A newly discovered security vulnerability in Windows NT LAN Manager (NTLM) has been exploited in a zero-day attack, with suspected ties to Russian threat actors targeting Ukraine. This vulnerability, designated as CVE-2024-43451 and rated with a CVSS score of 6.5, allows attackers to possibly expose a user’s NTLMv2 hash. Microsoft…
Recent analyses indicate a troubling rise in cyber intrusions, fueled by the proliferation of criminal tools and insufficient defenses. A recent episode of The Indicator from Planet Money delves into how data breaches are accelerating, the decreasing costs of entry for attackers, and the implications this holds for patients, consumers,…
Governance & Risk Management , Healthcare , Industry Specific Penetration Testing Reveals Vulnerabilities in State Medicaid Systems Marianne Kolbasuk McGee (HealthInfoSec) • October 21, 2025 HHS OIG’s penetration testing of ten state Medicaid systems highlighted critical security gaps that must be addressed to safeguard data from advanced cyber threats. (Image:…
A recent phishing campaign has emerged, leveraging socially engineered SMS messages to deliver malware to Android devices. This operation appears to impersonate Iranian governmental and social security entities, aiming to extract credit card information and facilitate financial theft from victims’ bank accounts. In contrast to other forms of banking malware,…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Phishing Campaigns Transition from China to Malaysia Targeting Chinese-Speakers Prajeet Nair ( @prajeetspeaks) • October 17, 2025 Image: Shutterstock Recent investigations reveal that a series of coordinated cyberattacks targeting Chinese-speaking individuals across the Asia-Pacific region can be traced back to a single…
Cybercriminals have increasingly turned their attention to airlines, drawn by the vast amounts of personal data these companies collect. Among the most sought-after information are passports and government identification, which pose a significant risk for long-term identity theft. According to Incogni, a company specializing in data privacy and removal, leaks…
Recent intelligence reveals that operators linked to the Lazarus group’s BlueNoroff sub-group have orchestrated a series of cyberattacks targeting small and medium-sized enterprises across the globe. The objective of these attacks is to siphon cryptocurrency assets, marking a significant maneuver by this recognized North Korean state-sponsored actor. Kaspersky, a prominent…
Cybersecurity Alert: The Rising Threat of Stolen Credentials Recent trends in cybercrime highlight the concerning prevalence of stolen account credentials as a primary vector for initial access attacks. A single compromised set of credentials poses significant risks, potentially jeopardizing an entire organization’s network security. The 2023 Verizon Data Breach Investigation…
Microsoft has issued a warning about a sophisticated scam known as “Payroll Pirate,” which is currently targeting employees by redirecting their paycheck deposits into accounts controlled by fraudsters. This attack begins with the compromise of employee profiles on platforms like Workday or other cloud-based HR services. The scammers initiate the…
