Increase your Cybersecurity effectiveness

Belgian and Dutch authorities have arrested eight suspects in connection with a "phone phishing" gang that primarily operated out of the Netherlands with an aim to steal victims' financial data and funds. As part of the international operation, law enforcement agencies carried out 17 searches in different locations in Belgium and the Netherlands, Europol said. In addition, large amounts of cash,

​Artivion, a leading manufacturer of heart surgery medical devices, has disclosed a November 21 ransomware attack that disrupted its operations and forced it to take some systems offline. [...]

The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.

The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user's email to numerous mailing lists simultaneously," Rapid7

Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print

​The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. [...]

The European Union has enacted two new laws to bolster its cybersecurity defenses and coordination mechanisms. The measures, part of the cybersecurity legislative package, include the Cyber Solidarity Act and amendments to the Cybersecurity Act (CSA). These steps aim to improve the EU’s ability to detect, prepare for, and respond to cyber threats while fostering uniformity in managed security services, the Council of the EU said in a statement. “In view of the fast-evolving threat landscape, the threat of possible large-scale cybersecurity incidents causing significant disruption or damage to critical infrastructure demands a heightened preparedness of the Union’s cybersecurity framework,” the Council’s statement read. The legislation will come into effect 20 days after publication in the EU’s official journal. “It has the potential to enhance cross-border threat detections and response capabilities by forcing collaboration, improving threat intelligence sharing and strengthening overall cybersecurity resilience in the EU,” said Madelein van der Hout, senior analyst at Forrester. “Success will really depend on effective implementation and ongoing commitment from member states.” Enhancing threat detection and preparedness The Cyber Solidarity Act introduces a new cybersecurity alert system, creating a network of national and cross-border cyber hubs across the EU. These hubs will monitor and act on cyber threats using advanced technologies like AI and data analytics. This coordinated infrastructure is designed to share warnings and actionable insights across borders, ensuring a more unified response to cyber incidents. “These cyber hubs will use state-of-the-art technology to detect and share timely warnings on cyber threats across borders,” the statement explained. Analysts noted that while the Act is a positive step, the EU should not stop at regional collaboration. “Cybersecurity challenges are inherently cross-border and require collaboration to address effectively,” said Faisal Kawoosa, Founder and lead analyst at Techarc. “The Solidarity Act is a positive step toward fostering information-sharing and collective learning across the EU. However, its impact could be limited if it doesn’t extend collaboration beyond the region. Threats often originate outside the EU, and working as a single block under the Act could streamline and expedite such efforts within the EU, but broader partnerships may be necessary to achieve global effectiveness.” To address vulnerabilities in critical sectors such as healthcare, energy, and transport, the act also establishes an emergency mechanism. This includes preparedness measures such as stress testing entities for potential weaknesses and developing common risk scenarios and methodologies. Streamlining incident response A key component of the act is the creation of a cybersecurity reserve composed of private-sector response teams. These teams will be on standby to assist member states and EU institutions during significant cyber incidents. The reserve is supported by technical mutual assistance measures that promote collaboration among member states. Additionally, an incident review mechanism will evaluate the efficacy of these emergency responses, ensuring continuous improvement in the EU’s cybersecurity strategies. This feedback loop will help refine response efforts and identify gaps in preparedness, the statement added. Addressing practical hurdles While the unified SOC and enhanced information-sharing mechanisms are pivotal elements of the Cyber Solidarity Act, implementing such a system may encounter challenges. “Two key challenges stand out,” Kawoosa said. “First, the hybrid system’s effectiveness hinges on extensive information sharing among member nations while balancing compliance with varying domestic data privacy and security laws. Despite having umbrella regulations, nuanced differences persist across countries. Second, establishing a unified Security Operations Center (SOC) will require clear definitions of its functions, limitations, and scope. Coordination with multiple law enforcement agencies across the region will further add complexity.” According to Madelein, while the Cyber Solidarity Act presents a framework for enhancing cybersecurity across Europe, there are several challenges. “The first is coordination complexity: the logistical challenges of coordinating efforts across multiple nations with different legal frameworks and operational protocols could hinder effective implementation. For instance, data localization laws mandate that data must be stored within the country of origin, leading to operational hurdles for companies operating across borders. The evolving nature of these regulations adds another layer of complexity requiring organizations to continuously adapt their practices to remain compliant,” Madelein said. “Second is sustained investment: continuous funding and resource allocation will be necessary to maintain and evolve these initiatives in response to an ever-evolving threat landscape.  We also see infrastructure disparities: the technological infrastructure supporting cybersecurity varies significantly between nations. Some regions may lack the necessary resources or expertise to implement.” She feels security risk is another major challenge. “Transportation of data across borders increases vulnerabilities to cyber threats. Data may pass through jurisdiction with weaker measures, raising concerns about breaches and misuse.” These issues underscore the complexities involved in ensuring cross-border cybersecurity collaboration without undermining national regulations or operational efficiency. Standardizing managed security services A targeted amendment to the 2019 Cybersecurity Act complements the primary legislation by recognizing the growing importance of managed security services. This provision will enable the development of European certification schemes for specialized cybersecurity interventions, including incident handling, penetration testing, security audits, and technical consulting, the statement added. The move addresses a critical gap in the current cybersecurity landscape. By creating standardized certification processes, the EU aims to foster trust, increase service quality, and prevent market fragmentation. Some member states had already begun developing national certification schemes, and this legislation provides a unified, comprehensive framework. “This targeted amendment will enable the establishment of European certification schemes for these managed security services,” the Council’s statement read.  “It will help to increase their quality and comparability, foster the emergence of trusted cybersecurity service providers, and avoid fragmentation of the internal market given that some member states have already started the adoption of national certification schemes for managed security services.” These certifications are expected to help businesses evaluate service providers more effectively, improving confidence in outsourcing critical cybersecurity functions. “This will create a unified and standardized framework across the region,” Kawoosa noted, highlighting how the framework simplifies compliance, making it easier for businesses to navigate varying regulations in different member states. “It is necessary in building trust among consumers and businesses,” Madelein pointed out. “Harmonization of cybersecurity standards is important in bringing better and more secure solutions. It also attracts investment investors are more inclined to support companies that operate within well-defined regulations.” The proposals originated from the European Commission on April 18, 2023, and underwent extensive collaborative refinement. On March 6, 2024, co-legislators reached a provisional agreement, marking a significant milestone in digital policy development. Both legislative acts are set to be published in the EU’s official journal in the coming weeks.

Storm-1811's latest help desk scam begins with email bombing leading to IT impersonation and ends with Black Basta ransomware 

Chalk up another win for global cooperation among law enforcement, this time targeting seven types of cyber fraud, including voice phishing and business email compromise.

Russian authorities have sentenced the leader of the criminal group behind the now-closed dark web platform Hydra Market to life in prison. [...]

The playbooks that accompany your incident response plan provide efficiency and consistency in responses, help reduce downtime and dwell time, and can be a cost-saving and reputational-saving measure for your organization.

Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs. "These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which

A novel phishing attack abuses Microsoft's Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but still be recoverable by the application. [...]

Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in

The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. "The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said

The data leak was not actually due to a breach in Amazon's systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.

There is some disagreement over whether the remote code execution (RCE) security flaws allow for unauthenticated exploitation or not. Citrix says no, but researchers say the company is downplaying a "good old unauthenticated RCE."

Threat actors with ties to the Democratic People's Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built

Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. Remcos RAT "provides purchases with a wide range of advanced features to remotely control computers belonging to the buyer," Fortinet FortiGuard Labs researcher Xiaopeng Zhang said in an analysis published last week. "However, threat actors have

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based