Information Security News 89% of Enterprise GenAI Usage Is Invisible to Organizations, Exposing Critical Security Risks The Hacker NewsA new report reveals that a staggering 89% of generative AI usage within enterprises remains undetected, exposing organisations to severe security risks. This covert AI activity can …
Every year, Safer Internet Day reminds us of the importance of making the internet a safer place for everyone. Initially conceived as a tool to connect people and make life more convenient, the internet has evolved into a cornerstone of modern living. Yet, it has …
Flaw found in stalkerware apps, exposing millions of people. Here’s how to find out if your phone is being spied upon
Bitdefender by Graham Cluley
A significant security flaw discovered in stalkerware apps has exposed millions to potential spying, significantly compromising user privacy. This vulnerability allows unauthorised access to personal data, raising serious concerns about the safety and security of individuals who may be unknowingly monitored. The issue highlights the urgent need for users to check their devices for signs of stalkerware, which may include unusual battery drain or data usage. Experts recommend regular security checks, the installation of reputable anti-stalkerware tools, and staying informed about ways to protect personal digital spaces from such invasive software.
Exploits for unpatched Parallels Desktop flaw give root on Macs
BleepingComputer by Bill Toulas
An unpatched vulnerability in Parallels Desktop for Mac allows attackers to gain root access, posing severe risks to users by potentially compromising system integrity and personal data. This exploit enables unauthorised users to bypass security mechanisms, manipulate systems, and access confidential information, illustrating the critical importance of regular software updates and vigilant security practices. Mac users are urged to apply all available security patches to mitigate this risk. The situation underscores the necessity of proactive cybersecurity measures and the dangers of operating systems without the latest security defenses.
DeepSeek’s ByteDance Data-Sharing Raises Fresh Security Concerns
Dark Reading by Elizabeth Montalbano
Recent reports have raised significant security concerns over DeepSeek, a subsidiary of ByteDance, and its data-sharing practices, which may compromise user privacy. The scrutiny comes amidst allegations that the company shares user data in ways that could violate privacy norms and potentially aid in surveillance. This issue underscores the need for stringent data governance and highlights the challenges users face in controlling their personal information. The situation calls for urgent regulatory actions to ensure that data handling by tech companies adheres to ethical standards and legal requirements, protecting individuals from unauthorised data exploitation.
New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer
The Hacker News by Ravie Lakshmanan
A new malware campaign exploiting cracked software to spread Lumma and ACR Stealer has been uncovered, targeting users looking for free software alternatives. This campaign leverages the allure of cracked software to deploy malware that can steal sensitive information, including passwords and financial data. The use of such software poses significant risks, as it often bypasses traditional antivirus protections. Cybersecurity experts strongly advise against the use of pirated software and emphasise the importance of maintaining rigorous security protocols, including using only legitimate and licensed software, conducting regular system scans, and keeping all software up to date to avoid falling victim to these sophisticated cyber threats.
Engineers Australia launches ‘chartered’ cyber credential
InnovationAus by David McClure
Engineers Australia has introduced a new ‘chartered’ credential for cybersecurity professionals, aiming to standardise and elevate expertise within the industry. This credential recognises and certifies the skills and knowledge of engineers working in cybersecurity, offering a structured pathway for professional development. It responds to the increasing complexity of cyber threats and the critical need for qualified professionals who can secure modern digital infrastructures. This credential enhances individual careers and contributes to strengthening national and organisational cybersecurity capabilities.
The software UK techies need to protect themselves now Apple’s ADP won’t
The Register by Connor Jones
With Apple’s decision to not extend Advanced Data Protection (ADP) to the UK, tech professionals are urged to explore alternative software solutions to safeguard their digital assets effectively. This situation highlights the need for robust, end-to-end encryption and other security measures that can compensate for the lack of ADP. The discussion includes a variety of software options that offer strong encryption standards and data protection policies, aiming to assist UK techies in maintaining their privacy and data integrity against potential cyber threats. The article emphasises the importance of proactive security practices in a landscape where traditional data protection mechanisms are increasingly insufficient.
Gov bans Kaspersky from its systems and devices
itNews by Eleanor Dickinson
The Australian government has implemented a ban on Kaspersky software across all its systems and devices due to security concerns, marking a significant stance on protecting national security. This precautionary measure addresses the risks associated with potential espionage and cyberattacks that could exploit vulnerabilities within the software. The ban underscores the critical need for trusted security solutions in government operations and highlights the broader implications for software vendors striving to maintain credibility in a market that increasingly values transparency and reliability in cybersecurity practices.
Microsoft Power Pages vulnerability exploited in the wild
Cybersecurity Dive by Rob Wright
A vulnerability in Microsoft Power Pages has been actively exploited, presenting serious security concerns for users. This flaw allows attackers to execute arbitrary code and potentially take control of affected systems, exposing sensitive data. The urgency of addressing this issue is paramount, as the exploitation of such vulnerabilities can lead to significant breaches, undermining trust in digital infrastructures. Users are advised to apply patches provided by Microsoft immediately to mitigate the risk and protect their data from unauthorised access. This situation highlights the ongoing challenges in maintaining secure web environments and the necessity for continuous vigilance and prompt updates in cybersecurity protocols.
A Data Leak Exposes the Operations of the Chinese Private Firm TopSec, Which Provides Censorship-as-a-Service
Security Affairs by Pierluigi Paganini
A significant data leak at TopSec, a Chinese firm known for providing censorship-as-a-service, has exposed extensive details about its operations. This breach reveals the extent to which the company engages in information control and surveillance for the Chinese government. The exposed data includes sensitive information about the methods and technologies used to monitor and suppress online content. This incident not only raises concerns about privacy and freedom of expression but also underscores the vulnerabilities in the security practices of companies involved in state-sponsored censorship activities. The leak prompts a critical examination of the implications for global internet freedom and the ethical responsibilities of technology providers.
