turning into Black Fraud Day, says UK cybersecurity chief
The UK’s cybersecurity chief has sounded an alarm over the growing risks of Black Friday, warning that cybercriminals are exploiting the shopping frenzy to conduct widespread online fraud. Tactics like phishing emails, counterfeit websites, and fraudulent ads are being used to harvest payment details and personal data.
Shoppers are urged to verify links, use secure payment methods, and scrutinise deals that seem too good to be true. Businesses, meanwhile, must strengthen their cybersecurity protocols to guard against increasingly sophisticated threats. With online shopping surging, this stark warning highlights the need for heightened vigilance and proactive defences to protect consumers and commerce alike.
US space tech giant Maxar discloses employee data breach
Maxar, a leading US space technology company, has disclosed a breach affecting employee data, caused by a third-party vendor compromise. Exposed information includes Social Security numbers, personal contact details, and other sensitive data. Maxar has responded with mitigation measures, including identity theft protection services for affected individuals.
This breach underscores the escalating risks posed by supply chain vulnerabilities, where external partnerships become critical points of failure. As cyber threats grow, the incident serves as a reminder of the importance of robust vendor security and proactive risk management.
Jen Easterly, CISA Director, to Step Down on Inauguration Day
Jen Easterly, the highly regarded Director of the US Cybersecurity and Infrastructure Security Agency (CISA), has announced her resignation, effective on Inauguration Day. During her tenure, Easterly spearheaded efforts to enhance critical infrastructure protections and build strong public-private cybersecurity partnerships.
Her departure comes at a pivotal time, as CISA faces growing threats from ransomware, nation-state actors, and emerging vulnerabilities. This leadership transition raises concerns about the agency’s ability to maintain its momentum and adapt to evolving challenges. With cyber risks escalating, Easterly’s successor will inherit significant responsibility in securing the nation’s digital landscape.
US charges Phobos ransomware admin after South Korea extradition
US prosecutors have charged an alleged administrator of the Phobos ransomware group following their extradition from South Korea. The individual is accused of orchestrating ransomware attacks that encrypted victims’ data and demanded cryptocurrency payments for decryption keys. This case highlights the success of international cooperation in combating ransomware and bringing cybercriminals to justice. It also underscores the growing need for coordinated global action against threat actors targeting organisations worldwide. The indictment sends a strong message to ransomware operators, reinforcing the importance of holding perpetrators accountable.
Palo Alto Networks Patches Critical Zero-Day Firewall Bug
Palo Alto Networks has patched a critical zero-day vulnerability in its firewalls that was being actively exploited by attackers. The flaw allowed threat actors to bypass security measures and gain unauthorised access to networks, posing significant risks to organisations relying on these devices. This incident highlights the urgency of applying security updates promptly to address vulnerabilities before they are exploited. Organisations are urged to patch their systems immediately to mitigate exposure. The case underscores the vital role of vendor responsiveness and proactive cybersecurity measures in safeguarding enterprise networks.
New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers
https://thehackernews.com/2024/11/new-stealthy-babbleloader-malware.html
BabbleLoader, a newly identified malware variant, has been observed delivering WhiteSnake and Meduza stealers, which target credentials, financial data, and other sensitive information. This malware employs advanced evasion techniques to bypass detection, making it a formidable threat. Researchers warn that BabbleLoader’s stealth capabilities highlight the increasing sophistication of modern malware campaigns.
Organisations are advised to enhance endpoint security, deploy layered defences, and monitor systems proactively to mitigate risks posed by this emerging threat.
Fake Bitwarden ads on Facebook push info-stealing Chrome extension
Cybercriminals are exploiting fake Bitwarden ads on Facebook to distribute malicious Chrome extensions that steal sensitive credentials and personal data. These fraudulent extensions mimic legitimate Bitwarden software, tricking users into downloading compromised versions that expose their information to attackers.
Researchers warn that this is a sophisticated social engineering tactic, targeting unsuspecting users by exploiting trust in reputable brands. Facebook is under scrutiny for inadequate ad vetting, highlighting the need for stronger platform security. Users are advised to verify software sources and use official sites to ensure their safety from deceptive campaigns.
