The Philippines Department of Information and Communications Technology (DICT) earlier this week flagged the growing cyber-attacks against Philippine government websites, including those of the Executive branch and some lawmakers, ahead of the midterm elections. “We are constantly under attack from different sectors, from hackers, from scammers,” DICT Secretary Ivan John E. Uy told a news briefing at the presidential palace. “These are persistent threat actors. We have detected a significant
All Articles (2425)
Sort by
An Android malware called FireScam tricks people into thinking they are downloading a Telegram Premium application that clandestinely monitors victims' notifications, text messages, and app activity while stealing sensitive information via Firebase services.
Cyfirma researchers spotted the new infostealer with spyware capabilities. They said the malware is distributed through a GitHub.io-hosted phishing website miming RuStore, a popular Russian Federation app store.
The phishing site delivers a
Ransomware gang, Brain Cipher, has begun leaking sensitive data stolen from Rhode Island’s RIBridges social services platform earlier in December 2024. The integrated system, which managed healthcare, social services, and food assistance programs, served some 650,000 citizens including minors, before being taken offline. Exposed information was confirmed by Governor McKee to contain names, addresses, birthdates, social security numbers, and banking details. Screenshots also suggest that the st
A superseding criminal complaint filed in the US District of New Jersey was unsealed on 30 December 2024, charging a dual Russian and Israeli national for being a developer of the LockBit ransomware group. In August 2024, Rostislav Panev, 51, a dual Russian and Israeli national, was arrested in Israel under a US provisional arrest request to extradition to the United States. Panev is currently in custody in Israel pending extradition on the charges in the superseding complaint. [1]
See: https://
While you always want to be careful where you click online, a new variation on the classic clickjacking attack should give you pause when a site asks you to double-click on something. As reported by Cybernews, Amazon security engineer Paulos Yibelo has shed light on a new version of this attack that can be used to disable security settings, delete an account or even take over your existing accounts. As the name suggests, clickjacking is an attack method where hackers, scammers or other cybercr
If incidents this year are any indication, deepfakes and “harvest now, decrypt later” attacks increased by the growing adoption of quantum computing projects are among the many concerns organizations in the Asia-Pacific (APAC) region must address in 2025. Over the past year, cybercriminals operating in the APAC region have increasingly leveraged AI to launch sophisticated campaigns such as AI-generated phishing emails, adaptive malware, and deepfakes. The attacks have undermined trust in critica
Cloud environments are constantly under attack, with sophisticated threat actors employing various techniques to gain unauthorized access. One such actor, called EC2 Grouper, has become a notable adversary for security teams.
According to the latest research from Fortinet’s FortiGuard Labs Threat Research team, this group is characterized by its consistent use of AWS tools and a unique security group naming convention in its attacks. Researchers tracked this actor in several dozen customer env
Krispy Kreme has acknowledged that the December 2024 disruption to its online ordering system resulted from a cyber attack. Krispy Kreme operates four bakeries known as “Doughnut Factories,” 1,521 retail shops, and over 15,000 delivery locations in the United States. It also partnered with McDonald’s to avail its crispy doughnuts to the restaurant chain’s customers across the country. “We’re experiencing certain operational disruptions due to a cybersecurity incident, including with online or
The Iran-linked APT group Charming Kitten has been observed using a C++ variant of the BellaCiao malware, named BellaCPP. BellaCiao, a .NET-based malware, combines webshell persistence with covert tunneling. The malicious code was first spotted in April 2023 by Bitdefender, its PDB paths reveal valuable insights, including a versioning scheme. Recently investigators discovered a BellaCiao malware sample on a computer in Asia, along with a related C++ reimplementation of an older BellaCiao vers
Emerging technologies have made CISOs strategic in their company’s growth. CISOs are now expected to be key decision-makers, influencing corporate strategy and guiding their organizations through the complexities of the current age. They are slowly transitioning from technical experts in security architecture, security operations, infrastructure security, and network security to visionaries in strategic cybersecurity and business growth. As they make this transition, it is increasingly vital for