Australia facing higher rate of cyber threats as part of APAC regional surge
itWire by Rosalyn Page
Australia is experiencing an elevated rate of cyber threats, part of a broader surge across the Asia-Pacific region. This increase is driven by the escalating sophistication of cyberattacks targeting both public and private sectors. The rise in cyber threats includes phishing, ransomware, and state-sponsored attacks, putting critical infrastructure and data at risk. This trend necessitates stronger cybersecurity measures, enhanced threat intelligence sharing, and more robust collaboration between government agencies and industry leaders. The aim is to fortify defences, raise awareness about cyber hygiene practices, and develop more resilient digital ecosystems to counteract the growing cyber threat landscape.
3.9 Billion Passwords Stolen—Infostealer Malware Blamed
Forbes by Davey Winder
In a major cybersecurity alert, Forbes reports that 3.9 billion passwords have been stolen, attributed to a sophisticated infostealer malware. This breach highlights a severe lapse in digital security protocols globally, prompting an urgent call for heightened cybersecurity measures. Experts stress the need for robust protective technologies and enhanced user vigilance. They recommend immediate action to upgrade defense systems against such malicious software, which is becoming increasingly capable of evading traditional security checks. This incident marks a significant moment in cybersecurity, urging a reevaluation of how personal data is protected online.
Australia fines Telegram for delay in answering questions
itNews
Australian regulators have imposed a significant fine on the messaging app Telegram for its delayed response to inquiries regarding its data handling and privacy practices. According to itNews, this action reflects Australia’s stringent approach to enforcing digital communication compliance amid growing concerns over data security. The fine serves as a warning to other tech companies about the importance of quick and transparent responses to regulatory questions. Experts emphasise that maintaining rigorous data protection standards is crucial for preserving user trust and ensuring compliance with global data privacy laws. This case highlights the escalating demands on digital platforms to adhere to strict regulatory expectations and the potential repercussions of non-compliance.
Fake CS2 tournament streams used to steal crypto, Steam accounts
BleepingComputer by Bill Toulas
Cybercriminals are exploiting the popularity of CS2 tournaments by hosting fake streams that deceive gamers into downloading malware, leading to significant losses of cryptocurrency and Steam accounts. BleepingComputer reports that these fraudulent streams lure viewers with the promise of live competitive play, only to trick them into installing software that steals sensitive information. This scam highlights the increasing sophistication of cyber threats targeting online gaming communities. Experts advise gamers to verify the authenticity of streams and download sources, maintain robust security software, and stay informed about common phishing tactics to safeguard their digital and financial assets effectively.
Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace
Cyberscoop by Tim Starks
In a candid interview with Cyberscoop, former NSA and Cyber Command chief Paul Nakasone expressed concerns that the United States is falling behind its adversaries in cyberspace. Nakasone emphasized the strategic gaps in America’s cyber defenses, highlighting that current efforts are insufficient to counteract the sophisticated cyber tactics employed by foreign enemies. He stresses the need for a comprehensive national cyber strategy that proactively enhances cybersecurity infrastructure and fosters greater collaboration between government agencies and the private sector. This strategic overhaul, he argues, is essential to maintaining national security and staying ahead in the constantly evolving cyber threat landscape.
Critical New PayPal Warning: Genuine Emails Used In Ongoing Attack
Forbes by Davey Winder
Forbes has issued a critical alert regarding a new phishing scam where attackers are using genuine-looking PayPal emails to execute sophisticated attacks. This campaign involves cybercriminals crafting emails that mimic official PayPal communications, tricking recipients into divulging sensitive information such as login credentials and financial details. The article stresses the importance of vigilance and educating users on the hallmarks of phishing attempts. It also calls for enhanced email filtering technologies and user education to combat these types of cyber threats effectively. This incident serves as a stark reminder of the evolving nature of cyberattacks and the need for continuous updates to security measures.
Beware: PayPal “New Address” feature abused to send phishing emails
BleepingComputer by Lawrence Abrams
BleepingComputer reports a new phishing tactic exploiting PayPal’s “New Address” feature, where cybercriminals send fraudulent emails urging users to verify their account details. This scam cleverly disguises itself within legitimate-looking PayPal communications, convincing users to input sensitive information, which leads to data breaches and financial loss. The article highlights the necessity for users to be extremely cautious with email links and to verify any changes through official PayPal channels directly. It also emphasizes the importance of ongoing cybersecurity education to recognize and thwart such deceptive techniques, ensuring personal and financial information remains secure.
NSW finds new permanent cyber chief
itNews by Eleanor Dickinson
New South Wales has appointed a new permanent cyber chief to oversee the state’s cybersecurity strategy, aiming to strengthen defenses against a rising tide of cyber threats. This appointment underscores the growing recognition of the critical importance of cybersecurity at the state level. The new cyber chief’s role will focus on enhancing collaboration between government agencies, bolstering cyber incident response capabilities, and developing comprehensive policies to protect public and private sector data. This strategic move is part of a broader effort to fortify digital infrastructure and ensure robust protection for citizens’ data in the face of increasingly sophisticated cyberattacks.
Hackers steal $1.5bn from crypto exchange in ‘biggest digital heist ever’
The Guardian by Joanna Partridge
The Guardian reports a monumental theft where hackers stole $1.5 billion from a cryptocurrency exchange, marking it as the biggest digital heist in history. This staggering breach involved sophisticated cyber tactics that overcame existing security measures, prompting a global reevaluation of cryptocurrency security protocols. The incident has sent shockwaves through the financial technology industry, highlighting vulnerabilities that could potentially expose other platforms. Experts are now calling for heightened security measures, including advanced encryption and multi-factor authentication, to protect against similar attacks and to reassure the increasingly anxious investor community about the safety of their digital assets.