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
https://thehackernews.com/2024/11/warning-deepdata-malware-exploiting.html
The DEEPDATA malware is actively targeting an unpatched vulnerability in Fortinet VPN appliances to steal sensitive credentials, creating a significant threat to organisations reliant on these devices. By exploiting this flaw, attackers can infiltrate networks, access critical systems, and potentially exfiltrate valuable data. Fortinet has urged users to update their systems, but reports indicate many devices remain vulnerable, leaving networks exposed to exploitation. This incident highlights the escalating risks posed by unpatched software, as threat actors increasingly focus on widely used solutions to maximise their impact. Proactive patching and effective vulnerability management are critical in addressing these evolving threats.
NSO group used WhatsApp exploits even after Meta-owned company sued it
New evidence reveals that the NSO Group continued deploying Pegasus spyware using WhatsApp exploits even after being sued by Meta. These exploits targeted journalists, activists, and political figures, reinforcing concerns over Pegasus’s role in global surveillance. Despite WhatsApp’s efforts to secure its platform and ongoing litigation, NSO’s persistence highlights the challenges of combating sophisticated spyware developers.
This case raises critical questions about tech accountability, privacy protections, and the effectiveness of existing legal frameworks to deter unethical surveillance practices. The revelations also underscore the need for stronger international cooperation to address the misuse of powerful surveillance tools in a rapidly evolving digital landscape.
Phishing emails increasingly use SVG attachments to evade detection
Phishing campaigns are increasingly leveraging SVG attachments to evade email security filters, embedding malicious links or scripts that redirect recipients to phishing sites. These seemingly harmless files exploit weaknesses in traditional detection methods, making it difficult for automated defences to identify and block the threats. The tactic is particularly effective at stealing credentials or delivering malware.
Security researchers stress the importance of adapting email security protocols and educating employees about recognising suspicious attachments. This evolution in phishing highlights the adaptability of attackers as they continuously innovate to bypass protective measures and exploit unsuspecting users.
Cybersecurity dominates concerns among the C-suite, small businesses and the nation
Cybersecurity has emerged as a top priority for leaders at all levels, from C-suite executives to small business owners, as increasingly frequent and costly cyberattacks reshape the threat landscape. This shift underscores cybersecurity’s critical role as both an operational safeguard and a strategic imperative. Small businesses, often lacking resources and expertise, are especially vulnerable to attacks, while larger organisations focus on resilience and regulatory compliance.
The report highlights the need for cybersecurity to transcend IT departments, becoming a collaborative, organisation-wide effort. By integrating cybersecurity into every layer of decision-making, leaders can ensure greater economic and operational stability while addressing the ever-evolving risks of a digital-first world.
Security plugin flaw in millions of WordPress sites gives admin access
A critical flaw in a widely used WordPress security plugin has exposed millions of websites to potential takeover by unauthorised users, granting admin-level access. Exploiting this vulnerability allows attackers to deface sites, steal sensitive data, or inject malicious code, significantly compromising website functionality and user trust. Administrators are strongly urged to update affected plugins immediately to reduce risks and prevent exploitation.
This incident underscores the persistent dangers posed by vulnerabilities in third-party plugins, which remain a common entry point for attackers. It also highlights the need for proactive monitoring, regular updates, and stringent security practices to defend against increasingly sophisticated threats targeting popular website platforms.
EDR and cyber logging: Preparing for the next big cybersecurity guidance
Endpoint detection and response (EDR) and advanced cyber logging are becoming increasingly critical as cybersecurity regulations evolve, offering improved visibility into network activity and enabling faster threat detection and response. These technologies are vital for meeting anticipated regulatory shifts that prioritise detailed data logging and operational security.
Proactively adopting EDR and logging solutions strengthens organisational defences, reduces downtime, and ensures compliance with emerging standards. As cyber threats grow more sophisticated, integrating advanced monitoring is essential for maintaining resilience, enhancing compliance, and mitigating risks in an evolving threat landscape.
