Kirsten Doyle

As entities of every sector move more apps and workloads to the cloud, security is becoming a top priority. Microsoft Azure, one of the world’s most popular cloud platforms, provides a range of security tools and best practices to help businesses protect their assets stored in their environments.   However, securing an Azure environment is about more than just enabling default protections—it’s about helping users maintain compliance, too. This takes a forward-thinking approach to identity management, network security, logging, and monitoring. To strengthen security, Microsoft has made several key changes, including mandatory Multi-Factor Authentication, new AI-driven security integrations, and enhancements to…

Jeremiah Fowler, an experienced cybersecurity researcher at vpnMentor and co-founder of Security Discovery, has uncovered a massive data exposure involving nearly 2.7 billion records linked to Mars Hydro, a China-based manufacturer of IoT-enabled grow lights. The breach, which included sensitive Wi-Fi credentials, IP addresses, and device details, underscores ongoing concerns about IoT security and data privacy.  Fowler discovered the unprotected database and reported it to vpnMentor. The publicly accessible trove contained 2,734,819,501 records totaling 1.17 terabytes of data, exposing logging, monitoring, and error records for IoT devices sold globally. The records included: The database appeared to belong to LG-LED SOLUTIONS…

eSentire’s Threat Response Unit (TRU) has uncovered a new cyber espionage campaign leveraging a legitimate Adobe executable to sideload the EarthKapre/RedCurl loader. The attack specifically targeted a firm in the Legal Services industry, highlighting the group’s persistent focus on corporate espionage. A Sophisticated Attack Chain The TRU team said the initial foothold was gained through a phishing campaign, where targets received a PDF file masquerading as an Indeed job application. The PDF contained links to a ZIP archive with an ISO image. Once the victim opened the image file, they encountered what appeared to be a CV file (“CV Applicant…

Espionage actors linked to China may be diversifying their operations, as new evidence points to the use of espionage tools in a recent ransomware attack against a South Asian software and services company.   Symantec Threat Intelligence reports that the attack, involving the RA World ransomware, stands out due to the distinct toolset typically associated with China-based espionage groups, raising questions about the motivations behind this cross-over from traditional espionage to financially driven cybercrime. Espionage Toolsets Deployed In late 2024, a cyberattack targeting an Asian software company saw the deployment of tools historically used by China-linked espionage actors. These tools, usually…

As people celebrate Valentine’s Day today, malicious actors are jumping on the love bandwagon in an opportunity to exploit heightened emotions and consumer spending with a wave of scam emails. According to the latest findings from Bitdefender Antispam Lab, a whopping 50% of all Valentine’s Day-themed spam emails between 13 January 13 and 7 February this year, were classified as scams—a steep rise from 25% in 2024. Similarly, new data from KnowBe4 revealed a 34.8% spike in Valentine’s Day-related phishing attacks compared to February 2024. Love Is in the Air—and So Are Phishing Scams Bitdefender’s research highlights a growing trend…

The Russia-linked threat actor known as Seashell Blizzard has assigned one of its subgroups to gain initial access to internet-facing infrastructure and establish long-term persistence within targeted entity, a Microsoft report has revealed. Also dubbed APT44, BlackEnergy Lite, Sandworm, Telebots, and Voodoo Bear, Seashell Blizzard has been active since at least 2009 and is believed to be linked to Russia’s General Staff Main Intelligence Directorate (GRU) military unit 74455. Targeting Critical Sectors Observed activities following initial access suggest that this campaign allowed Seashell Blizzard to infiltrate global targets across critical sectors, including energy, oil and gas, telecommunications, shipping, arms manufacturing,…

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a new Secure by Design Alert warning about the risks posed by buffer overflow vulnerabilities in software. The alert, titled “Eliminating Buffer Overflow Vulnerabilities,” highlights the need for secure software development practices to prevent malicious actors from exploiting these weaknesses. Buffer overflow vulnerabilities, a common flaw in software design, can be exploited to compromise systems, leading to data corruption, unauthorized code execution, program crashes, and sensitive information being exposed.   Threat actors often use these vulnerabilities as an entry point to infiltrate networks and move…

In the short time since its debut, DeepSeek has made waves in the AI industry, garnering praise as well as scrutiny. The model’s meteoric rise has fueled debate over its claimed efficiency, intellectual property worries, and its general reliability and safety. A week ago, Information Security Buzz wrote about how a Qualys security analysis raised significant red flags about DeepSeek-RI’s risks, especially in enterprise and regulatory settings.  Now, fresh research from AppSOC has uncovered more alarming security risks associated with the DeepSeek-R1 model, raising critical questions about its suitability for enterprise use. Massive Security Failures The AppSOC Research Team conducted an…

The UK and the US have opted not to sign an international agreement on artificial intelligence (AI) at a global summit held in Paris. The declaration—endorsed by multiple countries including France, China, and India—commits to an “open,” “inclusive,” and “ethical” approach to AI development.  The UK government issued a brief statement explaining that it refrained from signing due to concerns over national security and “global governance.” Earlier, US Vice President JD Vance warned summit delegates that excessive regulation of AI could “kill a transformative industry just as it’s taking off.” Open, Transparent, Ethical The signed declaration stresses the importance of…

Cybercriminals are rapidly evolving their tactics for exploiting large language models (LLMs), with recent evidence showing a surge in LLMjacking incidents. Since Sysdig TRT first discovered LLMjacking in May 2024,  it says attackers have continuously adapted, targeting new models such as DeepSeek and monetizing stolen credentials through proxy services.  The rapid rise of DeepSeek, an advanced AI model, has not gone unnoticed by malefactors. Following the release of DeepSeek-V3 on 26 December 2024, attackers integrated it into OpenAI Reverse Proxy (ORP) instances within days. A similar pattern followed the launch of DeepSeek-R1 on 20 January this year, highlighting the speed…