DOGE Sparks Surveillance Fear Across the US Government
Wired by Paresh Dave, Dell Cameron & Alexa O’Brien
Wired reports escalating concerns within the US government regarding the cryptocurrency DOGE and its potential use in surveillance and data collection. These fears stem from DOGE’s rapid integration into mainstream financial systems and its accessibility to top cybersecurity agencies. Government officials are debating the implications of such technologies, which could potentially be exploited for mass surveillance or violate privacy rights. This issue highlights the ongoing tension between technological innovation and civil liberties, prompting a call for strict regulatory frameworks to govern the use of cryptocurrencies in government operations while safeguarding individual privacy.
Telegram fined nearly $1m by Australian watchdog for delay in reporting about terrorism and child abuse material
The Guardian by Josh Taylor
Australian regulators have imposed a fine of nearly $1 million on Telegram for its delayed action in reporting incidents involving terrorism and child abuse material, as detailed by The Guardian. This penalty emphasizes the critical role social media platforms play in preventing the spread of harmful content. It also spotlights the stringent expectations from authorities worldwide that platforms enforce proactive monitoring and swift reporting practices. The case serves as a caution to other companies about the severe consequences of failing to adhere to legal and ethical standards in content management.
Apple removes advanced data protection tool in face of UK government request
The Guardian by Rachel Hall
In response to a UK government request, Apple has removed an advanced data protection tool from its products in the UK, a move that has sparked widespread concerns over privacy. This action highlights the ongoing struggle between government surveillance needs and individual privacy rights. Critics and privacy advocates are alarmed, suggesting that this could undermine user trust and set a troubling precedent for tech companies, potentially eroding privacy protections globally. The debate continues about the balance that needs to be struck between national security and protecting citizens’ private data.
DOGE Now Has Access to the Top US Cybersecurity Agency
Wired by Kim Zetter
Wired reveals that the cryptocurrency DOGE has gained unprecedented access to a top U.S. cybersecurity agency, stirring debates over the implications for national security and privacy. This development comes as government entities increasingly explore the potential of blockchain technologies for enhancing security operations. However, the integration of DOGE raises concerns about the security and transparency of governmental use of cryptocurrency technologies. Critics argue this could lead to potential vulnerabilities, calling for rigorous oversight and clear guidelines to ensure that such technologies do not compromise the integrity of national security measures.
Apple’s Bold Move in the UK: No Backdoor, No Extra Encryption
PrivID (Substack)
In a decisive stance, Apple has opted not to include additional encryption or backdoor access in its UK products, as reported by PrivID on Substack. This decision highlights Apple’s commitment to user privacy amidst pressure from the UK government to allow backdoor access for law enforcement purposes. The article elaborates on the broader implications of this move for privacy advocacy and cybersecurity, arguing that resisting government pressure helps maintain trust and security for users globally. It discusses the potential consequences for Apple in terms of legal challenges and market dynamics, emphasizing the delicate balance between national security demands and the preservation of individual privacy rights.
Cybersecurity Needs to Stay Nonpartisan in the Age of DOGE
Lohrmann on Cybersecurity by Dan Lohrmann
In his commentary for “Lohrmann on Cybersecurity,” Dan Lohrmann stresses the importance of nonpartisanship in cybersecurity, particularly as the influence of cryptocurrencies like DOGE grows within national security frameworks. According to Lohrmann, the entanglement of digital currencies with security issues could lead to political exploitation. He advocates for a bipartisan approach to cybersecurity, urging that policies and actions should transcend political divisions to effectively protect national interests. Lohrmann argues that cybersecurity resilience depends on collaborative efforts and adherence to shared principles, rather than being influenced by fluctuating political agendas.
Cybersecurity in 2025: A Battle of Interwoven Interests
The Peninsula by Dr. Khaled Walid Mahmoud
Dr. Khaled Walid Mahmoud’s article in The Peninsula addresses critical challenges in the cybersecurity landscape of 2025, particularly emphasizing the growing resilience disparity between large and small institutions. He highlights how smaller entities often lack the resources to implement comprehensive cyber defenses, making them particularly vulnerable to attacks. Amidst this scenario, Dr. Mahmoud poses an essential question regarding the position of Arab nations within the global cybersecurity equation. He discusses their unique vulnerabilities and the need for regional cooperation to enhance security frameworks and reduce disparities. This dialogue is crucial as it underscores the importance of tailored cybersecurity strategies that account for varied economic and technological capabilities across different regions.
Cyber Insurance is Useless Without Encryption
PrivID (Substack)
The PrivID article highlights a crucial aspect of cyber risk management: the ineffectiveness of cyber insurance without robust encryption practices. As cyber threats evolve, merely relying on insurance policies without securing data at its core leaves organizations vulnerable. The piece emphasizes that encryption is essential not just for safeguarding data but also for meeting the stringent requirements that insurance policies increasingly demand. It calls on organizations, particularly SMEs, to integrate strong encryption methods as a standard practice to enhance their overall cybersecurity measures and ensure that they are genuinely protected against potential breaches.
The 3 Levels of Threat Intelligence: How They Help You Stay Secure
Fel Gayanilo
In this insightful piece, CyAN General Secretary Fel Gayanilo breaks down threat intelligence into three distinct levels—strategic, tactical, and operational. Fel explains how each level plays a crucial role in enhancing an organization’s cybersecurity posture. Strategic threat intelligence helps in understanding the broad risk landscape, tactical intelligence focuses on immediate threats, and operational intelligence deals with day-to-day security events. This layered approach, Fel argues, enables organizations to better anticipate potential threats and tailor their defenses accordingly, thereby staying one step ahead of cyber adversaries.
