Dark web attacks have existed for years. What’s different now is the scale and sophistication that AI brings to them. The post AI is Making the Dark Web Even Darker appeared first on Security Boulevard.
Category: Threats
Cybercrime, Cybersecurity, Global Security News, Google Threat Intelligence Group, GRU, messaging apps, phishing, Research, Russia, Sandworm, signal, Threats, Uncategorized
Russia-aligned threat groups dupe Ukrainian targets via Signal
Russian state threat groups have compromised Signal accounts used by Ukrainian military and government personnel to eavesdrop on real-time communications, Google Threat Intelligence Group said in a report released Wednesday. “This is a persistent, ongoing campaign being carried out by multiple different Russia-aligned threat actors,” Dan Black, principal analyst at Google Threat Intelligence Group, said…
Asia Pacific, children, china, Cybersecurity, Cynthia Kaiser, fbi, Federal Bureau of Investigation (FBI), Geopolitics, Global Security News, Salt Typhoon, sanctions, telecommunications, telecoms, Threats
Salt Typhoon telecom breach remarkable for its ‘indiscriminate’ targeting, FBI official says
One of the most notable elements of the monumental hack of major telecommunications companies is just how “indiscriminate” it was in its pursuit of data, a top FBI official said Wednesday. The FBI has been investigating the breach, which it has blamed on Chinese government hackers commonly known as Salt Typhoon. “What we found particularly…
Cybercrime, Cybersecurity, Darktrace, edge devices, Exploits, Fortinet, Global Security News, ivanti, Palo Alto Networks, Research, Threats, vulnerabilities, vulnerability
Edge device vulnerabilities fueled attack sprees in 2024
Edge devices harboring zero-day and n-day vulnerabilities were linked to the most consequential attack campaigns last year, Darktrace said in an annual threat report released Wednesday. Darktrace’s threat researchers found the most frequent vulnerability exploits in customers’ instances of Ivanti Connect Secure and Ivanti Policy Secure appliances, along with firewall products from Fortinet and Palo…
Cybersecurity, Exploits, Global Security News, Microsoft, phishing, Research, Russia, Threat Intelligence, Threats, Volexity
Threat researchers spot ‘device code’ phishing attacks targeting Microsoft accounts
Microsoft threat researchers discovered a series of what they are calling “device code” phishing attacks that allowed a suspected Russia-aligned threat group to gain access to and steal data from critical infrastructure organizations, the company said in research released Thursday. The group, which Microsoft tracks as Storm-2372, has targeted governments, IT services and organizations operating…
china, cisco, Cisco IOS XE, Cybersecurity, Exploits, Five Eyes, Global Security News, nation state threats, nation-state hackers, Recorded Future, Research, routers, Salt Typhoon, Threats, vulnerabilities
Salt Typhoon remains active, hits more telecom networks via Cisco routers
Salt Typhoon, the Chinese nation-state threat group linked to a spree of attacks on U.S. and global telecom providers, remains active in its intrusion and has hit multiple additional networks worldwide, including two in the United States, Recorded Future said in a report released Thursday. Recorded Future’s Insikt Group observed seven compromised Cisco network devices communicating…
CVE, Cybersecurity, Exploits, Global Security News, Microsoft, Microsoft Threat Intelligence Center, Research, Russia, Seashell Blizzard, Threats, Uncategorized, vulnerabilities
Russian state threat group shifts focus to US, UK targets
A subgroup of Seashell Blizzard has shifted its focus to targets in the U.S., Canada, Australia and the U.K. within the past year, expanding the scope of its malicious activity, Microsoft’s threat intelligence team said in a report released Wednesday. The initial-access operation, which Microsoft tracks as the “BadPilot campaign,” has allowed the Russian state…
bulletproof hosting, Cybercrime, Global Security News, LockBit, North America, Ransomware, Threats, Treasury Department, Zservers
U.S. sanctions bulletproof hosting provider for supplying LockBit infrastructure
A consortium of U.S., Australian and U.K. officials announced coordinated sanctions Tuesday against Zservers, a Russia-based bulletproof hosting provider. The action targets the company for its role in facilitating ransomware attacks, most notably those conducted by the LockBit ransomware-as-a-service (RaaS) group. Officials detailed that Zservers has long been linked to cybercriminal forums, where it has…
