The US Treasury Department has sanctioned a Chinese cybersecurity vendor for allegedly trying to spread malware to approximately 81,000 firewall devices from Sophos. The sanctions target Sichuan Silence Information Technology and one of its employees, Guan Tianfeng, “for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide,” the Treasury Department said in last Tuesday’s announcement. “More than 23,000 of the compromised firewalls were in the United States,” the
All Articles (2531)
Sort by
Tinexta Cyber and SentinelLabs have tracked threat activities targeting business-to-business IT service providers in Southern Europe. Based on the malware, infrastructure, techniques used, victimology, and the timing of the activities, researchers have assessed that it is highly likely a China-nexus threat actor conducted these attacks with cyberespionage motivations.
The relationships between European countries and China are complex and characterized by cooperation, competition, and underlying
The FTC announced on 03 December 2024 that it had banned data brokers Mobilewalla and Gravy Analytics from harvesting and selling Americans' location tracking data linked to sensitive locations, like churches, healthcare facilities, military installations, and schools. The FTC says Mobilewalla and Gravy Analytics unlawfully collected and sold location data collected from consumers, including data linked to their visits to places of worship and health-related locations.
Virginia-based Gravy Analy
As soon as transactions of data and money started to become commonplace on the internet criminals sensed a whole new vista opening up to them. Since then, it has been a constant game of cat and mouse trying to stay one step ahead of the cybercriminals, too often with the hackers coming out on top.
According to the figures there were over 2,300 attacks recorded in 2023. That might not sound too serious. But the nature of an attack means that many people are affected by each one. In this case
DMM Bitcoin is a cryptocurrency exchange based in Japan, operated by DMM Group, a large Japanese e-commerce and entertainment conglomerate. Launched in 2018, the platform allows users to trade various cryptocurrencies, including Bitcoin, Ethereum, and Ripple, through spot trading and leverage trading services. In June 2024, the Japanese cryptocurrency exchange announced that cybercriminals stole 4,502.9 Bitcoin (BTC), approximately $304 million (48.2 billion yen), from its wallets.
“At approxima
Stoli Group's U.S. companies https://stoli-group.com have filed for bankruptcy following an August 2024 ransomware attack and Russian authorities seizing the company's remaining distilleries in the country. Chris Caldwell, the President and Global Chief Executive Officer of Stoli USA and Kentucky Owl, the two Stoli Group subsidiaries, said in a recent filing, this comes after the August attack severely disrupted its IT systems, including its enterprise resource planning (ERP) platform.
The cyb
While threat actors continue to rely on many “classic” tactics that have existed for decades, our threat predictions for the coming year largely focus on cybercriminals embracing bigger, bolder, and, from their perspectives, better attacks. From Cybercrime-as-a-Service (CaaS) groups becoming more specialized to adversaries using sophisticated playbooks that combine both digital and physical threats, cybercriminals are upping the ante to execute more targeted and harmful attacks.
In its 2025 thr
Researchers have discovered what they believe is the first-ever malware capable of infecting the boot process of Linux systems. "Bootkitty" is proof-of-concept code that students in Korea developed for a cybersecurity training program they're involved in. Though unfinished, the bootkit is fully functional and even includes an exploit for one of several so-called LogoFAIL vulnerabilities in the Unified Extensible Firmware Interface (UEFI) ecosystem that Binary Research uncovered in November 2023.
Criminals are using text messaging, dating apps, social media, and email to perpetrate a form of financial fraud, most known as 'pig-butchering,' where victims are lured into fraudulent investment schemes. Meta has confirmed it has removed around 2 million scam accounts across its platforms since the beginning of 2024. “This year alone, we’ve taken down over two million accounts linked to scam centers in Myanmar, Laos, Cambodia, the United Arab Emirates, and the Philippines,” says Meta.
See: http
Earlier this week on Cyber Monday, the US Internal Revenue Service (IRS) and its Security Summit partners warned taxpayers to approach their holiday shopping with extra caution because scammers are also shopping, for their next victim’s personal information. The consumer alert kicks off the ninth annual National Tax Security Awareness Week featuring tips for taxpayers and tax professionals to avoid scams and protect their sensitive data. The special week is part of the Security Summit initiati
Trustwave researchers have recently released a report about a phishing campaign they had been tracking which had experienced a significant increase in activity in August of 2024 and targeting primarily Microsoft 365 users. This campaign has been linked to the phishing kit called Rockstar 2FA. The Rockstar 2FA phishing kit has been deemed to be an updated version of the DadSec phishing kit. Microsoft tracks the threat actor behind these phishing kits under the moniker Storm-1575.
Rockstar operat
Imagine a world where every car dealership in the country sells the same bland, featureless sedan. No variety, no personality, just four wheels, a steering wheel, and a shrug-worthy lack of innovation. That’s what one-size-fits-all cybersecurity looks like for managed security service providers (MSSPs): A cookie-cutter offering that nobody truly loves, everyone tolerates, and eventually, someone else customizes better.[1]
Mike Saylor, CEO and co-founder of Black Swan Cybersecurity, has spent
In September 2024, researchers observed an attack using the notorious SmokeLoader malware to target companies in Taiwan, including those in manufacturing, healthcare, information technology, and other sectors. SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks. While SmokeLoader primarily serves as a downloader to deliver other malware, in this case, it carries out the attack itself by downloading pl
FortiGuard Labs gathers data on ransomware variants of interest that are gaining traction within its datasets and the OSINT community. The report below provides brief insights into the evolving ransomware landscape.
Interlock Ransomware Overview - Interlock is a new ransomware variant that was first publicly discovered in an available file-scanning site in early October 2024. This could indicate that the ransomware emerged as early as September. The Interlock ransomware comes in Windows and Free
A ransomware attack on supply chain software firm Blue Yonder in turn hit a dozen big names in food and retail with business disruptions, Starbucks and Walgreens among them. The software is widely used by a range of Fortune 500 companies, and the full list of potentially impacted victims remains unclear. Companies such as grocery giant Kroger (and its recently acquired subsidiary Albertsons), Anheuser-Busch and Ford are known to use the software but have not confirmed any impact as of yet. Se
Network-attached storage devices like NetApp contain volumes of data which are vital to business operations. With broad access available to so many users, protecting NetApp storage from malware is critical to operational stability and integrity. Organizations worldwide face increasingly sophisticated threat actors. AI-powered threat detection can level the playing field, protect business data, and stop attacks before they begin.
The Challenge - Legacy AV solutions have long dominated storage s
Two Internet cables between Germany and Finland, as well as between Lithuania and Sweden, have experienced sudden outages. Located in northern Europe, the Baltic Sea is an active commercial shipping route ringed by nine countries, including Russia. The affected countries, all members of NATO, say that it is unlikely to be accidental. This happened in the same waterway in which a significant gas pipeline and other underground cables were previously damaged in mysterious circumstances in 2022. No,
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate
After being deported from South Korea, a Russian cybercriminal leader has made his first appearance in the US District Court for the District of Maryland to face his charges. Evgenii Ptitsyn, 42, is a Russian national who allegedly administered the sale, distribution, and operation of Phobos ransomware, which has been used against more than 1,000 victims, including public and private entities in the United States and globally. According to the indictment, its affiliates have extorted ransom paym
The US Coast Guard has issued a second security directive warning that Chinese ship-to-shore cranes used widely in the United States pose a cybersecurity risk. Maritime Security Directive 105-5 calls on port operators to take “risk management” measures to mitigate the threats.
Built-in vulnerabilities for remote access and control of the cranes “combined with intelligence regarding China’s interest in disrupting US critical infrastructure, necessitate immediate action,” according to a portion of