Quantum Computing and the Urgent Need for Universal End-to-End Encryption
Kim Chandler McDonald
CyAN VP Kim Chandler McDonald discusses the transformative impact of quantum computing on cybersecurity, particularly stressing the urgent need for universal end-to-end encryption. Kim highlights how quantum computing poses significant risks to current encryption methods and could potentially break many of the cryptographic systems currently in use. The article calls for proactive measures to develop quantum-resistant encryption technologies to protect data against future threats. Kim’s insights underline the importance of preparing for quantum advancements to ensure privacy and security in the digital age.
Smart Security Everywhere: Empowering CXOs with Always-On Protection
Shantanu Bhattacharya
CyAN member Shantanu Bhattacharya addresses the need for comprehensive security solutions in his article on ‘Smart Security Everywhere’. He advocates for an ‘Always-On’ protection model that empowers CXOs to manage and mitigate risks continuously. Shantanu outlines how integrating smart security technologies across all organizational levels can provide real-time threat detection and response, thus safeguarding critical assets. His recommendations emphasize the role of leadership in fostering a culture of security that aligns with business objectives and adapts to the evolving cyber threat landscape.
📌 Breaking the Cycle: Combating Online IBSA for a Safer Digital Experience
🗓 March 6th | EST 6 AM | CET 12 PM | AEST 10 PM
Join the webinar
📌 CyAN APAC: The Geopolitical Impacts of Cyber Threats: From Espionage to Influence
🗓 March 12th | Peoplebank, Sydney | Keynote by Dan Elliot
Event details
📌 GITEX AFRICA, Marrakesh, Morocco
🗓 April 14-16
More info
📌 GITEX ASIA, Singapore (Marina Bay Sands)
🗓 April 23-25
More info
📌 GISEC, Dubai World Trade Center, UAE
🗓 May 6-8
More info
📌 The Cyber Outstanding Security Performance Awards (Cyber OSPAs), London, UK
🗓 May 8
More info
📌 World AI Technology Expo UAE, Dubai, UAE
🗓 May 14-15
More info
📌 MaTeCC: Rabat, Morocco
🗓 June 7-9
📍 The third annual North Africa and beyond cybersecurity event, hosted by CyAN partner organisation École High-Tech
More info
by Shantanu Bhattacharya Posted on February 20, 2025 | Originally published on RSAC Conference 🔗 Read the original article on RSAC Conference In today’s digital-first business landscape, Chief Experience Officers (CXO) are frequently on the move, driving business growth outside the organization’s secure network perimeter. …
Information Security News Ghost Ransomware Targets Orgs in 70+ CountriesDark Reading by Elizabeth MontalbanoGhost ransomware continues to pose a significant threat globally, now targeting organisations in over 70 countries. This ransomware variant is particularly insidious due to its ability to encrypt data swiftly and demand …
Joint Letter on the UK Government’s use of Investigatory Powers Act to attack End-to-End Encryption
Global Encryption Coalition by Ryan Polk
The Global Encryption Coalition is actively opposing the UK government’s utilisation of the Investigatory Powers Act to erode end-to-end encryption, asserting that this undermines both personal privacy and national security. An open letter, which is soliciting public signatures until February 20th, has been circulated to garner widespread support against this legislative action. The coalition is urging stakeholders from all sectors to join this campaign, emphasising the critical role of strong encryption in safeguarding secure communications and protecting digital rights against intrusive surveillance.
Read more
US lawmakers press Trump admin to oppose UK’s order for Apple iCloud backdoor
The Register by Brandon Vigliarolo
In a significant stance for digital privacy, US lawmakers are pushing back against the UK’s request for Apple to create a backdoor into its iCloud services. They argue that complying with this demand would compromise user privacy and set a dangerous precedent that could impact global digital security standards. The opposition from US lawmakers underscores the ongoing international debate over encryption and government surveillance, highlighting the delicate balance between ensuring national security and upholding individual privacy rights. They urge a reevaluation of such demands to prevent potential overreach and ensure the protection of digital liberties.
Read more
Rape under wraps: how Tinder, Hinge and their corporate owner chose profits over safety
The Guardian by Elena Dugdale
A detailed investigative report by The Guardian has unveiled significant safety failures by Tinder and Hinge, exposing how their corporate owner has consistently prioritised profit over user safety, especially in addressing incidents of rape connected to their platforms. This serious oversight has led to widespread outrage and urgent calls for reform in the online dating industry. The report underscores the critical need for immediate implementation of stricter safety measures and regulatory oversight. It advocates for a major overhaul of safety protocols on dating platforms to better protect users from potential harm and to hold companies accountable for their safety practices, thereby ensuring a safer online environment for dating app users.
Read more
The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets
Security Affairs by Pierluigi Paganini
Unmanned Aerial Vehicles (UAVs) and Counter-Unmanned Aerial Vehicle (C-UAV) systems, pivotal for national defense and commercial industries, are facing an uptick in cyber espionage activities. These advanced technologies, integral to modern warfare and surveillance, have become prime targets for state-sponsored cyberattacks aimed at stealing sensitive data or causing operational disruptions. The growing prevalence of such espionage underscores the urgent need for nations to enhance cybersecurity measures around UAVs, encourage international cooperation on cyber defense strategies, and implement robust protocols to protect these critical technologies from foreign interference, ensuring operational security and technological integrity.
Read more
US Coast Guard Urged to Strengthen Cybersecurity Amid $2B Daily Port Risk
Tripwire by Graham Cluley
In light of increasing cyber threats targeting critical infrastructure, the US Coast Guard is urgently called to strengthen its cybersecurity frameworks. Given the agency’s role in securing ports through which goods worth over $2 billion transit daily, enhancing cyber defences is not just beneficial but essential. The necessity for these improvements comes amid reports of potential vulnerabilities that could be exploited to disrupt commercial and security operations at maritime points. Industry experts are advocating for significant investments in cybersecurity, including updated technologies and training, comprehensive threat assessments, and stronger collaborative measures with other national security agencies to safeguard against the sophisticated nature of current cyber threats.