US Prosecutors Charge Hackers in Snowflake Data Theft
https://www.databreachtoday.com/us-prosecutors-charge-hackers-in-snowflake-data-theft-a-26805
Hackers involved in a significant data theft targeting Snowflake’s cloud platform have been charged by US prosecutors, spotlighting the rising risks of cybercrime in cloud environments. The attackers allegedly exploited vulnerabilities to access sensitive customer data, emphasising the critical importance of implementing robust defences in cloud systems.
Snowflake has since enhanced its security measures, but the case underscores the persistent threats targeting cloud infrastructure. This legal action sends a strong message to cybercriminals while highlighting the need for proactive security practices. As reliance on cloud services grows, addressing vulnerabilities and improving defences is vital to safeguarding data and maintaining customer trust.
National cyber director calls for streamlined security regulations
https://www.cybersecuritydive.com/news/national-cyber-director-streamlined-regulations/732950/
The US National Cyber Director has urged for streamlined cybersecurity regulations to reduce complexity and foster greater compliance across industries. Current frameworks, fragmented across jurisdictions, often lead to confusion and inefficiencies, hampering organisational efforts to implement robust defences. Simplifying these policies would allow businesses to allocate resources more effectively and improve national resilience against evolving threats. This initiative reflects growing recognition that disjointed regulations hinder progress. A unified, well-coordinated strategy is critical to addressing increasingly sophisticated cyber challenges while supporting economic and operational security.
The cybersecurity provider’s next opportunity: Making AI safer
AI’s rapid adoption has introduced new vulnerabilities, making cybersecurity vital for protecting AI systems against threats like adversarial attacks and data poisoning. This McKinsey analysis examines how providers can address these risks to position themselves as leaders in AI security. Developing robust tools and frameworks to safeguard AI represents both a technical challenge and a lucrative market opportunity.
By prioritising AI security, organisations can build trust, foster innovation, and ensure AI’s potential is leveraged safely. The article underscores the importance of balancing progress with ethical standards, enabling an AI-driven future that prioritises safety and resilience in increasingly complex threat landscapes.
How Generative AI Will Change Jobs In Cybersecurity
Generative AI is transforming cybersecurity roles by automating tasks like threat detection and incident analysis, allowing professionals to focus on strategic challenges and creative problem-solving. This article explores how AI tools enable cybersecurity teams to address complex threats more effectively while leveraging advanced technologies to streamline operations. However, the shift demands significant reskilling, as understanding and integrating AI tools becomes essential for success. The evolution signals a future where adaptability, technical fluency, and innovation define cybersecurity roles, with AI acting as a powerful ally in combating sophisticated cyber threats and improving resilience.
Washington’s Cybersecurity Storm of Complacency
https://www.darkreading.com/vulnerabilities-threats/washingtons-cybersecurity-storm-complacency
Washington faces growing criticism for its fragmented and complacent approach to cybersecurity, leaving critical systems exposed to escalating threats. Insufficient regulatory coordination and enforcement have created gaps that adversaries exploit, endangering vital infrastructure. This article urges policymakers to address systemic weaknesses by adopting unified strategies that prioritise national security and strengthen defences.
Without decisive action, the US risks falling behind in countering cyber threats, jeopardising both economic stability and global competitiveness. Comprehensive reforms are essential to secure critical systems and maintain resilience in a rapidly evolving threat landscape.
With over 25 years of experience in cybersecurity and 30+ years in ICT, Shantanu Bhattacharya brings unparalleled expertise to our community. His impressive career includes delivering products, managing programs, and leading product architecture and review at prominent organizations such as Siemens, Infosys, Cognizant, and various …
Henry Rõigas is the Founder and CEO of evisec.xyz (@evisec), a cybersecurity research and consulting firm delivering evidence-based analysis for security leaders. He is also the lead author of evisec’s Cybersecurity Research Digest, a weekly cybersecurity trends overview. Alongside his work at evisec, Henry is …
NSO – not government clients – operates its spyware, legal documents
https://www.theguardian.com/technology/2024/nov/14/nso-pegasus-spyware-whatsapp
New legal documents suggest that NSO Group, not its government clients, operates the Pegasus spyware used to hack into devices. This claim contradicts NSO’s public stance that only authorised government entities handle its software, sparking fresh controversy over the company’s practices.