8base, Clop, Cybercrime, Cybersecurity, DoD Cyber Crime Center, Europe, Federal Bureau of Investigation (FBI), Global Security News, LockBit, Ransomware, Threats
Thai authorities detain four Europeans in ransomware crackdown
In a sweeping international law enforcement operation, Thai authorities arrested four Europeans in Phuket, accusing them of orchestrating ransomware attacks affecting Swiss companies worldwide. The suspects are allegedly tied to the 8Base ransomware-as-a-service (RaaS) gang, which extorted $16 million worth of Bitcoin from over 1,000 individuals. The operation, termed “Phobos Aetor,” reflected a tightly coordinated…
AI, Cybersecurity, Global Security News, ReversingLabs, Technology, Threat Intelligence, Threats, Uncategorized
Hugging Face platform continues to be plagued by vulnerable ‘pickles’
Researchers at ReversingLabs have identified at least two machine-learning models on Hugging Face, a popular platform for community AI development, that link to malicious web shells and managed to evade detection through the use of “pickling.” Pickle files are python-based modules that allow a developer to serialize and deserialize code. They’re commonly used by AI…
Akira, ALPHV, Chainalysis, Cybersecurity, Exploits, Federal Bureau of Investigation (FBI), Global Security News, INC, LockBit, Money, Ransomware, Threats, uk
Ransomware payments dropped 35% in 2024
Ransomware payments saw a dramatic 35% drop last year compared to 2023, even as the overall frequency of ransomware attacks increased, according to a new report released by blockchain analysis firm Chainalysis. The considerable decline in extortion payments is somewhat surprising, given that other cybersecurity firms have claimed that 2024 saw the most ransomware activity…
CVE, CVSS, Cybersecurity, Exploits, Global Security News, MITRE, National Vulnerability Database, NIST, Research, Threats, vulnerabilities
Infosec pros: We need CVSS, warts and all
A key pillar of a strong cybersecurity program is identifying vulnerabilities in the complex mix of software programs, packages, apps, and snippets driving all activities across an organization’s digital infrastructure. At the heart of spotting and fixing these flaws is the widely used Common Vulnerability Scoring System (CVSS), maintained by a nonprofit called the Forum…
Data Breaches, Donald Trump, Elon Musk, Exploits, FISMA, Global Security News, Government, OPM breach, Policy, Threats, Treasury Department
Cybersecurity, government experts are aghast at security failures in DOGE takeover
As the world’s richest man and his team from the Department of Government Efficiency continue their quest to dismantle federal agencies, cybersecurity experts, good government experts and Democrats are increasingly expressing outrage and alarm, in some cases likening the actions to an ongoing data breach. Elon Musk and employees from DOGE — which is, legally,…
Cybercrime, Cybersecurity, Exploits, Global Security News, intezer, Research, Solis Security, Threats, VeraCore, XE Group, zero days
From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts
A cybercriminal organization that has been operating for over a decade has moved from credit-card skimming to exploiting zero-day vulnerabilities, according to a joint investigation by cybersecurity firms Solis Security and Intezer. The group, tracked as XE Group, now poses heightened risks to global supply chains, particularly in manufacturing and distribution sectors, by leveraging stealthier…
Citizen Lab, Cybersecurity, Global Security News, ICE, NSO Group, paragon, privacy, Spyware, Technology, Threats, U.S. courts, WhatsApp
WhatsApp says it disrupted spyware campaign aimed at reporters, civil society
WhatsApp said Friday that it had disrupted a spyware campaign that targeted 90 people, including journalists and activists. The company tied to the campaign, according to WhatsApp, is Israeli firm Paragon, which last fall signed a $2 million contract with Immigration and Customs Enforcement and recently was purchased by U.S. private equity giant AE International.…
Cybercrime, Department of Justice (DOJ), Global Security News, HeartSender, phishing kit, Saim Raza, Threats
Department of Justice partners with Dutch police to break up HeartSender network
Authorities in the United States and the Netherlands have dismantled a sophisticated Pakistan-based cybercrime network known as Saim Raza. The operation, dubbed “Operation Heart Blocker,” culminated Wednesday with the coordinated seizure of 39 domains and servers. Also known as HeartSender, Saim Raza was responsible for developing and selling phishing kits, with the Department of Justice…
