Author: Staff Writer

Top Highlights Incident Cause: Cloudflare’s 1.1.1.1 Resolver outage on July 14 was due to an internal misconfiguration linked to a future Data Localization Suite, not a cyberattack or BGP hijack, quashing related speculations. Global Impact: The misconfiguration caused widespread internet service interruptions, impacting key DNS IP ranges (1.1.1.1, 1.0.0.1, and their IPv6 counterparts), with a significant drop in DNS traffic observed. Response Timeline: The issue began around 21:48 UTC, was identified by 22:01 UTC, reverted by 22:20 UTC, and services were fully restored by 22:54 UTC, demonstrating a quick but critical response. Future Preventive Measures: Cloudflare plans to replace legacy…

Essential Insights Targeted Vulnerabilities: A cyber threat group identified as UNC6148 is exploiting fully-patched, end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances to deploy a backdoor called OVERSTEP, leveraging stolen credentials for access. Evasion Techniques: The attackers established a reverse shell to manipulate the appliance, utilizing a usermode rootkit to conceal their activities and maintain persistence by modifying the appliance’s boot process. Data Theft Intent: Google assesses that UNC6148’s operations are aimed at facilitating data theft and extortion, linked to previous attacks involving ransomware, particularly as one targeted organization was listed on a data leak site. Forensic Recommendations: Organizations…

Quick Takeaways Targeted Attacks: Google identified a financially motivated threat actor, UNC6148, exploiting vulnerabilities in SonicWall’s SMA 100 series appliances, allowing for data theft and potential ransomware deployment since October 2024. Vulnerability Exploitation: Despite the compromised SonicWall devices being fully patched, attackers gained access by exploiting known vulnerabilities to obtain local administrator credentials, with no indication that a zero-day exploit was used. Malware Introduction: The attackers deployed a new malware called "Overstep," which acts as a persistent backdoor and user-mode rootkit, capable of modifying the boot process and stealing sensitive credentials. Ransomware Connections: Although no clear monetization efforts have been…

Summary Points Ransomware Attack: Compumedics suffered a ransomware attack from February 15 to March 23, 2025, leading to the theft of personal information from approximately 318,150 individuals. Sensitive Data Compromised: The breach involved sensitive information, including names, dates of birth, medical records, Social Security numbers, and health insurance data of patients from several US healthcare providers. Attack Attribution: The VanHelsing ransomware group claimed responsibility for the attack on March 26, 2025, shortly after the data breach was discovered on March 22. Industry Context: Such healthcare data breaches are common, often affecting large numbers of individuals; previous incidents have seen impacts…

Essential Insights State-Sponsored Breach: Chinese hackers, identified as Salt Typhoon, infiltrated a state’s Army National Guard network, accessing sensitive configurationinformation and communication with other units, as reported by the Department of Defense. Extensive Targeting: Salt Typhoon has a history of cyberattacks, previously breaching U.S. telecommunications companies and targeting telecom providers in Canada, compromising sensitive data and systems. Data Exfiltration: From March to December 2024, the hackers stole 1,462 network configuration files from approximately 70 U.S. government and critical infrastructure entities across 12 sectors, using exploited vulnerabilities in Cisco and Palo Alto edge devices. Threat to Infrastructure: The breach threatens state-level…

Top Highlights Guilty Plea: Former US soldier Cameron John Wagenius, 21, pleaded guilty to fraud and identity theft for hacking into AT&T and Verizon, leaking presidential call logs, and engaging in extortion between April 2023 and December 2024. Hacking Techniques: Wagenius, using the alias ‘kiberphant0m’, acquired login credentials through an SSH Brute hacking tool and coordinated with co-conspirators via Telegram, targeting at least 10 organizations for fraudulent activities. Data Exfiltration and Extortion: The group exfiltrated sensitive data and threatened to publish it on cybercrime forums (like BreachForums), attempting to extort over $1 million from victim companies, while also selling stolen…

Are you ready to dive into the mysterious world of the deep, dark web and uncover the hidden threats targeting individuals and organizations? Join our exclusive, one-time-only webinar and empower yourself with the knowledge and tools necessary to stay ahead of cybercriminals lurking in the shadows. The deep, dark web – the underground – is a haven for cybercriminals, providing them with tools and resources to launch attacks for financial gain, political motives, and other purposes. However, it also offers a treasure trove of intelligence and information for cyber defenders, giving them valuable insights into the daily threats and tactics…

LONDON (AP) — Thousands of Afghans, including many who worked with British forces, have been secretly resettled in the U.K. after a leak of data on their identities raised fears that the Taliban could target them, the British government revealed Tuesday.The government said it is closing the program, which a rare court order had barred the media from disclosing.“To all those whose information was compromised, I offer a sincere apology today,” Defense Secretary John Healey said in the House of Commons. He said he regretted the secrecy and “have felt deeply concerned about the lack of transparency to Parliament and…

Fast Facts Rising Threat: Mobile phishing scams, particularly executive impersonation, are increasingly prevalent, with 77% of companies experiencing such attacks recently, yet only half express significant concern. Vulnerability: The survey of over 700 security leaders reveals a dangerous overconfidence in defenses, as many leaders admit to inconsistent visibility of social engineering attempts. Impersonation Tactics: Hackers utilize mobile voice and text phishing to access networks undetected, often leveraging trusted relationships and AI-generated technologies. Call to Action: Organizations must reassess cybersecurity strategies to enhance visibility and protection, while prioritizing ongoing training for mobile-centric threats to foster a culture of vigilance. Overconfidence Breeds…

Quick Takeaways Attack Claim: The cybercriminal group DragonForce has claimed responsibility for a recent data breach at Belk, a North Carolina department store chain, boasting approximately 156 GB of stolen data. Established Patterns: DragonForce is linked to a broader series of attacks on retail firms, including a significant breach of Marks & Spencer, indicating a collaboration with another group, Scattered Spider. Ransomware-as-a-Service Model: DragonForce operates as a Ransomware-as-a-Service, allowing various affiliates to access its infrastructure, complicating the identification of specific victims. Expanding Target Base: The group’s operations affect notable retailers in both the U.S. and the U.K., with evolving focus…