Live Webinar: Enhancing ROI on Cybersecurity Investments through Intelligence-Driven Threat HuntingadminMarch 16, 2025data-breaches Thank You for Registering with ISMG Enhance your profile to remain informed and engaged Select Title LevelAnalytics/Architecture/EngineeringAttorney / General Counsel / CounselAVPBoard of DirectorC-LevelC Level – OtherCCOCEO / PresidentCFOChairpersonCIOCISO / CSOCISO/CSO/CIOCOOCROCTODirectorEVP / SVP / FVPHeadHealthcare ProfessionalManagerManager / SupervisorPartnerSpecialist/OtherStaffVP–Other Title Level– Select Job FunctionAnti-Money Laundering (AML)AuditBSABusiness Continuity/Disaster RecoveryBusiness DevelopmentCashier / Customer Service / AdministrativeClinical Healthcare ProfessionalCloud – ITCloud – SecurityComplianceCompliance / BSAData ManagementDebit/Credit Card/Electronic BankingeCommerce / eBusinessExecutive ManagementFinance / AccountingFounder / OwnerFraudHR / TrainingInformation SecurityInformation TechnologyLegalLendingLoss PreventionMarketingNetwork / Systems / WebOperational TechnologyOperationsOthersPolicies / ProceduresProduct ManagementProject ManagementRegulatory AffairsRisk ManagementSalesSecurity / PrivacyVendor Management–Other Job Function– Select CountryUnited StatesCanadaIndiaAfghanistanAlbaniaAlgeriaAmerican SamoaAndorraAngolaAnguillaAntigua & BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBosnia & HerzegovinaBotswanaBrazilBritish Virgin IslandsBruneiBulgariaBurkina FasoBurundiCambodiaCameroonCape VerdeCayman IslandsCentral African RepublicChadChileChinaColombiaComorosCook IslandsCosta RicaCôte d’IvoireCroatiaCubaCyprusCzechiaDemocratic Republic of the CongoDenmarkDjiboutiDominicaDominican RepublicEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEswatiniEthiopiaFaroe IslandsFijiFinlandFranceFrench GuianaFrench PolynesiaGabonGambiaGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuineaGuinea-BissauGuyanaHaitiHondurasHong KongHungaryIcelandIndonesiaIranIraqIrelandIsraelItalyJamaicaJapanJordanKazakhstanKenyaKiribatiKosovoKuwaitKyrgyzstanLaosLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacaoMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall IslandsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesiaMoldovaMonacoMongoliaMontserratMoroccoMozambiqueMyanmar (Burma)NamibiaNauruNepalNetherlandsNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiueNorth MacedoniaNorthern Mariana IslandsNorwayOmanPakistanPalauPanamaPapua New GuineaParaguayPeruPhilippinesPolandPortugalPuerto RicoQatarRomaniaRussiaRwandaSamoaSan MarinoSão Tomé & PríncipeSaudi ArabiaSenegalSerbiaSeychellesSierra LeoneSingaporeSlovakiaSloveniaSolomon IslandsSomaliaSouth AfricaSouth KoreaSpainSri LankaSt. Kitts & NevisSt. LuciaSt. Vincent & GrenadinesSudanSurinameSvalbard & Jan MayenSwedenSwitzerlandSyriaTaiwanTajikistanTanzaniaThailandTimor-LesteTogoTongaTrinidad & TobagoTunisiaTurkeyTurkmenistanTurks & Caicos IslandsTuvaluU.S. Virgin IslandsUgandaUkraineUnited Arab EmiratesUnited KingdomUruguayUzbekistanVanuatuVaticanVenezuelaVietnamWestern SaharaYemenZambiaZimbabwe Select State/ProvinceAlaskaAlabamaArkansasArizonaCaliforniaColoradoConnecticutDistrict of ColumbiaDelawareFloridaGeorgiaHawaiiIowaIdahoIllinoisIndianaKansasKentuckyLouisianaMassachusettsMarylandMaineMichiganMinnesotaMissouriMississippiMontanaNorth CarolinaNorth DakotaNebraskaNew HampshireNew JerseyNew MexicoNevadaNew YorkOhioOklahomaOregonPennsylvaniaRhode IslandSouth CarolinaSouth DakotaTennesseeTexasUtahVirginiaVermontWashingtonWisconsinWest VirginiaWyoming Complete Registration Source link