AI, Artificial Intelligence (AI), Cloud Security, Cybersecurity, deepseek, Global Security News, SQL query, Threats, Uncategorized, wiz
Wiz researchers find sensitive DeepSeek data exposed to internet
A security issue at Chinese artificial intelligence firm DeepSeek exposed over a million lines of sensitive internal data, including user chat histories, API secrets, and backend operational details, according to research published Wednesday by cloud security firm Wiz. The exposure, discovered earlier this month, stemmed from a publicly accessible ClickHouse database linked to DeepSeek’s systems.…
cracked, Cybercrime, Cybersecurity, Federal Bureau of Investigation (FBI), Global Security News, nulled, Threats
FBI seizes major cybercrime forums in coordinated domain takedown
The Federal Bureau of Investigation, along with several other international law enforcement departments, has seized control of several high-profile online platforms linked to cybercrime in a sweeping operation aimed at disrupting digital marketplaces for stolen credentials and hacking tools. The domains of forums Cracked[.]io and Nulled[.]to now redirect to FBI-controlled servers, signaling efforts to dismantle…
attacks, Cybersecurity, Featured, Global Security News, News, Ransomware, Security Awareness, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Spotlight, survey, Threats
Survey Surfaces Extent of Financial Damage Caused by Ransomware Scourge
A global survey of 2,547 IT and cybersecurity practitioners finds 88% work for organizations that experienced one or more ransomware attacks in the past three months to more than 12 months, with well over half (58%) needing to, as a result, shut down operations and 40% reporting a significant loss of revenues. Conducted by the..…
Cloud Security, Cybersecurity, Featured, Global Security News, News, report, Security Awareness, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Spotlight, Threats, Threats & Breaches, vulnerabilities
Google Issues Cloud Security Wake-Up Call as Threats Evolve
A report published by Google Cloud found nearly half (46%) of the observed security alerts involved a service account that was overprivileged. The post Google Issues Cloud Security Wake-Up Call as Threats Evolve appeared first on Security Boulevard.
backdoor, Black Lotus Labs, Cybersecurity, espionage, Europe, FreeBSD, Global Security News, Juniper Networks, Lumen Technologies, routers, Threats, virtual private network (VPN)
New backdoor discovered that specifically targets Juniper routers
Researchers at Black Lotus Labs have uncovered an operation where a back door is dropped onto enterprise-grade Juniper Networks routers and listens for specific network signals, known as “magic packets,” to execute malicious commands. The campaign, which researchers at the cybersecurity wing of Lumen Technologies refer to as “J-Magic,” was active between mid-2023 and mid-2024.…
Asia Pacific, BreachForums, Cybercrime, Department of Justice (DOJ), Global Security News, Pompompurin, Threats
BreachForums founder to be resentenced after court vacates previous punishment
A U.S. appeals court has vacated the initial sentence given to Conor Brian Fitzpatrick, who pleaded guilty in 2023 for charges related to his work as founder of the notorious BreachForums website. The appeal, filed by the U.S. government, signals that a new sentence could be much more harsh than the one initially issued last…
AI, ChatGPT, DDoS, Exploits, Global Security News, openai, Research, Technology, Threats
‘Severe’ bug in ChatGPT’s API could be used to DDoS websites
A vulnerability in ChatGPT’s API can generate DDoS attacks against targeted websites, but the security researcher who discovered it says the flaw has since been addressed by OpenAI. In a security advisory posted to the developer platform GitHub, German security researcher Benjamin Flesch detailed the bug, which occurs when the API is processing HTTP POST…
botnets, CloudFlare, Cybersecurity, DDoS, Global Security News, Internet of Things (IoT), Mirai, Qualys, Research, Threats
CloudFlare detected (and blocked) the biggest DDoS attack on record
Web infrastructure and security company Cloudflare says it detected the biggest Distributed Denial-of-Service (DDoS) attack ever recorded, a 5.6 terabits per second (Tbps) attack directed at an internet service provider (ISP) in Eastern Asia. Despite the staggering volume of the attack, Cloudflare successfully managed and mitigated it without human intervention. The company said in research…
credentials, Cybersecurity, data, Data Security, Featured, Global Security News, News, Social - Facebook, Social - LinkedIn, Social - X, Spotlight, Threats
Forescout Report Detail Hunters International Ransomware Gang Tactics
