Author: Adam Parlett

Whilst the four-time Superbowl Champions, The Green Packers, have rightly been drawing praise this season for their on-field defensive performances, the Organization’s online defense has been called into question following the disclosure of a significant data breach affecting thousands of their loyal supporters. Contrasting Fortunes The last week of 2024 saw the storied franchise triumph 34-0 against the New Orleans Saints to record the first defensive shutout of the current NFL season. In his post-match comments, Packers head coach Matt LaFleur gushed, “Obviously, it’s hard to shutout an opponent in this league. From what I was told, it was the…

Have you heard the story about the RAT that pretended to be a RAT? If not, you’d better sit down for this one. There’s a RAT in my kitchen Last month, a malicious package, ethereumvulncontracthandler, was identified on the npm registry. It disguised itself as a Remote Access Tool (RAT), posing as a library for detecting vulnerabilities in Ethereum smart contracts. Instead of detecting said vulnerabilities, it dropped an open-source remote access trojan called Quasar Remote Access Trojan (RAT) onto developer systems. To delve a little deeper into this process, following installation, the program works through retrieving and executing a…

SlashNext has released its 2024 Phishing Intelligence Report, a comprehensive study identifying and analyzing the vectors most exploited by cybercriminals in the past year. The findings and how the data is trending form recommendations for organizations on the best areas to strengthen their security defenses against attacks in 2025. Their message to organizations for 2025 is clear: Phishing isn’t an email-only problem anymore; instead, it is a multi-faceted message security problem that necessitates a change in how organizations tackle threat detection and prevention. Key Findings from the 2024 Report Without wishing to sound hyperbolic, the findings revealed huge increases across…

The US government is imploring water and wastewater organizations to secure internet-exposed human-machine interfaces (HMIs) that provide access to industrial machines against cyberattacks. Unauthorized access to these HMIs can allow malicious actors to view sensitive information and disrupt operations. HMIs are systems or devices that enable interaction between humans and machines, allowing users to control and monitor the performance of machinery, systems, or devices. The move to urge these critical industries to act comes from observing threat actors demonstrating the capability to find and exploit internet-exposed HMIs with cybersecurity deficiencies. A recently jointly released statement from the Environmental Protection Agency…

Almost three-quarters (71%) of UK consumers believe that nefariously named ‘Grinch bots’ are ruining Christmas by acquiring all the best presents. This was one of the findings of new research from Imperva, a Thales company. Grinch bots are automated programs set up to monitor trending retail items and quickly purchase all available stock when such in-demand products are listed online. The purchases are then re-sold on the secondary market for profit, Imperva’s projections indicate that the price of the country’s most popular gifts is inflated by up to as much as 105% on resale sites—a process that leaves genuine shoppers…

If you look inside your cybersecurity Christmas cracker later this month to discover a riddle asking – What takes an hour to execute, requires no user interaction, and doesn’t generate any notifications? You might be spitting your sherry out when you reverse the little strip of paper to learn that the answer is a critical vulnerability identified in Microsoft’s Multi-Factor Authentication (MFA) implementation. A report released this week from Oasis Security’s research team has detailed the recent discovery, explanation, and remediation of a critical vulnerability in Microsoft’s MFA implementation. Bypassing MFA The report details how attackers were able to bypass…

The FCC has released a statement calling for urgent actions to strengthen U.S. communications systems against cyberattacks in light of recent foreign intrusions, with ‘state-sponsored cyber actors from the People’s Republic of China’’ directly named as a perpetrator. In the statement, FCC Chairwoman Jessica Rosenworcel asserted that technological advancements being utilized by America’s adversaries necessitated the adaption and reinforcement of U.S. defenses. Taking Action To ensure the U.S. is brought up to speed to combat the ever-evolving threat landscape, Rosenworcel proposed specific action to ensure the protection of U.S. communications critical infrastructure. The action includes a draft ruling requiring Telecommunications…