Author: Staff Writer

Fast Facts A covert malware-as-a-service group, TAG-150, has been distributing custom remote access Trojans (RATs), primarily targeting U.S. government agencies and critical infrastructure, with over 1,600 known attacks. The operation remains largely hidden, with no significant presence on the Dark Web, suggesting it may be exclusive and operated by more sophisticated cybercriminals, complicating detection and law enforcement efforts. TAG-150 has developed two distinct RAT variants—an invasive C-based version with broad features and a stealthy Python-based "PyNightshade"—aimed at maximizing operational flexibility and evading antivirus detection. The group’s evolving malware toolkit indicates intentions to scale operations, potentially expanding its reach and sophistication,…

Quick Takeaways Robust OT cybersecurity is essential for maintaining operational uptime, enabling innovation, and ensuring resilience in industrial environments, thus transforming it from a cost to a strategic business enabler. Integrating cybersecurity from the design phase (cyber-by-design) and establishing governance, shared metrics, and cross-functional collaboration are crucial for aligning OT security with business goals and accelerating digital transformation. Strong OT cybersecurity foundations facilitate advanced initiatives like AI at the edge, secure data integration, predictive maintenance, and real-time analytics, ultimately driving efficiency and competitive advantage. Embedding cybersecurity early in new infrastructure development reduces costs, mitigates risks, and enhances overall security posture,…

Fast Facts Traditional security testing is inadequate for AI systems; specialized AI penetration testing addresses unique threats like prompt injection and data poisoning to ensure security and trustworthiness. Leading companies such as CalypsoAI, Mindgard, and Lakera provide automated, comprehensive platforms tailored for AI vulnerabilities, integrating into development processes to proactively secure AI models. Runtime monitoring and red teaming by firms like HiddenLayer and Robust Intelligence are crucial for defending live AI systems against emerging adversarial attacks, especially in sensitive sectors. The industry emphasizes a combination of expert-led, research-driven testing and scalable, automated solutions, vital for organizations to safeguard their AI…

Summary Points Operation BarrelFire: A new Russian threat group, Noisy Bear, is targeting Kazakhstan’s energy sector, particularly KazMunaiGas, using sophisticated phishing tactics with fake internal communication leading to malware deployment. Phishing Mechanics: The attack starts with a phishing email containing a ZIP file, which includes a malicious Windows shortcut that ultimately installs a reverse shell implant via a PowerShell loader named DOWNSHELL. Infrastructure Insights: The threat actor’s infrastructure is linked to a Russian bulletproof hosting provider, Aeza Group, which has been sanctioned by the U.S. for supporting malicious activities. Broader Threat Landscape: Parallel campaigns identified by HarfangLab show Belarus-aligned actors…

Quick Takeaways The GPUGate campaign manipulates Google Ads and GitHub to trick users into downloading malware, exploiting trust in both platforms to deliver malicious payloads. It employs a novel GPU-gated decryption technique, only decrypting its payload if a physical GPU is detected, making analysis difficult in sandbox environments. The malware targets IT professionals and developers in Western Europe, aiming for organizational access to steal credentials, exfiltrate data, or deploy ransomware. Once inside, it elevates privileges via PowerShell, establishes persistence, and evades detection by modifying Windows Defender, representing an advanced and ongoing threat since late 2024. Problem Explained The “GPUGate” malware…

Quick Takeaways New Certification: ISC2 introduces the Threat Handling Foundations Certificate to enhance the digital forensics and incident response (DFIR) skills of cybersecurity professionals. Skills Gap Awareness: A survey reveals that nearly 60% of cybersecurity professionals feel the skills gap hinders their organization’s security, with 25% noting a lack of DFIR experience. Hands-On Learning: The certificate program includes four on-demand courses totaling 13 hours, focusing on practical application to develop job-ready skills in responding to cybersecurity threats. Career Advancement: Completing the certification earns ISC2 members 13 continuing professional education (CPE) credits, helping them advance their careers and strengthen their teams…

Essential Insights Launch of "Cyber Lifeguard": HD Tech introduces a new initiative to address a 42% increase in cyber attacks, emphasizing readiness to respond to breaches rather than just prevention. Rising Cyber Threats: Recent data reveals significant spikes in targeted cyber threats in Orange County, including a 52% surge in government contractor attacks and a 33% rise in healthcare breaches. Innovative "Right of Boom" Approach: HD Tech differentiates itself by equipping businesses for rapid recovery post-breach, boasting a track record of zero successful ransomware incidents. Enterprise-Level Security for SMBs: As a Microsoft and Fortinet partner, HD Tech delivers robust cybersecurity…

Top Highlights Partnership with Entrust: OpenSSL Corporation enhances its code signing security by integrating Entrust nShield 5c HSMs, a critical move for ensuring the integrity of its software releases. FIPS 140-3 Certification: The selected HSMs provide a secure root of trust for OpenSSL’s code signing keys, helping prevent forgery and maintain global trust in the OpenSSL Library. Quantum Readiness: Entrust’s nShield 5c supports both classical and NIST-standardized post-quantum algorithms, preparing OpenSSL for future cryptographic challenges amid advancements in quantum computing. Future-Proof Security: The integration of HSMs signifies OpenSSL’s commitment to secure code signing today while ensuring resilience against tomorrow’s quantum…

Quick Takeaways Leadership Addition: David Luber, former Director of Cybersecurity at the NSA, joins Core4ce’s Board of Advisors, enhancing its expertise in defense technology. Extensive Experience: With nearly four decades at the NSA, Luber has significantly impacted cybersecurity operations across the Intelligence Community and Department of Defense. Company Mission: Core4ce specializes in federal cybersecurity, offering comprehensive solutions to enhance digital resilience and counter emerging threats. Strategic Guidance: Luber’s appointment, alongside other distinguished leaders on the Board, aims to inspire innovation and strengthen partnerships within the complex security landscape. Strengthening Cybersecurity Through Experience Core4ce recently announced the appointment of David Luber…

Essential Insights Kali Linux is the industry standard for professional penetration testing, offering extensive tools, comprehensive documentation, and strong community support, but it demands significant system resources. Parrot OS provides a resource-efficient, user-friendly alternative with strong privacy features, making it ideal for educational use, low-resource environments, and privacy-focused operations. Kali Linux is favored for formal security assessments and certifications, while Parrot OS excels in privacy, digital forensics, and resource-constrained setups. The choice depends on specific needs: Kali for enterprise security and compliance, Parrot for accessibility, privacy, and performance on limited hardware. The Issue The story compares two leading Linux distributions…