Author: Kirsten Doyle

A new malware strain, Winos4.0, is actively used in cyberattack campaigns. Discovered by FortiGuard Labs, this advanced malicious framework, which evolved from the infamous Gh0strat, is equipped with modular components enabling a range of malicious activities on compromised devices. These attacks have been identified in gaming-related applications like installation tools and optimization utilities, which serve as delivery mechanisms for the malware. Winos4.0 provides threat actors with comprehensive functionality, stability, and control over targeted systems, allowing them to carry out complex commands remotely. FortiGuard Labs reported seeing this framework deployed in campaigns such as “Silver Fox,” indicating its capability to infiltrate…

In a move to improve account security, Google Cloud has announced that it will require multi-factor authentication (MFA) for all users worldwide by the end of 2025. This decision aims to enhance security, especially as cloud environments become increasingly vulnerable to sophisticated attacks. In a recent blog, Google said the MFA requirement will be implemented in three key phases: The Importance of MFA in Cybersecurity Google Cloud introduced 2-Step Verification (2SV) in 2011, making MFA accessible to millions and significantly reducing the risks associated with password theft. Understanding the need for stronger defenses against advanced threats, Google introduced phishing-resistant security…

In a major breakthrough, Google’s AI-powered research tool, Big Sleep, discovered a vulnerability in SQLite, one of the most widely used database engines in the world. The Google Project Zero and Google DeepMind teams recently shared this milestone in an official blog post, marking a first for AI-driven vulnerability detection in real-world software. The vulnerability found by Big Sleep was a stack buffer underflow in SQLite, which could potentially allow malicious actors to manipulate data in ways that compromise database integrity. Discovered and reported in early October, the SQLite development team patched the vulnerability on the same day, averting any…

Attackers are leveraging DocuSign’s API to distribute authentic-looking invoices at scale, exploiting legitimate business channels to bypass traditional security measures. Using paid DocuSign accounts and customized templates, malefactors mimic reputable companies, such as Norton, to send convincing invoices through the platform. Revealed in a blog post by Wallarm, this approach evades phishing filters by omitting malicious links or attachments, relying instead on the inherent trust of DocuSign’s platform to deceive recipients. Beyond Traditional Phishing: An Evolution in Attack Sophistication Phishing attacks have traditionally depended on fake emails with malicious links or attachments to trick users into divulging sensitive information. However,…

Mobile security company Zimperium’s zLabs team has uncovered an advanced variant of the FakeCall malware that employs “Vishing” (voice phishing) to deceive mobile users into sharing sensitive information, such as login credentials and banking details. This sophisticated malware campaign highlights an evolving threat landscape where malicious actors exploit mobile-specific features to conduct increasingly deceptive phishing attacks. Vishing, a form of mobile-targeted phishing, uses fake phone calls or voice messages to trick victims into divulging private information. Zimperium says that Vishing is part of a broader category of mobile phishing, referred to as “Mishing,” which includes various attack methods that capitalize…

Since August last year, Microsoft has identified a surge in intrusion activity with attackers using sophisticated password spray techniques to steal credentials from multiple customers. The company has linked this wave of attacks to a network of compromised devices known as CovertNetwork-1658, also called xlogin and Quad7 (7777). According to a recent blog by the tech giant, credentials compromised via CovertNetwork-1658 have been used by Chinese hacking groups, including the threat actor Storm-0940. Since at least 2021, Storm-0940 has gained access through password sprays and brute-force attacks, often targeting high-profile entities such as government entities, think tanks, and legal firms…

This Halloween, it’s not just ghosts and goblins sending chills down our spines—this season brings some truly spine-tingling stats about the state of cybersecurity in 2024. In our “Spooky Security Stats” roundup, we’re revealing findings from several reports published over the past year, each exposing unsettling trends and ominous insights. From record-breaking ransomware attacks to hair-raising data breaches, these statistics serve as a grim reminder of the threats lurking in today’s digital landscape. Brace yourself for a Halloween treat that highlights the unnerving reality of modern cybersecurity risks—consider this your trick-or-treat security style! Hack-O-Lanterns: Phishing Schemes Lighting Up the Dark…

Microsoft Threat Intelligence has issued an alert following the detection of a sophisticated spear-phishing campaign orchestrated by the Russian threat actor known as Midnight Blizzard. Active since 22 October this year, this operation has distributed spear-phishing emails aimed at government agencies, academia, defense organizations, NGOs, and other critical sectors worldwide. “Based on our investigation of previous Midnight Blizzard spear-phishing campaigns, we assess that the goal of this operation is likely intelligence collection,” Microsoft said. It added that the blog it released aims to provide context on these external spear-phishing attempts, which are standard attack techniques and do not represent any…

ReliaQuest has released a detailed investigation into a cyber intrusion that impacted a manufacturing company in October 2024. The attack has been attributed with high confidence to the predominantly English-speaking cyber collective “Scattered Spider,” now partnering with the notorious “RansomHub” gang. Scattered Spider, previously known for affiliations with the ALPHV (BlackCat) ransomware group, has shifted its focus towards high-stakes ransomware attacks, now working with RansomHub to target large organizations for financial gain. Key Findings from the Incident The attackers gained access through a series of social engineering attacks targeting the company’s help desk. Within hours, they encrypted the company’s systems…

A recent cybersecurity report by SecurityScorecard and KPMG reveals that the US energy sector remains at high risk of cyber threats, particularly from third-party sources. This analysis, evaluating 250 top US energy companies, highlights vulnerabilities across the energy supply chain—from oil and gas production to renewable energy—showing that despite strong security practices in many areas, gaps still leave the sector exposed to ransomware, data breaches, and other cyber disruptions. Energy, as a critical infrastructure sector, intersects multiple industries, such as manufacturing, technology, and automotive, making cybersecurity in this field essential for national resilience. As Craig Jones, Vice President of Security…