Defensive tools, offensive research, blue/red team methods
The UK government's Vulnerability Monitoring System has significantly accelerated the patching of DNS vulnerabilities in the public sector. This automated scanning system, implemented as part of a program launched last year, has reduced fix times by 84 percent. The article also briefly mentions Firefox enhancing XSS protection, leadership changes at CISA, and FTC exemptions for certain data collection.
Jake Braun, speaking at DEF CON, expressed frustration with government inaction and called for hackers to develop a "Digital arsenal of democracy." This initiative aims to empower citizens and defend against digital threats.
Google is implementing Merkle Tree Certificates in Chrome to quantum-proof HTTPS. This method shrinks 2.5kB of data into 64-byte space, improving efficiency and security in anticipation of quantum computing threats.
A new remote access trojan (RAT) called Steaelite is being sold on cybercrime networks. This RAT bundles ransomware and data theft capabilities, along with credential and cryptocurrency stealers, and live surveillance features, enabling double extortion attacks.
Experts are advising that major events, such as the FIFA World Cup, should enhance their security measures to include active and passive wireless threats in addition to traditional physical and cyber defenses. This involves addressing vulnerabilities related to wireless communication and drone activity to protect against potential disruptions and security breaches.
Microsoft is testing security improvements in Windows 11 Insider Preview builds that aim to improve the security and performance when executing batch files (CMD scripts). The improvements focus on mitigating potential security risks associated with script execution.
This article discusses the often-overlooked attack surface created by third-party software and the increased risk of exploitation due to unpatched vulnerabilities. Action1 advocates for consistent patching strategies to mitigate exposure across all endpoints, highlighting the importance of managing third-party software vulnerabilities.
The article argues that application security should start at the load balancer, which is often treated as a performance device rather than a security control. The author provides an example from the financial services industry where weak TLS configurations at the load balancer allowed attackers to exploit vulnerabilities. They recommend enforcing strong TLS versions and cipher suites at the load balancer to establish a secure trust boundary.
The article discusses how large language models (LLMs) are impacting security teams, both as productivity tools and potential attack vectors. It suggests approaching LLMs as high-impact systems, defining outcomes, modeling threats, and building controls, and recommends starting with narrow, verifiable workflows before expanding their use.
This article is a guide to upcoming security conferences in 2026, offering a list of events that cover various aspects of cybersecurity. It aims to help cybersecurity professionals stay informed about industry trends and threats by attending these conferences for networking and knowledge gathering.
Aeternum C2 is a new botnet loader that leverages the Polygon blockchain for command and control, making it more resilient to takedown attempts. The botnet stores encrypted commands on the blockchain, avoiding traditional server-based infrastructure.
Trend Micro has addressed two critical remote code execution (RCE) vulnerabilities in its Apex One security software. Successful exploitation of these flaws could allow attackers to execute arbitrary code on affected Windows systems.
A new attack called AirSnitch can break Wi-Fi encryption in homes, offices, and enterprises. The attack potentially compromises the security of guest networks.
Microsoft is expanding the ability for enterprise users to restore their personal settings and Microsoft Store apps from a previous Windows 11 device. This feature aims to streamline the transition process when upgrading or replacing devices, ensuring a consistent user experience.
The Scattered Lapsus$ Hunters (SLSH) cybercrime group is reportedly recruiting women to improve their social engineering tactics, specifically targeting IT helpdesks. They are offering up to $1,000 per call, suggesting a focus on refining their techniques for gaining unauthorized access.
A China-linked espionage group, UNC2814, has been using Google Sheets as a command and control server to spy on telecom providers and government agencies across 42 countries. Google's Threat Intelligence Group (GTIG) and Mandiant disrupted the group's activities, which involved using Google Sheets API functionality to send commands and receive stolen data.
The article discusses the common cybersecurity practice of relying on employees as the 'last line of defense' and argues that it's unrealistic to expect untrained employees to catch threats that sophisticated security tools and professionals miss. The author suggests this approach leads to high false-positive rates and overwhelmed SOC teams, as employees flag normal business operations as potential risks.
Trend Micro has addressed eight critical and high-severity vulnerabilities affecting its Apex One endpoint security products on Windows and macOS. The vulnerabilities could potentially allow attackers to compromise systems.
Google Project Zero researchers analyzed the GetProcessHandleFromHwnd API, noting its potential for exploitation in UAC bypass scenarios. The API allows a caller with UIAccess to obtain a process handle, which can be abused if the caller and target process run as the same user.
The article discusses the benefits of using open-source security tools for cybersecurity. It highlights that open-source solutions are often supported by active communities and offer numerous high-quality options for preventing breaches and data leaks. It suggests nine open-source security tools that CISOs and their teams should consider using, for purposes such as vulnerability scanning, protocol analysis, forensics, and threat intelligence support.
The article is a guest diary from a SANS Internet Storm Center intern about running a honeypot with AI assistance. It details lessons learned from the experience.
A new remote access trojan (RAT) called Steaelite has emerged, combining data theft and ransomware capabilities into a single tool, available on underground cybercrime sites since November. It allows attackers to perform reconnaissance, credential harvesting, data exfiltration, and soon, ransomware deployment, all from a single dashboard, potentially lowering the barrier to sophisticated double extortion attacks.
Sophos has announced the release of Sophos Workspace Protection, a new product offering. The article highlights the availability of this new protection solution for workspaces.
Recorded Future is partnering with CYBERA to expand its coverage of scams and financial fraud by incorporating money mule intelligence. This collaboration enhances Recorded Future's payment fraud prevention capabilities by leveraging CYBERA's expertise in detecting and verifying data related to scam-linked bank accounts.