Read more
North Korea targets crypto developers via NPM supply chain attack
The Register by Connor Jones
In a significant revelation, North Korea has been implicated in a series of cyberattacks targeting cryptocurrency developers through the NPM package manager. This method involves inserting malicious code into software dependencies, which can compromise security and steal sensitive information. These attacks not only demonstrate North Korea’s growing sophistication in cyber warfare but also highlight the vulnerabilities inherent in the software development supply chain. The international community is urged to take immediate action by implementing stricter security protocols for software development, enhancing monitoring mechanisms, and fostering collaboration between nations to counter the risks posed by such state-sponsored cyber activities.
Read more
US woman faces years in federal prison for running laptop farm for N Korean IT workers
Bitdefender by Graham Cluley
A US woman is currently facing federal prison for setting up a ‘laptop farm’ allegedly used to provide illicit technological support to North Korean IT workers, breaching international sanctions. This case underscores significant risks in cybersecurity and international relations, highlighting how individuals can contribute to global security threats through seemingly benign activities. It serves as a stark reminder of the importance of stringent enforcement of cybersecurity laws and international sanctions, ensuring that individuals and companies adhere to global norms and prevent the facilitation of unauthorised state-sponsored cyber operations.
Read more
Japan Goes on Offense With New ‘Active Cyber Defense’ Bill
Dark Reading by Nate Nelson
Japan is taking bold steps to bolster its cybersecurity stance with the proposed ‘Active Cyber Defense’ bill, allowing preemptive measures against imminent cyber threats. This legislative effort reflects a strategic pivot towards a more aggressive defense posture in cyberspace, aimed at thwarting cyberattacks before they can cause harm. The move is part of a larger national security strategy to protect critical digital infrastructure and sensitive data from increasingly sophisticated cyber threats posed by rival nations. With this proactive approach, Japan seeks to set a precedent for cybersecurity, emphasising the need for dynamic defensive capabilities and international cooperation in an era where digital threats are rapidly evolving.
Read more
zkLend loses $9.5M in crypto heist, asks hacker to return 90%
BleepingComputer by Lawrence Abrams
In a daring crypto heist, zkLend lost $9.5 million, leading the platform to unusually request the hacker to return 90% of the stolen funds. This incident spotlights the persistent vulnerabilities within cryptocurrency platforms and the unconventional methods entities might resort to when attempting to mitigate losses. The episode has sparked a broader discussion in the crypto community about the security of decentralised finance (DeFi) platforms, the ethical implications of negotiating with cybercriminals, and the need for more stringent regulatory and security measures to protect investors and maintain the integrity of the crypto market.
Read more
Hacker leaks account data of 12 million Zacks Investment users
BleepingComputer by Bill Toulas
A massive data breach at Zacks Investment resulted in the leak of personal account data for 12 million users, exposing them to potential financial and identity theft risks. This breach underscores the continuing challenges financial institutions face in safeguarding sensitive customer information against increasingly sophisticated cyber attacks. The incident has prompted calls for enhanced cybersecurity protocols, including more robust data encryption and real-time monitoring systems, to prevent future breaches and to bolster consumer confidence in the digital security measures of financial services.
Read more
RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset
The Hacker News by Ravie Lakshmanan
The RA World ransomware attack in South Asia has been linked to a toolset commonly used in Chinese espionage, suggesting a state-sponsored origin. This connection illuminates the dual-use nature of cyber tools in espionage and commercial cybercrime, highlighting significant geopolitical cybersecurity concerns. The attack not only disrupted numerous systems but also pointed to the intricate ways in which national security and cybercrime intersect. This event calls for a global reevaluation of cyber defense strategies, emphasising the need for international collaboration to address the multifaceted threats posed by state-affiliated cyber actors.
Read more
Trump to nominate Sean Cairncross as national cyber director
Cybersecurity Dive by David Jones
In a significant political move, former President Trump announced the nomination of Sean Cairncross as national cyber director, signalling a strategic focus on strengthening national cybersecurity infrastructure. Cairncross, known for his previous governmental roles, is expected to bring a robust approach to coordinating cyber defense across federal agencies. His nomination comes at a time when the U.S. faces escalating cyber threats, highlighting the administration’s commitment to bolstering cyber resilience and protecting critical information infrastructure from both domestic and foreign cyber threats.
Read more
CISA Places Election Security Staffers on Leave
Dark Reading by Kristina Beek
As the 2025 election approaches, the Cybersecurity and Infrastructure Security Agency (CISA) has controversially placed several key election security staffers on leave. This move has sparked widespread concern among cybersecurity experts and lawmakers alike, who fear it could undermine the integrity of the upcoming elections. Critics argue that the timing and lack of transparency surrounding these decisions may leave the nation’s election infrastructure vulnerable to cyberattacks, thereby threatening the democratic process. Calls are intensifying for immediate reinstatement of the staff and assurances that election security remains a top priority, emphasising the need for robust, uninterrupted protection against potential threats.
Read more
Probe finds US Coast Guard has left maritime cybersecurity adrift
The Register by Jessica Lyons
A recent investigation has revealed significant cybersecurity lapses within the US Coast Guard, raising alarms over the potential vulnerability of the United States’ maritime sector to cyber threats. The probe highlights a lack of adequate security measures and preparedness against cyberattacks that could jeopardise critical maritime operations and national security. The findings have prompted urgent calls for comprehensive updates to cybersecurity protocols and for increased funding to bolster the Coast Guard’s capacity to defend against sophisticated cyber threats. Stakeholders are urging swift action to shore up defences and ensure the safety of the maritime transport system.