Cyberattacks utilizing generative artificial intelligence (GenAI) technology as a tool are expected to grow next year, a government report reported recently. In 2025, hacking groups are expected to increasingly use various generative AI models, such as ChatGPT, to create spear phishing emails customized to their attack subjects and fake news materials to be used for political propaganda, according to the annual cybersecurity report issued by the Ministry of Science and ICT. “It will be difficu
CISA warns US federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. Tracked as CVE-2024-35250, this security flaw is due to an untrusted pointer dereference weakness that allows local attackers to gain SYSTEM privileges in low-complexity attacks that don't require user interaction. While Microsoft did not share more details in a security advisory published in June 2024, the DEVCORE Research Team [1] that found the flaw and report
You know, I really hate saying, “I told you so….but….” Back in 2013, I witnessed the capabilities of the Pegasus spyware. I was introduced to the NSO group through an Israeli colleague of mine, where our friendship went back to just after the 9-11 attacks. Right in front of me, NSO actually took control of a cell phone (though a demo, I hoped). They then touted the magnitude of what this type of surveillance could provide to law enforcement and governments. I immediately said, “if that was
Healthcare facilities keep getting attacked. Earlier this year, hospitals with the Ascension network in Kansas were hit with a ransomware attack that has left a lasting impact. Now, the company is reaching out to patients who may have had their personal data compromised by the situation. Ascension shared a new update on Dec. 19 regarding the cyber-attack and will now contact people whose data was impacted. Ascension said the type of data is varied but can include medical, payment, insurance,
In February 2024, Microsoft released an update to Exchange Server which contained a security improvement referenced by CVE-2024-21410 that enabled Extended Protection for Authentication (EPA) by default for new and existing installs of Exchange 2019. While we’re currently unaware of any active threat campaigns involving NTLM relaying attacks against Exchange, we have observed threat actors exploiting this vector in the past.
With the release of Windows Server 2025 earlier this month, we releas
There are many Android TV boxes out there for sale. Some are surprisingly cheap. Before you consider pulling the trigger on that cheap Android TV box, think again. This is because according to a report from the researchers at BitSight, the BadBox malware is back and that it has managed to infect close to 200,000 devices so far.
What is BadBox? BadBox is an Android malware that is thought to be based on the “Triada” malware family. It infects devices made by lesser-known manufacturers. The at
Software supply chain management platform Sonatype’s latest research shared with Hackread.com reveals that on 20 December 2024, popular npm packages @rspack/core and @rspack/cli were compromised by attackers who accessed a compromised npm token. According to Sonatype’s blog post, these attackers then published malicious versions (1.1.7) of these packages.
Sonatype’s automated malware detection systems quickly caught these malicious versions and blocked them for users using Nexus Repository Firew
Believe it or not, many do their gift shopping AFTER Christmas. Why? Because the deals are in plenty. Cyber shopping is no different, but……. Seemingly innocent "white pages," including an elaborate Star Wars-themed site, are bypassing Google's malvertising filters, showing up high in search results to lure users to second-stage phishing sites. Threat actors appear to have found yet another innovative use case for artificial intelligence in malicious campaigns: to create decoy ads for foolin
Several years ago, I presented a joint panel discussion in Las Vegas on the integration of Physical and Cyber Security, in conjunction with Human Relations departments. I am not sure that message has resonated within all the various business sectors, but many are adopting this new synergy. Red Sky would like to provide some security predictions for 2025.
Cyber Security - 12 CIS Experts' Cybersecurity Predictions for 2025: The 2024 general election...the CrowdStrike Falcon outage...insider thre
A thwarted attack demonstrates that threat actors are using another delivery method for the malware, which has already been spread using phishing emails, malvertising, hijacking instant messages, and SEO poisoning. The DarkGate remote access Trojan (RAT) has a new attack vector: A threat actor targeted a Microsoft Teams user via a voice call to gain access to their device. Researchers said the attack adds to the other methods for spreading the RAT, which previously has been propagated using phis