A China-linked espionage group, tracked as UNC2814, used Google Sheets as part of its attacks targeting telecommunications companies and government organizations across four continents. Google's threat intelligence team, along with industry partners, disrupted the group's activities.
The article discusses the importance of using password managers to defend against phishing and data breaches by generating and automatically filling unique passwords for each site. It highlights the protections offered by password managers, including preventing password reuse and mitigating the impact of data breaches, while also discussing the evolution of built-in password managers in browsers and operating systems.
The article discusses the importance of using password managers to protect against phishing and data breaches. It acknowledges potential flaws in some password manager implementations but emphasizes that using a password manager remains a critical security investment. It also touches on built-in password managers like iCloud Keychain and Google Password Manager.
A suspected Chinese threat actor conducted a global espionage campaign targeting telecom and government networks. The actor used SaaS API calls to conceal malicious traffic, making detection more difficult.
SolarWinds has released patches for four critical vulnerabilities in its Serv-U product. These vulnerabilities could allow for remote code execution, but they require administrative privileges to exploit.
The Scattered LAPSUS$ Hunters (SLH) cybercrime group is reportedly recruiting women for voice phishing (vishing) attacks targeting IT help desks. They are offering between $500 and $1,000 per call to entice participation in these social engineering campaigns.
Flare's analysis of OpenClaw discussions on Telegram and the dark web reveals significant interest and research hype, but limited evidence of widespread criminal exploitation. The analysis highlights a potential supply-chain risk within the skills marketplace, indicating a need for vigilance despite the lack of current large-scale malicious activity.
The article discusses how poorly implemented security triage processes can increase business risk instead of reducing it. It highlights issues such as indecisiveness, alert fatigue, and escalation leading to missed SLAs and real threats slipping through the cracks.
Attackers are using telephone-oriented attack delivery (TOAD) to bypass email security gateways. These attacks involve emails that contain only a phone number, which recipients are then tricked into calling, leading to further exploitation.
ICS/OT experts have created a new scoring system, akin to the Richter scale, for gauging the magnitude and impact of cyber incidents within operational technology (OT) environments. This system aims to provide a standardized method for assessing the severity and consequences of such events.
Astelia, a company focused on exposure management, has raised $35 million in funding. The company intends to use the funds to expand its AI-based analysis capabilities, increase its workforce, and scale deployments.
Microsoft's KB5077241 optional cumulative update for Windows 11 includes 29 changes, featuring enhancements to BitLocker and the addition of native System Monitor (Sysmon) functionality. The update also introduces a new network speed test tool.
SolarWinds has patched four critical security flaws in its Serv-U file transfer software. These vulnerabilities, if exploited, could allow for remote code execution and the creation of system admin users.
Georgia Tech researchers have identified vulnerabilities in the threat intelligence supply chain that could be exploited by adversaries. They propose a new method to improve data sharing and bolster the integrity of threat intelligence.
A new scam involves fake Zoom meeting invitations that, upon clicking, lead to a convincing imitation of a Zoom video call and silently install Teramind surveillance software on Windows computers. This software allows threat actors to log keystrokes, take screenshots, record website visits and application usage, capture clipboard contents, and track email and file activity.
The article discusses Business Email Compromise (BEC) attacks, highlighting their sophistication and financial impact. It contrasts BEC with phishing, emphasizing that BEC relies on impersonation and social engineering rather than malware, resulting in $2.7 billion in losses in the previous year.
The article discusses various types of ransomware attacks, including crypto ransomware, double extortion ransomware, encryptionless ransomware, locker ransomware, scareware, and Ransomware-as-a-Service (RaaS). It highlights that cybercriminals are constantly seeking vulnerabilities and adapting their tactics to maximize profits, with crypto ransomware being the most common type.
The article discusses common endpoint vulnerabilities, focusing on Remote Desktop Protocol (RDP) as a frequent entry point for attackers. It highlights the risks associated with exposed RDP connections and brute-force attacks, and provides recommendations for securing endpoints, including limiting RDP exposure, enforcing multi-factor authentication, and maintaining proper Windows security configurations.
The 1Campaign platform is being used to create malicious Google Ads that are difficult to detect and remain online longer. This service assists threat actors in circumventing security researchers and Google's detection mechanisms.
CrowdStrike research indicates that attackers are now able to compromise a network in an average of 29 minutes due to factors like credential misuse, AI-powered tools, and security blind spots. This represents a significant acceleration in attacker dwell time, posing a greater challenge to defenders.
The article discusses business email compromise (BEC) attacks, which rely on social engineering rather than malware. It outlines five preventive measures: enforcing MFA, hardening email filters, training employees to spot scams, validating requests, and implementing payment verification procedures.
This CSO Online article discusses business email compromise (BEC) attacks, highlighting their cost and common tactics. It outlines several red flags to watch out for, including suspicious sender behavior (domain tweaks, display name tricks, reply-to changes, and fresh domains) and timing/contextual red flags (urgent requests, CEO authority claims).
Sophos has launched Sophos Workspace Protection, a new offering designed to provide comprehensive security for modern work environments. This solution integrates endpoint protection, threat detection, and response capabilities to safeguard against evolving cyber threats.
SolarWinds Serv-U has four critical vulnerabilities that can allow attackers to execute code as root. Users are advised to patch immediately to mitigate the risk.
The article discusses the importance of shifting from a reactive to a proactive approach to cybersecurity, highlighting the increasing speed and sophistication of AI-driven attacks. It emphasizes the need for efficient automation, an integrated platform, and a focus on layered security controls, zero trust, multi-cloud infrastructure, and security by design.
The SANS Internet Storm Center article discusses open redirect vulnerabilities, which involve redirecting users to arbitrary URLs, often overlooked and misunderstood. While seemingly harmless, these redirects can be exploited for phishing and other malicious activities.