Lazarus Group Enhances Malware Toolkit with PondRAT, ThemeForestRAT, and RemotePE Sep 02, 2025 Malware / Threat Intelligence The North Korea-linked threat actor, Lazarus Group, has been linked to a social engineering campaign that distributes three new cross-platform malware variants: PondRAT, ThemeForestRAT, and RemotePE. This attack, observed by NCC Group’s Fox-IT in 2024, specifically targeted an organization within the decentralized finance (DeFi) sector, resulting in the breach of an employee’s system. “As the actor accessed the internal network, they utilized various RATs along with other tools to collect credentials and establish proxy connections,” noted Yun Zheng Hu and Mick Koomen. “Subsequently, the attacker transitioned to a more stealthy RAT, indicating a potential progression in their attack strategy.” The attack began with the threat actor impersonating a current employee of a trading firm via Telegram and using counterfeit websites resembling Calendly and Picktime to arrange a meeting with the target. Although the initial steps were…April 15, 2026
Salesloft Shuts Down Drift Temporarily Following OAuth Token Theft Affecting Numerous Organizations Sep 03, 2025 Data Breach / Threat Intelligence Salesloft announced on Tuesday the temporary suspension of Drift, slated to occur “in the very near future,” due to an extensive supply chain attack impacting multiple companies. This breach has led to the widespread theft of authentication tokens linked to the marketing software-as-a-service platform. The company stated, “This action will allow us to thoroughly review the application and enhance its resilience and security before restoring full functionality.” Consequently, the Drift chatbot on customer websites will be offline, and Drift itself will not be accessible. Salesloft emphasized its commitment to preserving the integrity and security of its systems and customers’ data, collaborating with cybersecurity partners Mandiant and Coalition as part of their incident response strategy. This announcement follows a disclosure from Google Threat Intelligence Group (GTIG) and Mandiant regarding the ongoing threats.April 15, 2026
CISA Includes TP-Link and WhatsApp Vulnerabilities in KEV Catalog Due to Ongoing Exploitation September 3, 2025 Vulnerability / Mobile Security On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability affecting TP-Link TL-WA855RE Wi-Fi Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing signs of active exploitation. The vulnerability, identified as CVE-2020-24363 (CVSS score: 8.8), involves a missing authentication flaw that can be exploited to gain elevated access to the device. CISA noted that “this vulnerability could enable an unauthenticated attacker on the same network to send a TDDP_RESET POST request for a factory reset and reboot,” allowing them to establish incorrect access control by setting a new administrative password. According to malwrforensics, the issue has been addressed in firmware version TL-WA855RE(EU)_V5_200731. However, it’s important to mention that this product has reached end-of-life (EoL) status, making future patches or updates unlikely. Users of the Wi-Fi range extender are therefore advised to take caution.April 14, 2026
Cloudflare Successfully Thwarts Unprecedented 11.5 Tbps DDoS Attack Cloudflare announced on Tuesday that it effectively mitigated a record-breaking volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps). In a recent post on X, the web infrastructure and security provider revealed, “In recent weeks, we’ve autonomously blocked numerous hyper-volumetric DDoS attacks, with the largest reaching peaks of 5.1 Bbps and 11.5 Tbps.” The attack, primarily a UDP flood originating from Google Cloud, lasted only about 35 seconds, highlighting the company’s robust defense mechanisms at work. Volumetric DDoS attacks aim to overwhelm a target with excessive traffic, causing server slowdowns or failures, often resulting in network congestion, packet loss, and service disruptions. Typically, these attacks are executed using botnets controlled by threat actors.April 14, 2026
