Author: Staff Writer

WASHINGTON (AP) — Hackers backing Tehran have targeted U.S. banks, defense contractors and oil industry companies following American strikes on Iranian nuclear facilities — but so far have not caused widespread disruptions to critical infrastructure or the economy.But that could change if the ceasefire between Iran and Israel collapses or if independent hacking groups supporting Iran make good on promises to wage their own digital conflict against the U.S., analysts and cyber experts say.The U.S. strikes could even prompt Iran, Russia, China and North Korea to double down on investments in cyberwarfare, according to Arnie Bellini, a tech entrepreneur and…

In today’s competitive landscape, GenAI and Large Language Models (LLMs) stand as indispensable assets for businesses, revolutionizing operations and boosting productivity. However, the power of these technologies comes with inherent security concerns that should not be overlooked. Whether you’re an IT professional, security expert, business leader, or simply intrigued by the future of GenAI and security, this webinar serves as your comprehensive guide to unraveling the complexities of securing innovation in the era of generative artificial intelligence. Engage in a dynamic conversation with our panelists Elad Schulman, CEO & Co-Founder of Lasso Security, and Nir Chervoni, Booking.com’s Head of Data Security, as…

Researchers have discovered yet another network of operational relay boxes (ORBs) controlled by suspected Chinese nation-state actors for cyber-espionage purposes.According to SecurityScorecard’s STRIKE research team, the ORB network, nicknamed “LapDogs,” has infected more than 1,000 nodes with a custom backdoor against “highly localized targets” in the US as well as Japan, South Korea, Hong Kong, and Taiwan. The researchers attributed the network to China-nexus actors with moderate confidence and noted similarities between LapDogs and other Chinese state-sponsored ORB networks.ORB networks have become a hallmark of increased threat activity from the People’s Republic of China (PRC). Various cybersecurity vendors have detailed how…

Top Highlights Phishing Alert: Trezor has warned users of a phishing campaign that exploits its automated support system to send deceptive emails, appearing legitimate but linking to phishing sites. Urgent Deceptive Messages: Attackers submit tickets with urgent subject lines, prompting automatic replies from Trezor’s official email that mislead users into providing their wallet seed for security. Seed Phrase Security: Users are cautioned never to share their wallet seed, as it serves as a master key to their assets, and anyone with it can access their funds. Ongoing Risks and Past Incidents: Trezor has faced multiple phishing attacks in the past,…

Essential Insights Security as an Enabler: AWS CISO Amy Herzog emphasizes that robust cybersecurity practices can accelerate the adoption of generative AI technology. Leveraging Existing Guardrails: Companies in regulated sectors like finance and healthcare utilize established security and data management protocols to minimize risks and enhance AI deployment. Enhanced Security Features: AWS introduced new security enhancements during the re:Inforce conference, focusing on identity management, data protection, and incident response. AI for Security Optimization: AWS is integrating AI into its security processes to streamline testing of third-party models, drastically reducing deployment time while maintaining high security standards. The Role of Security…

Top Highlights Ransomware Vulnerabilities: Organizations commonly fall victim to ransomware due to a mix of technical issues (32% attributable to exploited vulnerabilities) and operational challenges, with an average of 2.7 contributing factors identified per incident. Data Recovery Outcomes: While 97% of organizations managed to recover encrypted data, the success rate of recovery through backups has hit a six-year low, with 49% of those who paid the ransom successfully retrieving their data. Ransom Payment Trends: Initial ransom demands and actual payments dropped, particularly for amounts exceeding $5 million. The average payment was 85% of the initial demand, indicating a trend where…

Jun 24, 2025Ravie LakshmananVulnerability / Malware Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials. Positive Technologies, in a new analysis published last week, said it identified two different kinds of keylogger code written in JavaScript on the Outlook login page – Those that save collected data to a local file accessible over the internet Those that immediately send the collected data to an external server The Russian cybersecurity vendor said the attacks have targeted 65 victims in 26 countries worldwide, and marks a continuation…

Essential Insights FileFix Attack Method: Developed by cybersecurity researcher mr.d0x, FileFix is a variant of ClickFix that exploits the Windows File Explorer address bar to execute malicious PowerShell commands through social engineering. Execution Process: In a FileFix attack, victims are deceived into copying a command while believing they need to locate a shared file using a fake notification; the real command is disguised through a dummy file path. Risk and Adoption: FileFix showcases improved phishing techniques that threat actors may quickly adopt due to its user-friendly interface and effectiveness in tricking users into executing commands. Historical Context: ClickFix attacks have…

Summary Points Premium Decline: Cybersecurity insurance premiums decreased by 2.3% year-over-year, totaling approximately $7.1 billion in 2024, marking the first decline since 2015, driven by pricing changes rather than increased risk exposure. Profitability Maintained: Despite the decline in premiums, the loss ratio for cyber insurance providers remained below 50%, indicating ongoing profitability within the market. Self-Insurance Trend: Some large businesses are opting for self-insurance through captive insurance companies, which may contribute to the perceived decline in premiums, as they don’t report data to regulators. Emerging Risks: The increasing complexity of third-party vendor relationships poses significant challenges in the cyber-insurance sector,…

Essential Insights New Cyber Threat: Ukraine’s CERT-UA reports a cyber attack campaign by the Russia-linked APT28, utilizing Signal messages to disseminate malware families BEARDSHELL and COVENANT. BEARDSHELL Functionality: The C++-based BEARDSHELL malware can execute PowerShell scripts and send outcomes back to remote servers via Icedrive API, first identified in early 2024 alongside the SLIMAGENT screenshot tool. Infection Methodology: APT28 is targeting victims with Signal messages containing a macro-enabled Word document that installs malicious components, including a DLL and engineered PNG file to execute the COVENANT malware framework. Phishing Campaign Details: CERT-UA also revealed a broader phishing operation exploiting vulnerabilities in…