Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Social Engineering Tehran Lures Aerospace Sector with Malicious Job Offers Prajeet Nair (@prajeetspeaks) • November 14, 2024 Image: Shutterstock In a disturbing development, Iranian state-sponsored hackers are reportedly adopting tactics used by their North Korean counterparts to infiltrate…
A new cyber threat has emerged, identified as “Cuttlefish,” specifically targeting small office and home office (SOHO) routers. This sophisticated malware aims to covertly monitor all traffic traversing these devices while collecting authentication data from HTTP GET and POST requests. According to a recent report from the Black Lotus Labs…
Cloudflare Disrupts Phishing Campaign Targeting Ukrainian Entities On Thursday, Cloudflare announced that it has taken measures to disrupt an extensive phishing campaign that has been ongoing for a month. This operation is attributed to a Russia-aligned threat actor known as FlyingYeti, which has specifically targeted Ukraine amidst ongoing tensions in…
Cybersecurity experts at Netcraft have identified a sophisticated phishing kit named “Xiū gǒu,” which has been active since September 2024 and is specifically targeting users in multiple countries, including the UK, US, Spain, Australia, and Japan. This malicious toolkit exploits a range of public and private sector services, such as…
Identity security has emerged as a pressing concern following a series of significant breaches, with numerous high-profile organizations such as Microsoft, Okta, Cloudflare, and Snowflake experiencing security incidents. This situation has prompted stakeholders to reassess their approaches to identity security from both strategic and technological perspectives. Traditionally, identity security has…
Identity and authentication management provider Okta has reported a security breach affecting 134 of its 18,400 customers, following a compromise of its support case management system. The breach occurred between September 28 and October 17, 2023. During this period, an unauthorized actor accessed sensitive HAR files that contained session tokens,…
Singapore’s Banking Sector Moves Away from One-Time Passwords Amid Increased Phishing Risks In a significant shift aimed at enhancing cybersecurity, the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) announced that retail banks will discontinue the use of one-time passwords (OTPs) for online account authentication…
Surge in DDoS Attacks Targeting Environmental Services Amid Global Climate Summit The environmental services sector has recently experienced an unprecedented increase in HTTP-based distributed denial-of-service (DDoS) attacks, which accounted for a staggering 50% of all HTTP traffic directed at this industry. This sharp rise, reported by Cloudflare in its fourth-quarter…
Polyfill.io Supply Chain Attack Compromises Over 110,000 Websites In a concerning development for e-commerce and web developers, Google has responded to a supply chain attack targeting the widely used Polyfill.io service. The attack follows the acquisition of the domain by a Chinese company, which has modified the JavaScript library "polyfill.js"…