Read more
Triplestrength hits victims with triple trouble: Ransomware, cloud hijacks, crypto-mining
The Register by Jessica Lyons
Triplestrength, a new malicious cyber operation, is wreaking havoc by simultaneously deploying ransomware, hijacking cloud services, and engaging in unauthorised crypto-mining. This multifaceted attack not only encrypts victim data but also commandeers cloud resources and utilises them for mining cryptocurrencies, significantly amplifying the operational and financial impact on affected organisations. The complexity and scope of these attacks underscore a growing trend of cybercriminals leveraging compound strategies to maximise their gains. Cybersecurity experts are calling for a layered defence strategy and heightened vigilance among organisations to detect and mitigate such sophisticated threats.
Read more
Bipartisan Senate bill would strengthen cybercrime penalties
Cyberscoop by Matt Bracken
A bipartisan effort in the US Senate has introduced a bill aimed at significantly strengthening penalties for cybercrimes, reflecting growing legislative focus on combatting cyber threats more aggressively. This bill proposes enhancements to existing laws, including tougher sentences for hackers and more substantial fines for cybercriminal enterprises. The move is seen as a response to the increasing frequency and severity of cyber attacks on national infrastructure and private entities, highlighting the need for a more robust legal framework to deter cybercriminals and protect citizens and businesses from cyber threats.
Read more
Cybersecurity experts fear Elon Musk’s DOGE may enable quantum hackers
NewScientist by Matthew Sparkes
Concerns are mounting among cybersecurity experts that the cryptocurrency DOGE, promoted by Elon Musk, could potentially be vulnerable to quantum hacking due to its cryptographic algorithms. As quantum computing advances, the fear is that these technologies could break traditional encryption methods used by cryptocurrencies, including DOGE. This vulnerability could expose users to unprecedented risks, including theft of funds and breach of transaction privacy. Experts are urging a reevaluation of cryptographic standards in cryptocurrencies to ensure they can withstand the potential future capabilities of quantum computing, thereby safeguarding investments and maintaining the security of digital financial transactions.
Read more
Russian military hackers deploy malicious Windows activators in Ukraine
BleepingComputer by Sergiu Gatlan
Russian military operatives have escalated their cyber warfare tactics by deploying malicious Windows activators in Ukraine, aiming to compromise government and critical infrastructure systems. These activators, which masquerade as legitimate software tools, are in fact laced with malware designed to infiltrate, disrupt, and spy on Ukrainian digital networks. This strategy not only undermines Ukraine’s cybersecurity but also poses a significant threat to the integrity of its national data and operational security. The international cybersecurity community is called upon to support Ukraine in enhancing its defences and to work on developing more robust mechanisms to detect and neutralise such covert cyber threats.
Read more
Adobe Plugs 45 Software Security Holes, Warns of Code Execution Risks
SecurityWeek by Ryan Naraine
Adobe has released a critical update to address 45 vulnerabilities across its range of software, which were found to potentially allow malicious code execution if exploited. This sweeping security update underscores the ongoing risks associated with software vulnerabilities and highlights the necessity for continuous vigilance by users and organisations alike. Adobe urges all users to update their software promptly to mitigate the risks of unauthorised access or data breaches. The move also prompts a broader discussion in the tech community about the importance of regular software maintenance and the implementation of proactive security measures to protect against increasingly sophisticated cyber threats.
Read more
SonicWall firewall exploit lets hackers hijack VPN sessions, patch now
BleepingComputer by Bill Toulas
A significant vulnerability has been discovered in SonicWall’s firewall appliances that could allow hackers to hijack VPN sessions and gain unauthorised access to private networks. The exploit, which affects several models of SonicWall’s hardware, has prompted urgent advisories for organisations to apply the latest patches to avoid potential security breaches. This incident raises concerns about the security of network infrastructure and the critical importance of maintaining up-to-date system patches to defend against sophisticated attacks that target core communication tools like VPNs.
Read more
Microsoft Patches ‘Wormable’ Windows Flaw and File-Deleting Zero-Day
SecurityWeek by Ryan Naraine
Microsoft has responded swiftly to patch a ‘wormable’ flaw in Windows that could allow rapid malware spread across networks, along with a zero-day vulnerability that enables unauthorised file deletion. These patches are part of Microsoft’s latest security efforts to tighten system defences and prevent potential widespread damage. The seriousness of these vulnerabilities, particularly the wormable flaw, highlights the continuous arms race in cybersecurity and the need for persistent updates and user awareness to safeguard personal and organisational data from evolving cyber threats.
Read more
Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks
The Hacker News by Ravie Lakshmanan
Threat actors are exploiting a software vulnerability in ClickFix to deploy the NetSupport Remote Access Trojan (RAT), marking a significant escalation in cyber-attack complexity. This tactic allows hackers to gain control over victims’ systems, enabling data theft, surveillance, and further malicious activities. The use of ClickFix, a widely used utility tool, as a conduit for such attacks highlights the need for robust endpoint security and user education to identify and mitigate threats from seemingly innocuous software applications. Cybersecurity professionals emphasise the importance of comprehensive security strategies that include regular software audits and updates to combat such versatile cyber threats.
Read more
OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials
SecurityWeek by Eduard Kovacs
In a recent security scare, a hacker claimed to have access to 20 million user credentials from OpenAI services. However, after thorough investigations, OpenAI announced that they found no evidence of a data breach, attributing the claim possibly to previously compromised data from other sources. This incident has heightened awareness around data security, prompting OpenAI to reassure users of their stringent security measures and encourage stronger password practices and multi-factor authentication. It also serves as a reminder for all organisations to continually assess and update their security protocols to protect against evolving cyber threats.
