Author: Staff Writer

Quick Takeaways Non-human identities (NHIs), such as machine identities, function like humans with unique IDs and permissions, making their secure management crucial for comprehensive cybersecurity across industries like healthcare and finance. Effective NHI management involves secure secrets lifecycle handling, automation, continuous monitoring, and robust access controls, significantly reducing risks, enhancing compliance, and increasing operational efficiency. Challenges like secrets sprawl and inadequate ownership awareness require proactive strategies, including AI-driven threat detection, regular audits, policy enforcement, and staff training to bolster security. Emphasizing automation, analytics, resilient access controls, and organizational awareness is vital to secure NHIs, enabling organizations to preempt threats, optimize…

Quick Takeaways Michael John Peters, a college-educated art gallery owner from Hawaii, was identified through surveillance footage as a mail thief in Portland, accessing multiple apartment complexes late at night and leaving behind counterfeit postal keys and a Flipper Zero device used for hacking access controls. His apartment contained over 170 postal keys, 15 counterfeit identification cards, approximately 300 pieces of mail, gift cards, check printers, and a Flipper Zero device capable of cloning access cards, indicating a sophisticated scheme of identity theft and mail theft. Peters had prior convictions for felony possession of identification, fraudulent check use, and credit…

Essential Insights In late 2024, Chinese state-sponsored group Salt Typhoon targeted global telecom infrastructure through sophisticated exploits on routers and network devices, aiming for signals intelligence and strategic disruption. They deployed persistent firmware rootkits (Demodex) via exploitation of public vulnerabilities, using stealthy command-and-control channels disguised as routine updates, enabling long-term data exfiltration and potential service sabotage. Their infrastructure leveraged fabricated U.S. personas and ProtonMail domains, complicating attribution and highlighting the outsourced, covert nature of their operations. The campaigns threaten critical communications, with capabilities to disrupt or reroute traffic during crises, demonstrating a blend of espionage and offensive preparedness in China’s…

Essential Insights Despite 86% of security leaders expressing confidence in preventing identity-based attacks, 85% of organizations experienced at least one ransomware incident last year, highlighting a gap between perceived preparedness and actual security breaches. The expanding digital identity landscape, with over 63.8 billion records recaptured from the dark web—up 24% YoY—creates a vast attack surface exploited by cybercriminals through phishing, credential reuse, and unmanaged devices. Insider threats often originate from identity compromise, with nation-states and malicious insiders using stolen or synthetic identities, compounded by inadequate screening and verification processes. Most organizations lack automated, comprehensive response capabilities, with only 19% employing…

Essential Insights A critical CVSS 10.0 zero-day vulnerability (CVE-2025-10035) in Fortra’s GoAnywhere MFT was exploited in the wild from September 10, before patches were released on September 15-18. The flaw involves a chain of issues—access control bypass, unsafe deserialization, and private key misappropriation—allowing attackers to execute remote code without authentication. Attackers created a backdoor admin account, uploaded secondary payloads via a web user, and targeted systems using indicators such as malicious files and attacker IP 155.2.190.197. Fortra issued patches (versions 7.8.4 and 7.6.3) only after exploitation began, drawing criticism for delayed disclosure and underscoring the need for immediate patching and…

Summary Points 1. The tourism industry relies heavily on digital platforms, making it a prime target for cyber threats such as data breaches, ransomware, and business logic attacks. 2. Major incidents like the Qantas data breach and attacks on airports highlight the critical need for robust cybersecurity measures to protect sensitive traveler information and maintain operational integrity. 3. Growing use of AI tools in travel planning introduces new vulnerabilities, including prompt injection and data manipulation, which criminals exploit for personal and financial gain. 4. Ensuring trust in travel requires layered security strategies, collaboration across industry stakeholders, and proactive defenses to…

Top Highlights The Windows version of LockBit malware employs sophisticated obfuscation, DLL reflection payload loading, and anti-analysis techniques like ETW patching and security service termination to evade detection. The Linux variant of LockBit maintains similar malicious capabilities, with command-line options to target specific directories and file types, expanding its operational reach. The ESXi version specifically targets VMware virtual environments, capable of encrypting entire virtual machine infrastructures at the hypervisor level, risking significant organizational disruption. All LockBit versions share key traits such as randomized file extensions, geolocation-based system avoidance (e.g., Russian language checks), and log-clearing post-encryption, indicating a unified evolution of…

Top Highlights Several Cognex industrial cameras (In-Sight series) are affected by high-severity vulnerabilities such as hardcoded passwords, privilege escalation, and credential interception, but no patches will be issued due to their legacy status. The vulnerabilities can be exploited by attackers who gain network access, enabling man-in-the-middle attacks, unauthorized admin access, or system disruptions, especially within isolated industrial environments. Cognex advises migrating to newer camera models (In-Sight 2800, 3800, 8900), as the affected products are legacy systems not intended for new installations; however, immediate replacement is often challenging. Organizations are recommended to mitigate risks by segmenting networks, limiting exposure, using VPNs,…

Top Highlights LAMEHUG is an advanced malware that integrates large language models (LLMs) to dynamically generate commands for reconnaissance and data exfiltration, marking a significant evolution in threat capabilities. It disguises itself as legitimate AI tools via spear-phishing, then leverages AI models hosted on Hugging Face to adapt its attack patterns in real-time without requiring updates. Using prompts that simulate a Windows administrator, LAMEHUG issues tailored commands to gather system info and harvest files, utilizing utilities like systeminfo, wmic, and xcopy. Collected data is exfiltrated via SSH with hardcoded credentials or HTTPS POSTs, with variants employing Base64 encoding and multiple…

Essential Insights RTX Corp. confirmed a ransomware attack on its airline passenger processing software, MUSE, disrupting flights across Europe. The incident was discovered on September 19, with authorities arresting a suspect in the UK under suspicion of computer misuse. RTX is actively investigating with forensic experts, notifying law enforcement, and providing support to affected airlines and airports. Despite the disruption, RTX states the attack is not expected to significantly impact its overall operations or financial health. Underlying Problem RTX Corp., the parent company of Collins Aerospace, revealed that their airline passenger processing system, called MUSE, was targeted in a ransomware…