An analysis of the operations of Hunters International, the ransomware-as-a-service platform that has been used to compromise more than 200 organizations, conducted by Forescout Technologies reveals the cybercriminal syndicate that created it is employing a wide range of new and old tactics and techniques. The post Forescout Report Detail Hunters International Ransomware Gang Tactics appeared…
Department of Justice (DOJ), FSB, Geopolitics, Global Security News, Government, Microsoft, phishing, Russia, Star Blizzard, Threats, WhatsApp
Microsoft catches Russian state-sponsored hackers shifting tactics to WhatsApp
The cat-and-mouse game between state-sponsored Russian hackers and one of the world’s biggest technology companies has continued into 2025. Microsoft’s threat intelligence team published research Thursday examining how a state-sponsored Russian threat actor group, known as Star Blizzard, has altered its longstanding attack strategies to target WhatsApp accounts. This attack vector is a significant change…
Asia Pacific, china, Cybercrime, Department of Justice, Global Security News, Government, PlugX, Remote access trojan, Sekoia, Threats
Law enforcement action deletes PlugX malware from thousands of machines
U.S. and international law enforcement agencies have removed the PlugX malware from thousands of computers worldwide in a coordinated campaign to blunt the effectiveness of one of the most infamous pieces of malware used by malicious cyber actors. According to recently unsealed court documents from the Eastern District of Pennsylvania, the U.S. Department of Justice…
APT28, Europe, Fancy Bear, Global Security News, GRU, Kazakhstan, Russia, Sekoia, Threats
Fancy Bear spotted using real Kazak government documents in spearpishing campaign
A hacking group linked to Russian intelligence has been observed leveraging seemingly legitimate documents from the Kazakhstan government as phishing lures to infect and spy on government officials in Central Asia, according to researchers at Sekoia. The files, laced with malware, include draft versions of diplomatic statements, correspondence letters, internal administrative notes and other documents…
AI Tools, API security, Cybersecurity, Data Security, Featured, Global Security News, News, Security Awareness, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Spotlight, Threats
Exabeam Extends Scope and Reach of SIEM Platform
Exabeam today added a bevy of capabilities to its New-Scale Security Operations Platform, including support for open application programming interface (API) and an ability to search data stored in the LogRhythm security information event management (SIEM) platform it acquired last year. The post Exabeam Extends Scope and Reach of SIEM Platform appeared first on Security…
CVE, Cybersecurity, Exploits, Global Security News, industrial control systems (ICS), industrial IoT (IIoT), Moxa, Threats, vulnerabilities
Industrial networking manufacturer Moxa reports ‘critical’ router bugs
Firmware in cellular routers, secure routers and network security appliances made by Moxa are vulnerable to a pair of high severity bugs that can escalate privileges for an attacker, give root-level access or allow for unauthorized execution of commands. In a pair of CVEs published Jan. 3, Moxa called the flaws “critical” and warned they…
disinformation, election hacking, Geopolitics, Global Security News, Government, Iran, Russia, sanctions, Technology, Threats
US sanctions Russian, Iranian groups for election interference
The U.S. State Department has sanctioned two foreign organizations and one individual who it alleges worked on behalf of Russian and Iranian intelligence agencies to interfere in the 2024 U.S. general election. “These actors sought to stoke sociopolitical tensions and undermine our election institutions during the 2024 U.S. general election,” said State Department Press Secretary…
2 factor auth, 2-factor authentication, 2FA, AT&T, Best of 2024, Cloud MFA, Data leak, DUAL FACTOR AUTHENTICATION, Global Security News, MFA, mult-factor authentication, multi-factor authenication, multi-factor authentication, Multi-Factor Authentication (MFA), Multifactor Authentication, NYSE:SNOW, NYSE:T, privacy, SB Blogwatch, ShinyHunters, Snowflake, Social - Facebook, Social - LinkedIn, Social - X, Threats, two factor authentication, UNC5537
Best of 2024: AT&T Says 110M Customers’ Data Leaked — Yep, it’s Snowflake Again
Should’ve used MFA: $T loses yet more customer data—this time, from almost all of them. The post Best of 2024: AT&T Says 110M Customers’ Data Leaked — Yep, it’s Snowflake Again appeared first on Security Boulevard.