Read more
iOS 18.3.1 patches an ‘extremely sophisticated attack’ – and more
ZDNet by Adrian Kingsley-Hughes
Apple has released an update for iOS 18.3.1, patching what it describes as an ‘extremely sophisticated attack’ that could have compromised user data. This patch addresses a critical vulnerability that allowed attackers to execute arbitrary code on devices without user interaction. The swift response by Apple highlights the ongoing arms race between technology companies and cybercriminals, underscoring the importance of regular software updates in maintaining security and user trust. Apple’s proactive measures are crucial in defending against these sophisticated attacks that target personal and corporate data.
Read more
Medibank link emerges in multi-country action against ZServers
itNews by Eleanor Dickinson
In a coordinated multi-country law enforcement effort, significant ties have been uncovered between Medibank and the notorious ZServers hosting service, known for facilitating Lockbit ransomware attacks. This revelation points to broader cybersecurity vulnerabilities within corporate networks that could be exploited by ransomware syndicates. The international crackdown reflects a growing trend of cross-border collaborations to combat cybercrime, emphasising the need for enhanced security measures and greater transparency in corporate IT environments to prevent such vulnerabilities from being exploited.
Read more
VeraCore zero-day vulnerabilities exploited in supply chain attacks
Cybersecurity Dive by Rob Wright
Recent discoveries have revealed that VeraCore’s software contains zero-day vulnerabilities that have been actively exploited in several supply chain attacks. These vulnerabilities allowed attackers to infiltrate logistics networks, causing widespread disruption and highlighting significant risks in supply chain security. The incident has prompted urgent calls for software vendors to prioritise the security of their products by implementing comprehensive vulnerability management programs and for businesses to conduct regular security assessments to mitigate the risk of similar attacks affecting their operations.
Read more
Australia, US, UK target ZServers over Lockbit ransomware attacks
itNews
In a significant international law enforcement effort, agencies from Australia, the US, and the UK have coordinated to target Zservers, a notorious platform known for facilitating Lockbit ransomware attacks. This joint operation reflects a robust global stance against cybercriminals who leverage ransomware to disrupt and extort businesses and government agencies worldwide. By dismantling a key node in the ransomware ecosystem, this collaborative action aims to disrupt the operations of cybercriminals significantly, enhance global cybersecurity resilience, and set a precedent for future international cooperation against digital threats.
Read more
How Public & Private Sectors Can Better Align Cyber Defense
Dark Reading by Chris Henderson
The necessity for improved alignment between public and private sectors in cyber defense strategies is becoming increasingly critical as cyber threats evolve. This article explores this topic, advocating for a more integrated approach where governmental agencies and private companies share intelligence, tools, and strategies to combat cyber threats effectively. It goes on to suggest establishing formal frameworks and partnerships that facilitate real-time data exchange and collaborative response mechanisms. Such integration is intended to enhance the overall security posture of both sectors, enabling more agile and effective responses to cyber incidents and reducing the impact of breaches.
Read more
3 Ways Nonprofits Can Strengthen Their Cybersecurity in 2025
Biz Tech by Matt Morgan
As nonprofits become increasingly reliant on digital technologies, ‘Biz Tech’ outlines three strategic ways these organisations can enhance their cybersecurity in 2025. First, adopting a tailored cybersecurity framework that addresses specific vulnerabilities unique to the nonprofit sector. Second, investing in comprehensive staff training to recognise and respond to cyber threats proactively. Third, forming partnerships with technology firms to access cutting-edge security tools at reduced costs. These measures are crucial for safeguarding sensitive data, maintaining donor trust, and ensuring the continuity of services amidst a landscape of escalating cyber risks.
Read more
Top cybersecurity trends to watch in 2025
JP Morgan
JP Morgan’s report on the top cybersecurity trends for 2025 provides crucial insights for organisations aiming to stay ahead of emerging threats. Highlighting the integration of artificial intelligence in threat detection and response, the expansion of data privacy regulations, and the adoption of zero-trust security architectures, the report emphasises the need for businesses to adapt swiftly. These trends are expected to define the cybersecurity landscape, necessitating strategic adjustments in corporate security policies and IT infrastructures to mitigate risks and comply with new regulatory requirements effectively.
Read more
WTF? Why the cybersecurity sector is overrun with acronyms
CSO Australia by Lee-Anne Goodman
CSO Australia critically examines the pervasive use of acronyms within the cybersecurity sector, arguing that this jargon complicates communication and can alienate newcomers or non-specialists. The article calls for a paradigm shift towards clearer, more accessible language that facilitates understanding and collaboration across diverse stakeholders. By standardising terminology and simplifying explanations, the cybersecurity community can enhance operational efficiency, improve stakeholder engagement, and foster a more inclusive environment that attracts a broader range of talent and expertise.
Read more
How fake security reports are swamping open-source projects, thanks to AI
ZDNet by Steven Vaughan-Nichols
ZDNet explores a troubling trend where artificial intelligence is being used to generate fake security reports, overwhelming open-source projects with fraudulent vulnerability claims. Steven Vaughan-Nichols details how these AI-generated reports, which often appear technically plausible, can deceive project maintainers, leading to unnecessary alarms and wasted resources. This surge in fake reports not only strains the open-source community but also risks undermining trust in genuine security warnings. The article calls for enhanced verification processes and AI detection tools to combat this new form of cyber deception, urging the community to develop strategies to distinguish between legitimate and AI-generated reports to maintain the integrity of open-source software development.
Read more
Protecting Your Software Supply Chain: Assessing the Risks Before Deployment
The Hacker News
The importance of securing the software supply chain has never been more critical, as highlighted in a comprehensive analysis by The Hacker News. This article details strategies for assessing and mitigating risks before software deployment, emphasising the need for rigorous security audits and vulnerability assessments throughout the development lifecycle. By integrating these practices, companies can prevent the infiltration of malicious code and unauthorised access, safeguarding their operations from the ground up. The piece advocates for a holistic approach, combining technology solutions with staff training and robust policy frameworks to create a resilient defense against evolving cyber threats.
