Critical Infrastructure Security, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Chinese Hackers Target Unpatched Microsoft, Sophos, Fortinet, and Ivanti Products Mathew J. Schwartz (euroinfosec) • January 24, 2025 Image: Shutterstock In a significant breach, Chinese state-sponsored hackers have been exploiting vulnerabilities in the telecommunications networks of the U.S. and…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Standards, Regulations & Compliance U.S. Treasury Implements Sanctions Amid Cybersecurity Breaches David Perera (@daveperera) • January 17, 2025 Image: Shutterstock On January 17, 2025, the U.S. federal government announced that it has successfully traced intrusions by Chinese hackers targeting telecommunications networks back…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Chinese Hackers Allegedly Target U.S. Treasury Department Offices Related to Economic Sanctions By Chris Riotta (@chrisriotta) • January 2, 2025 Chinese nation-state hackers infiltrated several U.S. Treasury Department offices. (Image: Shutterstock) A recent cyber intrusion linked to Chinese hackers has successfully breached…
US Court Finds NSO Group Breached Hacking Laws with Pegasus Spyware In a significant legal decision, a U.S. federal judge ruled that the Israeli spyware manufacturer, NSO Group, violated American hacking laws by exploiting vulnerabilities in WhatsApp’s software. This ruling emerged from a lawsuit initiated by WhatsApp, a subsidiary of…
As 2024 draws to a close, cybersecurity firms are reporting significant upheaval in the cybercrime landscape, particularly relating to phishing-as-a-service operations. Recent assessments by Sophos indicate that the once-prominent phish-tool Rockstar 2FA, notorious for its sophisticated phishing campaigns, has reportedly ceased operations. Following this disruption, many of its users have…
Attack Surface Management, Governance & Risk Management, Patch Management Over 200 Vulnerable Servers Targeted by Ransomware Group Amid Growing Exploits Mathew J. Schwartz (euroinfosec) • December 18, 2024 Recent reports indicate over 200 Cleo managed file-transfer servers remain publicly accessible and without necessary updates, posing significant risks in light of…
Black Hat, Events Exploring Automotive Vulnerabilities, Bootloader Flaws, and Cyber Threats at Black Hat Europe 2024 Mathew J. Schwartz (euroinfosec) • December 9, 2024 Image: Shutterstock The Black Hat Europe conference is once again convening in London, promising a diverse agenda that delves into the myriad challenges facing cybersecurity today.…
Krispy Kreme Faces Cyber Attack During Holiday Season In a significant cybersecurity incident, Krispy Kreme, the prominent American doughnut and coffee chain, experienced a sophisticated attack that disrupted its sales operations amidst the crucial Christmas season. The breach occurred in November 2024 and primarily affected the company’s online ordering system,…
The United States has issued sanctions against Sichuan Silence Information Technology, a Chinese cybersecurity firm, alongside its employee Guan Tianfeng, for their involvement in a significant global cyberattack. This action follows the company’s exploitation of a critical vulnerability in popular firewall systems, leading to widespread compromise. The cyber incident, which…