Filed as part of an ongoing lawsuit, these revelations may lead to intensified scrutiny from international regulators, especially given allegations of human rights abuses tied to Pegasus. If NSO is proven to be in control, it could face legal and diplomatic consequences, as Pegasus has been used against journalists, activists, and political dissidents worldwide.
‘’FYI. A Warrant Isn’t Needed’: Secret Service Says You Agreed To Be Tracked With Location Data
https://www.404media.co/email/f2c5d31b-44a5-4970-a7e6-4e3542b14bb0
Documents obtained by 404 Media reveal the US Secret Service’s claim that individuals implicitly consent to location tracking simply by using apps or services that gather location data. As a result, the agency asserts it does not need a warrant to access this information, sparking debates about consent and privacy. Privacy advocates argue that this broad interpretation infringes on citizens’ rights and lacks transparency, especially since many users may not be fully aware of how their data is accessed. The stance raises questions about data collection practices, privacy boundaries, and the balance between surveillance and individual rights.
More Spyware, Fewer Rules: What Trump’s Return Means for US Cybersecurity
https://www.wired.com/story/trump-administration-cybersecurity-policy-reversals/
Donald Trump’s returns to the US presidency, could mean sweeping changes to cybersecurity policy, including fewer restrictions on government spyware use. During his previous term, Trump’s administration took a lenient approach toward surveillance, potentially allowing law enforcement agencies broader powers.
Experts warn that a similar policy shift could prioritise surveillance capabilities at the expense of privacy protections, impacting both domestic and international cybersecurity practices. Such changes could lead to increased use of cyber tools for intelligence gathering, intensifying the privacy-security debate and raising concerns among rights advocates and tech industry leaders alike.
Idaho Man Gets 10 Years for Hacking, Cyber Extortion
https://www.darkreading.com/cyber-risk/idaho-man-10-years-hacking-cyber-extortion
An Idaho (US) man has been sentenced to a decade in prison for hacking into private data and extorting victims for financial gain, a significant penalty that reflects the seriousness of cyber extortion. The convicted hacker used illegal access to extract sensitive information, demanding money to avoid data leaks.
The case is part of a growing trend of law enforcement clamping down on cyber extortionists, as courts recognise the damaging impacts these crimes have on individuals and businesses. This sentence sends a strong message to others involved in cybercrime: exploiting cyber vulnerabilities for personal gain will have serious legal consequences.
Global cybersecurity alert reveals surge in zero-day exploits targeting high-priority networks in 2023
A global alert has been issued in response to a sharp rise in zero-day exploits in 2023, particularly targeting high-priority networks and critical infrastructure. These exploits, often orchestrated by state-sponsored groups and sophisticated cybercriminals, are challenging traditional defences as they exploit undisclosed vulnerabilities.
Experts warn that this surge calls for proactive detection and stronger international collaboration, as unpatched systems in sectors like energy, finance, and healthcare are at high risk. The alert emphasises the urgent need for organisations to improve patch management, threat intelligence, and cross-border security cooperation to combat these rapidly evolving threats.
(Australian) coalition demands split of privacy package
https://www.innovationaus.com/coalition-demands-split-of-privacy-package
Australia’s Coalition has called for the privacy reform package to be split into separate bills, arguing that the current omnibus proposal is too complex for effective debate and passage. The proposed reforms aim to modernise Australia’s data protection laws, including stronger data handling standards and enhanced transparency requirements. Splitting the bill could delay the reforms, a concern for privacy advocates who see urgent need for updates in a data-driven world. The move has sparked debate in parliament, with the Coalition arguing for careful consideration of each component, while others urge swift action to protect Australians’ personal data.
China-Linked Threat Actors Compromised Multiple Telcos and Spied on a Limited Number of U.S. Government Officials
China-linked threat actors have reportedly compromised several telecommunications providers, using access to spy on a limited number of US government officials. The breach highlights the ongoing cybersecurity risks from state-sponsored groups targeting critical infrastructure. The targeted espionage underscores how valuable telecommunications data is for intelligence operations, particularly data linked to government communications. This incident adds to growing tensions over cyber-espionage and emphasises the need for stronger international cyber defences, as telecom networks remain prime targets for nation-state actors seeking strategic intelligence advantages.