Read more
Zero Trust: Redefining cybersecurity for the modern era
Intelligent CISO by Alasdair Anderson
Intelligent CISO delves into the Zero Trust security model, advocating for its adoption as the foundation for modern cybersecurity strategies. This approach, which assumes that threats could be internal as well as external, requires verification at every step of digital interactions, fundamentally changing how organisations secure their IT environments. The article explains how Zero Trust architectures can prevent data breaches by continuously authenticating user identities and access rights, thereby minimising the risk of insider threats and external attacks. Implementing Zero Trust not only enhances security but also aligns with evolving regulatory landscapes and technological advancements.
Read more
Major Cyber Attacks in Review: January 2025
SOC Radar
SOC Radar’s report on major cyber attacks in January 2025 provides a sobering overview of the cybersecurity challenges faced globally. It details significant incidents that have impacted government agencies, enterprises, and non-profits, illustrating the sophisticated tactics used by cybercriminals. The analysis stresses the urgency for organisations to adopt proactive defense strategies, such as advanced threat detection systems and incident response plans, to mitigate the impacts of such attacks. The report serves as a call to action for heightened vigilance and strategic planning in the face of the dynamic and persistent threat landscape.
Read more
Your Browser’s Betrayal: Understanding Syncjacking Attacks
Kim Chandler McDonald
In an insightful piece by CyAN Global VP Kim Chandler McDonald, the concept of ‘syncjacking,’ a new form of cyber attack that exploits browser synchronisation features to steal personal information, is thoroughly examined. This article explores how attackers manipulate synced data across devices to gain unauthorised access to sensitive information, compromising user privacy and security. McDonald provides practical advice on how to protect oneself from such attacks, including the use of more secure synchronisation methods and regular audits of sync settings. The piece highlights the need for continuous education on emerging cyber threats to keep personal and organisational data safe.
Read more
Upcoming CyAN Global Events:
Information Security News Thai authorities detain four Europeans in ransomware crackdown Cyberscoop by Greg OttoIn a coordinated operation, Thai authorities arrested four European nationals in Phuket, suspected of orchestrating Phobos ransomware attacks. The individuals allegedly extorted approximately $16 million in Bitcoin from over 1,000 victims …
Safer Internet Day: A Call for Responsibility As we observe Safer Internet Day, we are reminded of our collective responsibility to foster a digital environment that is secure and respectful. This global observance not only promotes safer and more responsible use of online technology but …
By Shantanu Bhattacharya
Posted on February 06, 2025 | Originally published on RSAC Conference
📌 Read the original article on RSAC Conference
In the ever-evolving landscape of cybersecurity, attackers are constantly seeking new ways to bypass traditional defenses. This blog delves into the often-overlooked methods they use, focusing on how obscure techniques, specifically within UNIX system calls and file system manipulation, are employed to gain access and exfiltrate sensitive data. While a similar situation occurs with Windows system calls, we decided to focus on one system for better understanding and conciseness. It is important to recognize that our primary focus is on attacks leveraging user mode and how we can protect access using that.
We begin by exploring “the shadows” of UNIX-like systems, highlighting system calls that are typically not monitored, such as openat, ptrace, mmap, and others. These system calls are not inherently malicious; however, attackers cleverly misuse them. Think of it as using the wrong key to open a door. Attackers use ptrace, for example, to manipulate running processes and access data they’re not supposed to. Or they use mmap to map sensitive files like /etc/shadow directly into memory, bypassing traditional file-based access controls. Other examples include sendfile which can be used to transfer data directly from the file system to an unauthorized remote network location or rename that is used to exchange sensitive files with malicious ones. We even see the exploitation of dup to duplicate file descriptors to access privileged data. While a similar set of attacks are also possible with Windows based systems, these methods are very similar to their UNIX system-based counterparts, and hence it will not provide additional context.
Attackers manipulate file system features and metadata to carry out their activities. Methods range from hiding data within alternate data streams (ADS) and sparse files, to exploiting NTFS junctions, symbolic links, and even the use of rootkits to hide the malicious activities from the security tools. These methods are difficult to detect as they often utilize system level tools and techniques and do not necessarily leave a trail, particularly in the user-mode.
The current security landscape is often lacking when it comes to protecting against these more subtle attacks. Traditional security solutions, while proficient with user authentication, often fall short on device authentication using easily spoofable IP and MAC addresses, and they completely overlook software authentication, a huge gap that needs to be addressed. Consider this: current security checks if the user has the permission to use the software, but not the specific instance of that software is trusted and is authorized. This is a key weakness which can be exploited using compromised software instances to gain unauthorized access.
This is where a new solution comes in, using a multi-dimensional approach. Unlike traditional security which focuses on user credentials, the solution requires not only the right user, but also the right device and the right software. It authenticates each of the three, ensuring that the valid user with valid device and valid software instance is given access. In addition, it provides 24×7 monitoring of all data access paths, so even if an attack uses an obscure or unintended system call, access is automatically denied. This multi-faceted approach provides significantly more stringent access controls. It’s like adding multiple layers to a bank transaction. Organizations should take into consideration many of the obscure techniques used by hackers for their attack vectors. By treating administrator access as a higher privileged user, organizations can close the loopholes usually present in the security system.
Much like fortifying the foundation of a building, it is critical to ensure that operating system security is strengthened at both user and kernel level. It’s fundamental to all secure computing going forward.
In conclusion, by understanding obscure attack vectors and implementing robust and comprehensive security solutions such as the one offered by the solution, organizations and users can move closer to a truly secure digital environment. It’s time to look beyond the usual and fortify every aspect of our systems from the ground up.
Introduction In today’s interconnected world, the importance of digital rights cannot be overstated. While the European Union is making commendable strides in this arena, Australia stands at a pivotal juncture to assert its leadership in championing online freedom. The nation’s commitment to democratic values, coupled …