Cyberespionage APT Now Identified as Three Separate Actors

The threat group known as TA410 that wields the sophisticated FlowCloud RAT actually has three subgroups operating globally, each with their own toolsets and targets. A threat group responsible for…

Cyberattacks Rage in Ukraine, Support Military Operations

At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine’s digital infrastructure. Cyberattacks against Ukraine have been used strategically to support ground campaigns,…

Nation-state Hackers Target Journalists with Goldbackdoor Malware

A campaign by APT37 used a sophisticated malware to steal information about sources , which appears to be a successor to Bluelight. Sophisticated hackers believed to be tied to the…

Zero-Trust For All: A Practical Guide

How to use zero-trust architecture effectively in today’s modern cloud-dependent infrastructures. While “zero-trust architecture” has become a buzz phrase, there’s plenty of confusion as to what it actually is. Is…

Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info

Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages. Attackers are spoofing…

Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks

Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia. Ghostwriter – a threat actor previously linked…

Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn

A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges. A…

A Blockchain Primer and a Bored Ape Headscratcher – Podcast

Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe. Why in the world would a collection…

Lapsus$ ‘Back from Vacation’

Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers’ DevOps platforms – to its hit list. The Lapsus$ data extortionists are…

Okta Says It Goofed in Handling the Lapsus$ Attack

“We made a mistake,” Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers. On Friday, Okta – the authentication…