Author: Staff Writer

Top Highlights Limitations of VPNs: Traditional VPNs, designed for perimeter-based security, struggle with modern hybrid and multi-cloud environments, leading to weak access control and increased security risks. Risks of Credential Exposure: Once connected, users often have excessive access, and compromised devices can enable cybercriminals to move laterally within networks, amplifying breaches. KeeperPAM Advantage: KeeperPAM offers a zero-trust, cloud-native solution with Just-in-Time (JIT) access, eliminating credential exposure and providing multi-protocol support while improving visibility and compliance. Need for Modern Solutions: Organizations must transition from traditional VPNs to modern solutions like KeeperPAM to secure remote access effectively, reduce operational friction, and meet…

Fast Facts FBI Alert: The FBI warns of two threat actors, UNC6040 (ShinyHunters) and UNC6395, targeting Salesforce customers to steal data and extort funds. Attack Methods: UNC6040 employs voice phishing (vishing) and social engineering to access Salesforce accounts by impersonating IT support, while UNC6395 exploits stolen OAuth tokens from Salesloft’s Drift app. Data Exfiltration Risks: Attackers manipulate organizations into authorizing malicious apps, enabling mass data exfiltration from Salesforce environments without proper authentication. Preventative Measures: The FBI recommends training staff on phishing recognition, implementing phishing-resistant MFA, and monitoring network activity to avert these threats. [gptAs a technology journalist, write a short…

Essential Insights A former employee of FinWise Bank accessed data associated with American First Finance (AFF), impacting 689,000 individuals, in a breach discovered last year. The breach involved the unauthorized access of personal information linked to installment loans and retail accounts facilitated through AFF. Impacted individuals are offered 12 months of free credit monitoring and identity theft protection, indicating sensitive data exposure. FinWise has not disclosed detailed specifics or the conduct of the former employee but is defending against associated litigation. Problem Explained A former employee of FinWise Bank, a Utah-based fintech and banking services provider, accessed sensitive data associated…

Summary Points FinWise Bank experienced a data breach on May 31, 2024, caused by a former employee accessing sensitive files post-termination, impacting approximately 600,000-689,000 customers of American First Finance. The breach involved access to customer personal data, including full names and other sensitive information, although specifics on the exposed data remain undisclosed. FinWise launched an investigation with cybersecurity experts, strengthened internal controls, and is offering one year of free credit monitoring and identity theft protection to affected individuals. The incident has led to multiple class-action lawsuits against FinWise Bank, highlighting ongoing legal repercussions. Underlying Problem FinWise Bank recently disclosed that…

Quick Takeaways SectorJ149, a pro-Russian cybercriminal group, has shifted from financial motives to geopolitically motivated attacks targeting critical infrastructure, notably in manufacturing, energy, and semiconductor sectors across multiple countries. The group employs advanced, multi-stage attack techniques—including spear phishing, malware with steganography, process hollowing, and strategic use of cloud and open-source infrastructure—to infiltrate organizations and steal sensitive data. Evidence suggests their operations are coordinated with broader Russian geopolitical strategies, with attacks on Ukrainian and South Korean entities demonstrating high-level planning, resource sharing, and intelligence gathering. Their methods blur lines between cybercrime and state-sponsored activity, reflecting sophisticated social engineering and malware deployment…

Quick Takeaways The FBI warns of two hacker groups, UNC6040 and UNC6395, targeting Salesforce through social engineering and compromised OAuth tokens, leading to data theft and extortion. UNC6040 primarily used voice-phishing to deceive customer support staff into revealing employee credentials, with extortion demands following breaches. UNC6395 exploited compromised OAuth tokens associated with Salesloft Drift, an AI chatbot integrated with Salesforce, but actions like token revocation have halted ongoing access. Multiple breaches, potentially involving hundreds of organizations, are linked to these groups, with some connected to known hacking organizations and recent takedowns of Dark Web sites hinting at intensified law enforcement…

Fast Facts AI Threat Landscape: Artificial Intelligence has transformed both cyber defenses and attacks, enabling adversaries to execute large-scale, rapid cyberattacks like spear-phishing and polymorphic malware, thereby undermining traditional security measures. Browser as Control Plane: The web browser is now identified as the primary endpoint for AI-driven threats, making it crucial to implement a Secure Enterprise Browser (SEB) to standardize protection and contain incidents at their source. Strategic Benefits of SEBs: Utilizing SEBs enhances security by drastically reducing the attack surface, enabling scalable incident containment, ensuring compliance with emerging AI regulations, and optimizing costs through consolidation of security functionalities. Implementation…

Essential Insights The announcement of a collective cybercrime retirement by multiple groups was likely a marketing stunt, not a genuine transition, as indicated by the lack of recent financial activity and elaborate tone. Authorities and experts flagged red flags, such as staged retirement claims and no significant activity following the declaration, suggesting manipulation rather than real change. The purported letter claimed to represent a wide coalition of cybercrime gangs, including groups like LAPSUS$, Scattered Spider, and others, asserting they would go dark. The incident underscores that such public retirements in cybercrime are often fabricated and used as strategic ploys rather…

Fast Facts The largest npm supply chain attack involved malicious code in 18 packages, exploiting a single phishing breach of maintainer credentials, exposing vulnerabilities in open-source infrastructure. Attackers targeted high-traffic packages like chalk and debug, with malicious code designed to hijack cryptocurrency transactions via browser APIs and wallet interfaces, emphasizing the threat to digital assets. Despite minimal immediate financial theft, the incident highlights the fragility of the software supply chain, where millions of downloads can be compromised within minutes, demanding urgent security measures. Key lessons include strengthening maintainer security with phishing-resistant authentication, enhancing ecosystem safeguards, viewing every package compromise as…

Fast Facts The BlackNevas ransomware group, active since November 2024, targets businesses and critical infrastructure primarily across Asia, North America, and Europe with a sophisticated hybrid of file encryption and data theft threats. Operating independently without the Ransomware-as-a-Service model, BlackNevas employs advanced dual-encryption (AES and RSA) with distinct file extension patterns and supports command-line options to modify attack behavior. Its attacks focus heavily on the Asia-Pacific region (around 50%), with significant impacts in Japan, Thailand, South Korea, as well as in Europe and Connecticut, using targeted file exclusions and selective encryption strategies. BlackNevas’s encryption process is highly advanced, generating unique…