Author: Kirsten Doyle

Cybersecurity researchers from Sekoia have discovered a new Adversary-in-the-Middle (AiTM) phishing kit named “Sneaky 2FA,” targeting Microsoft 365 accounts. First discovered in December last year, this phishing kit has been active since at least October 2024 and is distributed as a Phishing-as-a-Service (PhaaS) through a Telegram bot called “Sneaky Log.” Subscribers receive an obfuscated version of the source code, allowing them to deploy the phishing kit independently. Bypassing 2FA This scourge has several key features: Readily Available for Purchase Elad Luz, Head of Research at Oasis Security, says this threat is particularly deceptive for several reasons. “The links in the phishing…

Today marks the enforcement of the Digital Operational Resilience Act (DORA), a regulation aimed at strengthening the financial sector’s defenses against cyber threats and operational risks. With its focus on ICT risk management, incident reporting, and operational resilience, DORA sets a new benchmark for compliance and preparedness across Europe’s financial institutions and beyond. But what does this mean for banks, financial service providers, and their extended networks? How are entities preparing to meet these robust standards, and what challenges lie ahead? Industry leaders share their insights, offering guidance on navigating this regulatory milestone while leveraging it as a catalyst for…

In an international effort, the US Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) have successfully eliminated a sophisticated malware threat known as “PlugX” from over 4,200 computers across the United States. The malware, used by bad actors sponsored by the People’s Republic of China (PRC), has targeted global victims since 2014. The multi-month operation, which involved collaboration with French law enforcement and the cybersecurity company Sekoia.io, was authorized by court orders issued in the Eastern District of Pennsylvania. Hackers linked to the PRC, operating under the aliases “Mustang Panda” and “Twill Typhoon,” exploited the PlugX malware…

A sophisticated Python-based backdoor, potentially developed using AI, has been identified as a critical tool for RansomHub affiliates to infiltrate and maintain access to compromised networks. The discovery, made by Andrew Nelson, Principal Digital Forensics and Incident Response (DFIR) Consultant at GuidePoint Security, reveals new tactics being used by ransomware gangs. A Lucrative Model RansomHub, a Ransomware-as-a-Service (RaaS) operation that debuted in February 2024, has rapidly gained notoriety in the cybercrime ecosystem. Known for its generous affiliate payment structure and multi-platform capabilities, the group is a formidable threat to entities worldwide. RansomHub offers a generous 90/10 payment split, allowing affiliates…

As January reaches its midpoint, more cybersecurity experts have weighed in on what the year ahead holds for the industry. From the rapid advancement of artificial intelligence to evolving strategies in application security and a renewed focus on education and workforce training, 2025 promises to be a transformative year. Entities in every sector face a growing need to adapt to sophisticated threats, regulatory changes, and an increasingly interconnected digital ecosystem. In this article, we explore the predictions shared by leading voices in cybersecurity and the innovations shaping how we protect data, systems, and people in the year ahead. Dan Bridges,…

The Wiz Incident Response team is actively addressing multiple security incidents linked to CVE-2024-50603, a critical unauthenticated remote code execution (RCE) vulnerability in Aviatrix Controller. The vulnerability was discovered by Jakub Korepta of Securing. This flaw, rated the maximum CVSS score of 10.0, poses a severe risk of privilege escalation within AWS cloud environments. Entities using Aviatrix Controller are strongly advised to apply patches immediately. Data from Wiz indicates that approximately 3% of enterprise cloud environments use Aviatrix Controller. Of these, 65% have configurations enabling lateral movement to cloud administrative permissions—a concerning statistic given the potential for widespread damage. A High-Impact Security Threat This vulnerability…

In a move to cement the US’s position as a global leader in artificial intelligence (AI), the Biden-Harris Administration has unveiled an Interim Final Rule on AI Diffusion. The policy hopes to improve national security and economic strength while ensuring the responsible global deployment of US AI technology. According to a White House press statement, “In the wrong hands, powerful AI systems have the potential to exacerbate significant national security risks, including by enabling the development of weapons of mass destruction, supporting powerful offensive cyber operations, and aiding human rights abuses, such as mass surveillance. Today, countries of concern actively…

Meta’s jaw-dropping announcement that it is ending its third-party fact-checking program is likely to trigger increased activity from fake accounts and troll farms, which specialize in disseminating intentional falsehoods. The social media giant’s decision to end its fact-checking initiatives raises serious concerns about a potential flood of online disinformation and its broader societal implications. Fact-checkers have been instrumental in helping users recognize fake news and other false information by flagging potentially misleading content and offering links to credible sources. Rather than removing content, the system provided users with the context necessary to make informed choices. Meta, not the fact-checkers, made…

Three Russian nationals have been charged for their involvement in operating cryptocurrency mixing services Blender.io and Sinbad.io, according to an indictment unsealed on January 7 by a federal grand jury in the Northern District of Georgia. The charges stem from an extensive investigation into the laundering of criminal proceeds through these platforms, which authorities allege facilitated cybercrime and jeopardized national security. Roman Vitalyevich Ostapenko, 55, and Alexander Evgenievich Oleynik, 44, were arrested on 1 December last year following the dismantling of Sinbad.io’s infrastructure in late 2023. A third defendant, Anton Vyachlavovich Tarasov, 32, remains at large. The Allegations According to…

Medusind, a healthcare revenue cycle management provider, has disclosed a data breach that compromised the personal and health information of 360,934 people. The breach, which happened over a year ago, affirms the ongoing cybersecurity challenges in the healthcare sector. The company, which operates 12 locations across the US and India and supports more than 6,000 healthcare providers, detected suspicious activity on its network on 29 December 2023. It immediately took its systems offline and enlisted a cybersecurity forensic firm to investigate. In a breach notice sent to affected individuals, Medusind confirmed that a “cybercriminal may have obtained a copy of…