Asia Pacific, china, configuration managment, Cybersecurity, Federal Communications Commission, Global Security News, Government, hacking, information sharing, microsegmentation, Salt Typhoon, telecommunications, Threats, Vulnerability Management, White House
White House: Salt Typhoon hacks possible because telecoms lacked basic security measures
The White House said Friday that as the U.S. government continues to assess the damage caused by the Salt Typhoon hacks, the breach occurred in large part due to telecommunications companies failing to implement rudimentary cybersecurity measures across their IT infrastructure. Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technology,…
Asia Pacific, china, Commentary, critical infrastructure, Cybersecurity, cybersecurity harmonization, Federal Communications Commission, Geopolitics, Global Security News, Government, Salt Typhoon, Threats, White House
Feds lay blame while Chinese telecom attack continues
The United States’ telecommunications infrastructure has been infiltrated by actors affiliated with China. Some of our nation’s most powerful leaders have been targeted — including President-elect Donald Trump and Vice President-elect JD Vance. This is one of the most severe cybersecurity incidents against telecom the United States has ever been subject to, and — worse…
Cybercrime, Cybersecurity, Department of Justice (DOJ), Global Security News, Government, LockBit, Ransomware, Threats, Uncategorized
Justice Department unveils charges against alleged LockBit developer
The U.S. Department of Justice revealed charges Friday against Rostislav Panev, a dual Russian and Israeli national, for his alleged role as a developer in the notorious LockBit ransomware group. Panev was arrested in Israel following a U.S. provisional arrest request and is currently awaiting extradition. Authorities allege that Panev has been an instrumental figure…
Evil Corp, Global Security News, Government, Israel, National Crime Agency, operation cronos, Ransomware, Threats
Israeli court to hear U.S. extradition request for alleged LockBit developer
An Israeli Court is set to deliberate a significant extradition case involving Rostislav Panev, an Israeli citizen alleged to be involved with the notorious LockBit ransomware gang. According to Israeli news outlet Ynet, a U.S. extradition request was made public Thursday claiming that between 2019 and 2024, Panev served as a software developer for LockBit.…
AppSec, Best Practices, Global Security News, Legit, Security Bloggers Network, Threats
What Is Privilege Escalation? Types, Examples, and Prevention
Privilege escalation is a critical cybersecurity threat in which a user—usually a malicious actor—gains access to data beyond what their account permissions allow. Attackers can gain this access through human error, stolen credentials, or social engineering. The post What Is Privilege Escalation? Types, Examples, and Prevention appeared first on Security Boulevard.
