Kirsten Doyle

Volt Typhoon, a stealthy and resilient state-sponsored cyber-espionage group has re-emerged as a severe and silent threat to critical infrastructure worldwide, demonstrating increased sophistication and determination. In January this year, the US Department of Justice said it disrupted the People’s Republic of China-backed hacking group that attempted to target America’s critical infrastructure. The group infected “hundreds” of outdated Cisco and Netgear routers with malware so that they could be used to attack US critical infrastructure facilities. SecurityScorecard’s STRIKE Team has identified the group’s resurgence, exploiting unprotected and outdated edge devices across essential sectors and escalating the global threat landscape significantly.…

A newly discovered tool named “GoIssue,” marketed on a prominent cybercrime forum, is bringing fresh concerns to the cybersecurity community with its ability to mine email addresses from GitHub profiles and send bulk phishing emails to targeted inboxes. Discovered by SlashNext researchers, this tool, believed to be connected to the notorious GitLoker extortion campaign, highlights an alarming trend in phishing tactics that now threatens not only individual developers but entire organizations. Security researcher Daniel Kelley warns that GoIssue’s capabilities could lead to far more than standard phishing incidents. Its potential extends to source code theft, supply chain vulnerabilities, and corporate…

Check Point Research has uncovered a sophisticated phishing campaign that uses a newly updated version of the Rhadamanthys Stealer, a notorious malware that steals sensitive data from infected systems. The campaign, identified as “Rhadamanthys.07,” deceives victims through emails that appear to come from well-known companies, alleging copyright infringement on social media. New Phishing Tactics and AI-Enhanced Techniques In this campaign, attackers pose as legal representatives from respected brands, sending emails through fake Gmail accounts that accuse recipients of brand misuse on social platforms. These emails, personalized to each target, urge the recipient to download a file to remove the offending…

A new investigation by the consumer advocacy group Which? reveals a worrying trend: everyday smart devices, from air fryers to televisions, are collecting excessive amounts of user data, often with no clear explanation or transparency on how it will be used. The study found that some of these gadgets, including popular air fryer and smartwatch models, are asking for permissions that go beyond what is necessary for their primary functions—raising significant privacy concerns. Excessive Permissions and Data Sharing Among the more surprising revelations, Which? researchers found that certain air fryer models, including those from Xiaomi and Aigostar, request access to…

A new malware strain, Winos4.0, is actively used in cyberattack campaigns. Discovered by FortiGuard Labs, this advanced malicious framework, which evolved from the infamous Gh0strat, is equipped with modular components enabling a range of malicious activities on compromised devices. These attacks have been identified in gaming-related applications like installation tools and optimization utilities, which serve as delivery mechanisms for the malware. Winos4.0 provides threat actors with comprehensive functionality, stability, and control over targeted systems, allowing them to carry out complex commands remotely. FortiGuard Labs reported seeing this framework deployed in campaigns such as “Silver Fox,” indicating its capability to infiltrate…

In a move to improve account security, Google Cloud has announced that it will require multi-factor authentication (MFA) for all users worldwide by the end of 2025. This decision aims to enhance security, especially as cloud environments become increasingly vulnerable to sophisticated attacks. In a recent blog, Google said the MFA requirement will be implemented in three key phases: The Importance of MFA in Cybersecurity Google Cloud introduced 2-Step Verification (2SV) in 2011, making MFA accessible to millions and significantly reducing the risks associated with password theft. Understanding the need for stronger defenses against advanced threats, Google introduced phishing-resistant security…

In a major breakthrough, Google’s AI-powered research tool, Big Sleep, discovered a vulnerability in SQLite, one of the most widely used database engines in the world. The Google Project Zero and Google DeepMind teams recently shared this milestone in an official blog post, marking a first for AI-driven vulnerability detection in real-world software. The vulnerability found by Big Sleep was a stack buffer underflow in SQLite, which could potentially allow malicious actors to manipulate data in ways that compromise database integrity. Discovered and reported in early October, the SQLite development team patched the vulnerability on the same day, averting any…

Attackers are leveraging DocuSign’s API to distribute authentic-looking invoices at scale, exploiting legitimate business channels to bypass traditional security measures. Using paid DocuSign accounts and customized templates, malefactors mimic reputable companies, such as Norton, to send convincing invoices through the platform. Revealed in a blog post by Wallarm, this approach evades phishing filters by omitting malicious links or attachments, relying instead on the inherent trust of DocuSign’s platform to deceive recipients. Beyond Traditional Phishing: An Evolution in Attack Sophistication Phishing attacks have traditionally depended on fake emails with malicious links or attachments to trick users into divulging sensitive information. However,…

Mobile security company Zimperium’s zLabs team has uncovered an advanced variant of the FakeCall malware that employs “Vishing” (voice phishing) to deceive mobile users into sharing sensitive information, such as login credentials and banking details. This sophisticated malware campaign highlights an evolving threat landscape where malicious actors exploit mobile-specific features to conduct increasingly deceptive phishing attacks. Vishing, a form of mobile-targeted phishing, uses fake phone calls or voice messages to trick victims into divulging private information. Zimperium says that Vishing is part of a broader category of mobile phishing, referred to as “Mishing,” which includes various attack methods that capitalize…

Since August last year, Microsoft has identified a surge in intrusion activity with attackers using sophisticated password spray techniques to steal credentials from multiple customers. The company has linked this wave of attacks to a network of compromised devices known as CovertNetwork-1658, also called xlogin and Quad7 (7777). According to a recent blog by the tech giant, credentials compromised via CovertNetwork-1658 have been used by Chinese hacking groups, including the threat actor Storm-0940. Since at least 2021, Storm-0940 has gained access through password sprays and brute-force attacks, often targeting high-profile entities such as government entities, think tanks, and legal firms…