New Glove infostealer malware bypasses Chrome’s cookie encryption
A new malware known as Glove has emerged, capable of bypassing Google Chrome’s cookie encryption to access stored user data, including login information. This infostealer is particularly dangerous, as it allows attackers to hijack user sessions and potentially take over accounts without direct access to login credentials.
Security researchers warn that Glove represents a sophisticated threat in the landscape of browser-based attacks, as traditional encryption measures prove ineffective. Chrome users are advised to stay vigilant, as this malware’s capabilities show the evolving tactics of cybercriminals targeting sensitive information via commonly used browsers.
White House Slams Russia Over Ransomware’s Healthcare Hits
https://www.databreachtoday.com/white-house-slams-russia-over-ransomwares-healthcare-hits-a-26781
The White House has issued a strong condemnation of Russia-linked ransomware groups for targeting US healthcare providers, citing the significant risks these attacks pose to patient care and safety. The attacks have disrupted hospital operations, endangering lives and raising ethical concerns. The US government is urging Russia to address ransomware activity originating from within its borders, as healthcare systems remain vulnerable. This statement reflects the geopolitical tensions surrounding ransomware and the White House’s emphasis on protecting critical infrastructure from cyber threats that have human costs, especially in vital sectors like healthcare.
Pregnancy Tracking App ‘What to Expect’ Refuses to Fix Issue that Allows Full Account Takeover
https://www.404media.co/email/cca2549a-70fc-4567-bd2d-efee4243ad1f
The What to Expect pregnancy tracking app is under fire for refusing to fix a security vulnerability that enables full account takeover, putting users’ sensitive data at risk. Despite reports of this flaw, the app’s developers have yet to implement a solution, raising concerns over the protection of users’ personal and health information.
Privacy advocates argue that this inaction reflects a disregard for user safety and responsibility, especially given the sensitive nature of health-related apps. The incident underscores the broader risks associated with health apps that fail to prioritise adequate security measures, leaving users vulnerable to potential data breaches.
Nearly 40% of Aussie kids aged between 16 and 18 use ChatGPT
A recent study highlights that nearly 40% of Australian teenagers aged 16-18 are actively using ChatGPT, primarily for academic support. While AI tools like ChatGPT can aid in learning, the findings raise concerns regarding privacy, data security, and the potential impact on students’ independent thinking. Experts worry about AI dependency among teens and call for stricter privacy guidelines to safeguard underage users’ data.
This report underscores the importance of developing responsible AI policies to address both the benefits and risks of widespread AI usage in educational contexts, especially among younger users who may not fully grasp data privacy implications.
A new iOS 18 security feature makes it harder for police to unlock iPhones
With iOS 18, Apple introduces a security feature that requires iPhones to reboot after extended inactivity, complicating law enforcement’s ability to unlock devices without user cooperation. This update, which aims to protect user privacy, is seen by privacy advocates as a positive step in securing personal data against unauthorised access.
However, some law enforcement agencies argue it impedes investigations, sparking debate over balancing privacy rights with investigative needs. Apple’s approach reaffirms its dedication to user privacy, marking another milestone in its stance on protecting data against potential overreach by government authorities while preserving consumer trust.
New Ymir ransomware partners with RustyStealer in attacks
The newly surfaced Ymir ransomware strain has teamed up with RustyStealer malware, merging ransomware capabilities with credential theft for a more potent attack. By stealing user credentials and deploying ransomware simultaneously, Ymir increases its financial and operational impact on targeted organisations. Cybersecurity experts highlight that such partnerships between malware strains reflect a concerning trend in the cybercrime ecosystem, with criminals pooling resources for devastating attacks. Organisations are urged to adopt multi-layered defences and remain vigilant, as this dual-pronged threat underscores the need for comprehensive protection against sophisticated, multi-vector cyber threats.
Amazon Discloses Employee Data Breach Aft4er May 2023 MoveIT Attacks
Amazon has revealed a data breach involving employee information following the MOVEit vulnerability exploitation in May 2023. The attack exposed sensitive data, underscoring the significant risks associated with third-party software vulnerabilities in widely used platforms. In response, Amazon is working to bolster its security posture to prevent similar incidents. This breach serves as a critical reminder of the importance of third-party risk management and timely patching, even for large organisations, as vulnerabilities in essential software platforms remain a prevalent attack vector for cybercriminals looking to exploit weak links in corporate digital ecosystems.