Department of Justice (DOJ), Global Security News, Raccoon Infostealer, Threats
Ukrainian sentenced to five years in jail for work on Raccoon Stealer
Ukrainian national Mark Sokolovsky was sentenced Wednesday to five years in federal prison for his role in operating Raccoon Infostealer malware, which infiltrated millions of computers worldwide to steal personal data. According to court documents, Sokolovsky, 28, was integral to operations that allowed the leasing of Raccoon Infostealer for $200 per month, payable via cryptocurrency.…
Android, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), encrpytion, FIDO, Global Security News, Government, iPhone, Mobile Security, Multi-Factor Authentication (MFA), Salt Typhoon, signal, SIM Swapping, smartphone, Threats, Yubico
CISA pushes guide for high-value targets to secure mobile devices
The Cybersecurity and Infrastructure Security Agency unveiled a detailed set of guidelines Wednesday to safeguard the mobile communications of high-value government targets in the wake of the ongoing Salt Typhoon telecom breach. The guide aims to help both political and federal leadership harden their communications and avoid any data interception by the Chinese-linked espionage group.…
APT41, Asia Pacific, backdoor, china, Cybercrime, Geopolitics, Global Security News, Government, malware, nation-state hackers, php, QiAnXin, Threats, Winnti
PHP backdoor looks to be work of Chinese-linked APT group
Cybersecurity researchers at a China-based cybersecurity company have uncovered an advanced PHP backdoor that suggests a new asset in the arsenal of Chinese-linked Advanced Persistent Threat group Winnti. Researchers at QiAnXin’s XLab discovered the backdoor, which they titled Glutton, targeting China, the United States, Cambodia, Pakistan, and South Africa. After initially discovering the malware in…
Amnesty International, Amnesty Tech, Cellebrite, Donald Trump, Donncha Ó Cearbhaill, Geopolitics, Global Security News, Norway, NoviSpy, NSO Group, pegasus, privacy, Serbia, Spyware, surveillance, Threats
Amnesty International exposes Serbian police’s use of spyware on journalists, activists
Serbian police and intelligence authorities have combined phone-cracking technology with spyware to eavesdrop on activists and journalists there, Amnesty International revealed in a report Monday, in what the human rights group says could be a disturbing preview of a future era of digital surveillance. Amnesty International’s 87-page document surveys the broader picture of digital spying…
Explainers, Exploits, Global Security News, Security Bloggers Network, Threats
What’s a Zero-Day Vulnerability? Prevent Exploits and Attacks
Zero-day vulnerabilities are serious threats. They’re completely unknown to both the vendor and the user. That gives attackers a significant advantage, allowing them to attack systems before patches are available. The post What’s a Zero-Day Vulnerability? Prevent Exploits and Attacks appeared first on Security Boulevard.
booter and stresser services, Cybercrime, Cybersecurity, DDoS, Department of Justice (DOJ), Europe, Europol, Global Security News, Government, National Crime Agency, Threats
International crackdown disrupts DDoS-for-hire operations
In a sweeping international crackdown, law enforcement agencies from 15 countries, including the United States and multiple European nations, have dismantled 27 of the most popular platforms used for carrying out distributed denial-of-service (DDoS) attacks, Europol announced Wednesday. The operation, known as PowerOFF, has led to the arrest of three administrators in France and Germany…
Cybersecurity, Exploits, Geopolitics, Global Security News, Microsoft, Research, Threats, Turla
Turla living off other cybercriminals’ tools in order to attack Ukrainian targets
A Russian nation-state threat actor has been observed leveraging tools from other cybercriminal groups to compromise targets in Ukraine, a recent report by Microsoft Threat Intelligence disclosed. This clandestine approach, which is the second time in as many weeks that Microsoft has highlighted the group’s effort, shows how Turla uses a wide range of attack…
Clop, Exploits, Global Security News, LockBit, MITRE, Ransomware, Research, Technology, Threats
Latest round of MITRE ATT&CK evaluations put cybersecurity products through rigors of ransomware
MITRE Corporation released findings Wednesday from its latest round of ATT&CK evaluations, assessing the capabilities of enterprise cybersecurity solutions against some of the most prevalent ransomware tactics and North Korean malware. The sixth such evaluation from the nonprofit research organization measured 19 different vendors’ ability to protect enterprise systems by evaluating them against two prominent…