Author: Staff Writer

Essential Insights Data Breach Disclosure: Japan-based Nippon Steel Solutions revealed a data breach occurred due to the exploitation of a zero-day vulnerability on March 7, accessing sensitive information from customers, partners, and employees. Exposed Information: The breach potentially compromised customer names, company details, email addresses, and phone numbers; partner business emails; and employee names and titles. Investigation Findings: While the company has found no evidence of data being leaked on the dark web, they are investigating the situation further. Previous Incident Link: There are indications of potential links to a prior attack by the ransomware group BianLian, which claimed to…

New leadership roles underscore the firm’s commitment to scale, cross-functional alignment, and market differentiation MorganFranklin Cyber, a leading cybersecurity advisory firm, announced the promotion of two longtime leaders—Nick Stallone and Ferdinand Hamada—into newly created roles designed to support the firm’s strategic growth and client-centric mission. Nick Stallone has been named Head of Strategy & Planning and Chief of Staff, a new leadership role focused on enabling cross-functional alignment and spearheading strategic initiatives, and helping drive associated go-to-market strategies across the business. Within this role, Stallone will serve as a key facilitator of organizational strategic initiatives across pillar and sector leads,…

Fast Facts Ineffectiveness of Current MFA: Traditional methods including SMS and authenticator apps are vulnerable to real-time phishing attacks, providing a false sense of security while allowing attackers easy access through spoofed websites. Recent Breaches: High-profile incidents involving companies like Aflac and Erie Insurance demonstrate how attackers exploit weaknesses in MFA systems, often through social engineering and phishing techniques. Limitations of Passkeys: Although passkeys offer some improvements by binding credentials cryptographically, they remain susceptible to compromise if cloud accounts are hijacked or devices are infected with malware. Next-Gen Solutions: Hardware authenticators like Token Ring and Token BioStick eliminate vulnerabilities by…

Top Highlights Sanctions on North Korean Hacking: The U.S. Treasury sanctioned Song Kum Hyok, a North Korean national, linked to the Andariel hacking group for facilitating a fraudulent IT worker scheme targeting U.S. companies. Identity Theft for Remote Employment: From 2022 to 2023, Song allegedly used stolen U.S. identities to create aliases for North Korean workers applying for remote IT jobs, enabling an ongoing revenue stream for North Korea. International Action and Collaboration: Respective measures included sanctions against Russian entities orchestrating the scheme, showcasing the need for global cooperation against transnational cyber threats and enhancing awareness of North Korea’s illicit…

Quick Takeaways Multiple Vulnerabilities Identified: Ruckus Wireless Virtual SmartZone (vSZ) and Network Director (RND) have nine critical vulnerabilities that can lead to authentication bypass, arbitrary file access, and remote code execution (RCE), compromising managed environments. Hardcoded Secrets and Access Issues: Both vSZ and RND utilize hardcoded secrets, including JWT tokens and SSH keys, enabling attackers to gain high privileges and potentially execute RCE through unsanitized user inputs. Lack of Communication and Patching: CERT/CC reports unsuccessful attempts to contact Ruckus Wireless or its parent, Commscope, for remediation; no patches are currently available, advising users to isolate affected products. Chained Attack Potential:…

Fast Facts Arrest of Xu Zewei: A 33-year-old Chinese national was arrested in Milan for links to the state-sponsored hacking group Silk Typhoon, charged with wire fraud and identity theft for cyber attacks against U.S. organizations and government agencies between 2020 and 2021. Exploitation of Microsoft Vulnerabilities: The hacker group is accused of exploiting zero-day flaws in Microsoft Exchange Server, part of a larger campaign known as "Hafnium," targeting over 60,000 U.S. entities to steal sensitive information. Involvement in Espionage: Xu allegedly participated in China’s espionage efforts during the COVID-19 pandemic, attempting to access vaccine research from U.S. universities while…

Quick Takeaways Cyberattack Impact: Nova Scotia Power experienced a cyberattack in April, leading to disruptions in communication between power meters and company systems, although no power outages occurred. Customer Billing Delays: The utility paused customer billing due to the disruptions, and estimated bills are being issued until full communication is restored; approximately 280,000 customers are affected. Data Breach: The attack resulted in the theft of personal data, including names, contact details, power consumption, and sensitive information like Social Insurance and bank account numbers, impacting both current and former customers. Geographical Reach: While Nova Scotia Power serves 550,000 customers primarily in…

Welcome to your Daily CyberTech Highlights! Each day, we bring you the most essential news and insightful analysis from the world of Cybersecurity, Cloud security, Data protection, Data privacy and Technology. Stay informed on the latest trends, threats, and innovations shaping the digital landscape, so you can make informed decisions and stay ahead of the curve. Let’s dive into today’s top stories! Daily CyberTech Highlights Brand Covered: DNSFilter  Headline: DNSFilter Research Warns Tycoon 2FA Expanding Phishing-as-a-Service Operation DNSFilter researchers have discovered that the Tycoon 2FA phishing-as-a-service (PhaaS) platform has significantly expanded its operations, including surging use of Spanish (.es) domains. This expansion marks a strategic…

Essential Insights Arrest of Chinese Hacker: Xu Zewei, a 33-year-old Chinese national, was arrested in Italy and faces nine charges related to cyberattacks for China’s state-sponsored hacking group, Silk Typhoon, alongside a co-conspirator, Zhang Yu, who remains at large. Cyberattacks on Key Sectors: The Silk Typhoon group, linked to significant cyberattacks, notably targeted COVID-19 research, US Treasury, and affected healthcare and educational institutions globally between February 2020 and June 2021. Exploitation of Vulnerabilities: Xu and his network exploited Microsoft Exchange vulnerabilities to access sensitive information, including emails from U.S. universities and law firms, escalating the risks posed by state-sponsored hacking.…

Organizations today rely on digital assets to conduct business, but identity threats have become a critical risk factor. As attackers relentlessly seek to compromise user identities for malicious access, it’s become increasingly apparent there are serious gaps in the tools organizations use to protect themselves. Silverfort commissioned an extensive study from Osterman Research, a leading cybersecurity consulting firm, which has revealed the full extent of these security gaps. Our upcoming webinar will examine the state of the Identity Attack Surface and explore the various ways organizations remain dangerously exposed to attacks involving compromised credentials. Join us to explore: What…