Malicious Python Package Exfiltrates AWS Credentials
https://www.databreachtoday.com/malicious-python-package-exfiltrates-aws-credentials-a-26789
A malicious Python package uploaded to the PyPI platform has been found exfiltrating AWS credentials from developers, amplifying concerns over open-source software security. Disguised as a legitimate tool, the package was widely downloaded, leading to potential data exposure for numerous organisations. This incident highlights the critical importance of vigilance when using third-party code, particularly from open-source repositories, and underlines the rising threat of supply chain attacks in software development. Security experts advocate for enhanced screening processes within repositories and recommend developers closely monitor dependencies to avoid similar attacks in the future.
69,000 Bitcoins Are Headed for the US Treasury—While the Agent Who Seized Them Is in Jail
https://www.wired.com/story/4-4-billion-silk-road-bitcoin-tigran-gambaryan/
In a bizarre turn of events, the US Treasury is set to acquire 69,000 Bitcoins seized from the notorious Silk Road marketplace, while the federal agent responsible for the initial seizure is serving prison time for embezzling cryptocurrency. Worth billions, this asset transfer highlights the complex challenges of managing seized digital assets and the ethical dilemmas faced by law enforcement in handling cryptocurrency. The case draws attention to the regulatory and procedural gaps in handling digital currency within legal frameworks, emphasising the need for clear protocols as cryptocurrency’s intersection with criminal activity and asset forfeiture becomes more prominent.
2025 Cybersecurity Acronyms with Definitions
https://www.cybersecuritytribe.com/articles/2025-cybersecurity-acronyms-with-definitions
Navigating cybersecurity often means deciphering a multitude of acronyms, and as the field evolves, new terms and abbreviations emerge. This article provides a comprehensive guide to the most relevant cybersecurity acronyms expected in 2025, helping professionals stay informed and communicate effectively. Covering everything from threat actors to advanced defence mechanisms, the guide is a valuable resource for industry professionals and newcomers alike. Staying familiar with these terms not only aids understanding of complex topics but also strengthens collaboration and strategic communication, crucial for addressing emerging challenges in the cybersecurity landscape.
The WIRED Guide to Protecting Yourself From Government Surveillance
https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance
WIRED offers a comprehensive guide for individuals concerned about government surveillance, providing actionable strategies to safeguard personal data and maintain privacy. The guide explores various privacy tools and tactics, including using encrypted messaging apps, VPNs, and privacy-focused browsers to reduce exposure to tracking and data collection. As government monitoring capabilities continue to evolve, this guide empowers individuals to make informed choices about their digital presence. It underscores the importance of digital literacy in an era where privacy is increasingly threatened, helping readers navigate today’s digital landscape with enhanced security and awareness.
CISA, FBI, NSA, and International Partners Release Joint Advisory on 2023 Top Routinely Exploited Vulnerabilities
The CISA, in partnership with the FBI, NSA, and international allies, has issued a joint advisory detailing the most frequently exploited vulnerabilities of 2023. Targeting common weaknesses in widely used software, the advisory urges organisations to prioritise patching and proactive cybersecurity measures. Unpatched systems remain a prime target for both state-sponsored and criminal actors, and these vulnerabilities can lead to significant breaches if ignored. By addressing these top vulnerabilities, organisations can better protect their data and infrastructure, bolstering resilience against an evolving landscape of cyber threats that exploit unaddressed security gaps.
Ask a Data Ethicist: What Happens to Your Data When a Company Goes Bankrupt?
When companies declare bankruptcy, personal data can be classified as an asset, often sold or transferred to new entities without user consent. This reality poses privacy and ethical challenges, as users have little control over their data’s fate in corporate insolvencies. Data ethicists argue that current regulations lack the protections needed to secure user data in such scenarios, urging legal reforms to ensure individuals retain rights over their data even if a company dissolves. This situation underscores the importance of user data control, calling for transparent data governance practices, especially during corporate transitions like bankruptcy.
