Latest Cybersecurity News and Articles


UK Defence Secretary Jet Hit by Electronic Warfare Attack in Poland

19 March 2024
Russian hackers launched an electronic warfare attack that disabled the GPS and communications systems of UK Defence Secretary Grant Shapps' RAF Dassault Falcon 900 jet while flying near Kaliningrad.

New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT

19 March 2024
A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu. "The PhantomBlu operation introduces a nuanced exploitation method, diverging from NetSupport RAT’s typical delivery mechanism by leveraging OLE (Object

E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials

19 March 2024
A 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands of compromised credentials, the Department of Justice (DoJ) announced. Sandu Boris Diaconu was charged with conspiracy to commit access device and computer fraud and possession of 15 or more unauthorized

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics

18 March 2024
A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as Kimsuky. "The malware payloads used in the DEEP#GOSU represent a

Fujitsu Found Malware on IT Systems, Confirms Data Breach

18 March 2024
An announcement published late last week on the firm's news portal discloses a major cybersecurity incident that has compromised systems and data, including sensitive information of customers.

UK: NCSC Releases Cloud SCADA Security Guidance

18 March 2024
The NCSC released guidance for operational technology (OT) organizations on migrating their SCADA systems to the cloud. This guidance aims to help organizations assess the benefits and risks of cloud-hosted SCADA to make informed decisions.

Report reveals an increase in cloud account compromise incidents

18 March 2024
A new report highlights new and continuing threat trends that security leaders must prepare to face in the coming years. 

Evasive Azorult Campaign Delivers Malicious Payload Through Google Sites

18 March 2024
This campaign is noteworthy as it uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website.

Charles Henderson hired as EVP of Cyber Security at Coalfire

18 March 2024
Charles Henderson was hired as EVP of Cyber Security at Coalfire with experience in threat intelligence, incident response and penetration testing.

New Acoustic Side-Channel Attack Determines Keystrokes From Typing Patterns

18 March 2024
Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise.

Filipino Police Break up Forced Labor Cyber Operation

18 March 2024
The victims were lured into slavery with false job offers and were forced to adopt fake identities to extract money from their victims through promises of cryptocurrency wins, investments, and romance.

Earth Krahang APT Exploits Intergovernmental Trust to Launch Cross-Government Attacks

18 March 2024
The APT campaign targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa. It exploits public-facing servers and sends spear-phishing emails to deliver backdoors.

Moldovan Citizen Sentenced in Connection With the E-Root Marketplace Case

18 March 2024
Moldovan national Sandu Boris Diaconu was sentenced to 42 months in federal prison for operating the E-Root cybercrime marketplace, which facilitated the sale of compromised computer credentials.

Hackers Directly Target Individuals After Alleged Data Breach at New Zealand Media Company

18 March 2024
MediaWorks, a company based in New Zealand, says it is investigating an alleged security incident after a hacker claimed to have stolen the data of just over 2.4 million people and began targeting individuals for extortion payments.

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

18 March 2024
Historical domain registration records suggest that the founder of Onerep, Dimitri Shelest, has been involved in numerous people-search services, indicating potential conflicts of interest.

Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool

18 March 2024
Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. "A directory traversal within the 'ftpservlet' of the FileCatalyst Workflow

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

18 March 2024
Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website," Netskope Threat Labs

Human Risk Factors Remain Outside of Cybersecurity Pros’ Control

18 March 2024
Concerns are especially high in the public sector, with 87% worrying about employee email and social media lapses damaging their institutions, according to a Mimecast report.

'Gitgub' Malware Campaign Targets GitHub Users with RisePro Info-Stealer

18 March 2024
Multiple GitHub repositories were hosting cracked software designed to deliver the RisePro info-stealer, indicating a widespread campaign to distribute the malware. The repositories were taken down by GitHub, and all used the same download link.

CISA Launches 911 Cybersecurity Hub Empowering Emergency Responders

18 March 2024
The hub offers a centralized repository of essential resources and expertise, sourced from federal agencies, industry partners, academia, and the private sector, to enhance the cybersecurity posture of Emergency Communications Centers (ECCs).