Blog
-
Phishing Attacks Available to More Non-Technical Actors as MFA Bypass Kits Surface
A group called Tycoon is offering an MFA bypass tool, and it appears to be a popular option selling at $120 to $320 depending on the length of time the client wants to access it. This subscription also provides email templates for use in phishing attacks.
-
Chinese Hacking Group’s Decade of Cyber Espionage and Cyber Attacks Draws Sanctions From US, UK
Both the US and UK slapped sanctions on a company called Wuhan Xiaoruizhi Science and Technology that is believed to be a front for Chinese cyber attacks. The US accused APT31 of a decade-long cyber espionage campaign.
-
Loop DoS Attack Exploits UDP Protocol, Can Cripple Vulnerable Systems Without the Use of a Botnet
Attacker can initiate an essentially endless error message string against a target that will eventually result in a DoS attack consuming all available resources. The study’s authors believe that there are about 300,000 vulnerable systems.
-
At Least 48 Government Organizations Hit by Chinese APT Group With Connections to Private Hacking Outfit
The researchers have been tracking the Chinese APT group’s activity for about two years, and in that time have confirmed at least 70 victims in 23 countries. 48 of these have been government organizations.
-
2025 Cybersecurity Budget Request Seeks to Boost Defenses of High Risk Critical Infrastructure
The Biden administration’s proposed cybersecurity budget for 2025 would increase spending by over $1 billion, but it is presently queued up behind the ongoing unresolved debate over 2024’s spending.
-
Second Data Breach for France’s Unemployment Agency in a Year May Also Be the Country’s Largest Ever
A massive data breach involving France’s national unemployment agency is thought to impact 43 million people, dating back through 20 years of records of those seeking employment assistance and benefits.
-
Researchers Find Relatively Simple Prompt Injection, Content Manipulation Attacks in Google Gemini
Researchers demonstrated multiple prompt injection attacks and content manipulation methods affecting Google Gemini, all in relatively simple ways that have previously compromised other AI systems.
-
EU’s AI Law Passed, Set to Roll Out Starting Later This Year
The EU’s AI law has passed its last major hurdle in the European Parliament with massive support, and pending some final formalities in the coming weeks is about to go into force.
-
FBI’s Annual Cybercrime Report Shows Familiar Patterns With Costs Rising to $12.5 Billion
The total reported cost of cybercrime in 2023 was $12.5 billion; this number has tended to see leaps of two to three billion each year since 2019, when it was only at $3.5 billion. This is only the cost determined by incidents logged by the FBI, however.
-
Exit Scam Appears to Mark the End of the BlackCat Ransomware Gang
Another leading ransomware gang appears to have folded to international law enforcement pressure, as BlackCat has closed up shop roughly three months after having infrastructure seized by an FBI-led coalition. The group has chosen to burn bridges on its way out, however, pulling an exit scam on its remaining affiliates.