Author: Staff Writer

Essential Insights Astaroth banking Trojan now uses GitHub’s raw content service to host encrypted configuration files, aiding in evasion from traditional detection methods. The malware delivery relies on spear-phishing with malicious Word documents containing obfuscated macros that download and execute loader files. Once activated, the malware fetches its configurations from GitHub, decrypts them in memory, and employs stealth techniques like process hollowing and process masquerading to stay hidden. Targeting primarily European and North American banking clients, Astaroth facilitates credential theft, unauthorized transfers, and ransomware deployment, with ongoing detection recommended through monitoring GitHub raw content access. Problem Explained A newly emerging…

Summary Points Silent security gaps like time drift, stale DNS, and default device credentials are often overlooked, yet they significantly increase breach risks when exploited. Weak identity and access controls, including ungoverned privileged accounts and unmanaged BYOD devices, enable attackers to move laterally and access sensitive data. Configuration and crypto hygiene issues, such as outdated firmware, legacy encryption protocols, and insecure default settings in non-production environments, create exploitable attack surfaces. Insecure cloud and SaaS sprawl, with shadow apps, orphaned assets, and unverified third-party integrations, expand the attack surface, emphasizing the need for active discovery, proper tagging, and secure API management.…

Top Highlights Expanded Targeting: The RondoDox botnet campaign exploits over 50 vulnerabilities across 30 vendors, targeting internet-exposed devices like routers and DVRs using a broad "exploit shotgun" approach. Loader-as-a-Service Model: RondoDox has evolved its distribution method by using a ‘loader-as-a-service’ system, co-packaging its malware with Mirai and Morte payloads, enhancing detection challenges. Significant Threat Landscape: Nearly 60 vulnerabilities are part of RondoDox’s arsenal, with 18 lacking CVE identifiers, affecting devices from multiple major vendors, and signifying a shift to multivector operations. Widespread DDoS Activity: The botnet AISURU, built on Mirai, represents a major threat, leveraging compromised IoT devices for record-setting…

Essential Insights Oracle released a patch for CVE-2025-61884, a high-severity vulnerability in the E-Business Suite’s Runtime UI component, which can be exploited remotely without authentication or user interaction. The vulnerability was disclosed shortly after organizations received extortion emails claiming sensitive data theft; it may have been exploited in attacks, but Oracle has not confirmed active exploitation. Recent attacks are attributed to the Cl0p group and possibly linked to the FIN11 cybercrime group, involving sophisticated malware and significant data theft from victims. The security incident underscores ongoing risks to Oracle EBS systems, with hackers exploiting multiple vulnerabilities and using advanced malware…

Summary Points The Scattered LAPSUS$ Hunters hacking group leaked data from multiple organizations, including Salesforce, Qantas, Vietnam Airlines, and others, following a ransom demand. Despite claiming to have stolen data from 39 victims, only six organizations’ data was leaked, with the group stating further leaks are not imminent. Salesforce refused to pay the ransom, and the hackers publicly posted the stolen data on leak sites, but some claims of additional data theft, like Telstra’s, were debunked. Major organizations like Qantas have taken legal and cybersecurity measures to analyze and contain the breach, but the incident highlights ongoing risks of data…

Fast Facts Human Performance Over Tools: Effective cybersecurity relies on the readiness of human teams under pressure, rather than just deploying advanced security tools, with a focus on proactive incident response. Integrating AEV with Human Readiness: Adversarial Exposure Validation (AEV) platforms should not only test technical controls but also assess human readiness to respond effectively during incidents, addressing the critical aspect of crisis mobilization. Scaling Crisis Simulations: Micro-drills within AEV allow continuous training opportunities that enhance team responsiveness and decision-making without disrupting daily operations, ensuring preparedness beyond traditional tabletop exercises. Real-World Transformation: Case studies like the Swiss FDFA demonstrate that…

Quick Takeaways Cybersecurity experts have uncovered ChaosBot, a new Rust-based backdoor that utilizes Discord for command-and-control, leveraging compromised credentials and remote WMI commands to maintain persistence and execute arbitrary actions on infected systems. ChaosBot employs sophisticated evasion techniques, such as patching Windows Event Tracing and checking for virtual machine MAC addresses, to bypass detection mechanisms and virtual environments. A newly identified Chaos ransomware variant (Chaos-C++) introduces destructive features, including irreversibly deleting large files and hijacking cryptocurrency transactions via clipboard swapping, representing a shift towards more aggressive and financially motivated cyber threats. Both malware strains rely on social engineering, such as…

Essential Insights Non-Human Identities (NHIs) are crucial in modern cybersecurity, acting as digital "citizens" that secure access and monitor behaviors across diverse industries like finance, healthcare, and travel. Effective NHI management enhances risk reduction, compliance, visibility, and cost savings by automating identity lifecycle processes and providing centralized control. Managing NHIs involves complex, multi-stage processes—discovery, classification, threat detection, and remediation—that require balancing automation with manual oversight for optimal security. Future cybersecurity strength relies on leveraging NHIs alongside AI, cloud, and IoT, transforming them into strategic assets for innovation, compliance, and resilient digital ecosystems. Problem Explained The article, reported by Alison Mack…

Fast Facts Oracle disclosed a high-severity vulnerability (CVE-2025-61884) in its E-Business Suite that allows unauthenticated remote access to sensitive configuration data via the Oracle Configurator component. The flaw resides in the Runtime UI, enabling attackers to bypass authentication over HTTP, potentially exposing critical business information without needing user credentials. This vulnerability, rated CVSS 3.1 score of 7.5, presents significant risks for sectors like manufacturing and retail, as it could lead to data exfiltration of proprietary models and customer details. Oracle recommends immediate patch application for supported versions, network segmentation, and monitoring for malicious activity to mitigate exploitation, especially given recent…

Essential Insights Effective management of Non-Human Identities (NHIs)—machine identities utilizing secrets like passwords and tokens—is critical for ensuring cloud security, compliance, and reducing operational risks. Bridging the gap between security and R&D teams through integrated NHI management enhances security, minimizes vulnerabilities, and supports innovation within cloud environments. Lifecycle management strategies—covering discovery, classification, threat detection, and automation—enable comprehensive visibility, control, and compliance enforcement over NHIs. Adopting zero trust principles, continuous monitoring, automation, and cross-departmental integration are essential strategies to optimize NHI management and future-proof cloud security. The Issue The story reports on the escalating importance of managing Non-Human Identities (NHIs) within…