Author: Staff Writer

Summary Points Surge in Activity: An updated variant of the Prometei malware, a modular botnet affecting Windows and Linux, has seen increased activity since early 2025, primarily for cryptocurrency mining and credential exfiltration. Enhanced Features: The latest version includes a backdoor, self-updating capabilities, and a domain generation algorithm for command-and-control connectivity, indicating ongoing active development. Advanced Techniques: Prometei utilizes brute-force methods, exploits vulnerabilities, and creates services to maintain persistence, while it effectively evades detection during operations. Financial Motivation: While focused on Monero mining, Prometei also has secondary functions for credential theft and deploying further malware, with no known connections to…

Salesforce Is Mission-Critical, but That Doesn’t Mean It’s Protected At the beating heart of customer operations, the scope of Salesforce goes well and beyond traditional customer relationship management (CRM) systems. As a system of records, a sales engine, a service dashboard, and a repository for years of business-critical insight, deals flow through it continuously. Strategies depend on it. Customer relationships live or die by what they contain. Yet, despite this, a dangerous misconception persists: “It’s in the cloud, so it must be safe.” Unfortunately, this assumption is as costly as it is common. Here’s the reality. Salesforce operates under a…

Fast Facts Emerging Threat: A China-linked Advanced Persistent Threat (APT) known as LapDogs has created a network of over 1,000 backdoored nodes to carry out prolonged espionage targeting multiple industries in the US and Southeast Asia. Tactic of Infiltration: The APT primarily infects small office/home office (SOHO) routers with a custom backdoor named ShortLeash, allowing sustained stealthy access to compromised devices. Exploitation of Vulnerabilities: Most affected devices include Ruckus Wireless access points and Buffalo Technology routers, which were found to be vulnerable to specific, unpatched SSH-related CVEs: CVE-2015-1548 and CVE-2017-17663. Operational Linkage: The campaign is attributed to the Chinese APT…

Essential Insights Exploiting Legitimate Websites: Tech support scammers are ‘hacking’ major company websites to display their phone numbers, tricking users into calling them for support. Misleading Sponsored Ads: Scammers are buying Google ads that direct users to genuine sites like Apple and Microsoft, but the URLs are manipulated to show scam phone numbers in search results. Search Parameter Injection: This method uses search parameter injection techniques to poison search results on real support pages, making the fraudulent number appear legitimate. Endangering Personal Data: Once contacted, scammers impersonate the brand to steal personal information, financial data, or gain remote access to…

The application security landscape is constantly shifting, with new and sophisticated threats emerging daily. Are you confident your defenses are keeping pace? Join us as we delve into the complexities of emerging and evolving threats in 2024, the pivotal role of a multi-layered defense strategy, and best practices to eliminate security blind spots. Join an Elite Panel of Security Experts: Buu Lam, Community Evangelist, F5 DevCentral George Prichici, VP of Products, OPSWAT Adam Rocker, Director, Product Management, OPSWAT James Azar, CISO & Moderator for THN What to Expect in This One-Hour Webinar: Insights into the current security landscape,…

Essential Insights Cyber Espionage Warning: Canadian and U.S. security agencies have alerted about cyber attacks by the China-linked Salt Typhoon actors targeting major telecommunications providers, employing a critical vulnerability (CVE-2023-20198, CVSS 10.0) in Cisco software. Data Theft Techniques: The attackers accessed and modified configuration files of a Canadian telecom network, establishing a Generic Routing Encapsulation (GRE) tunnel to collect network traffic, indicating plans for broader data exfiltration. Broader Threat Assessment: The targeting may extend beyond telecoms, allowing threat actors to leverage compromised networks for reconnaissance and potential access to further devices, emphasizing ongoing vulnerabilities in edge network devices. Emerging Malware…

Quick Takeaways Nearly 10% of publicly accessible cloud storage buckets contain sensitive or confidential data, highlighting significant security risks. Over 80% of organizations using Amazon Web Services have enabled essential identity-checking services, indicating a trend towards improved security. The proportion of organizations with "triple-threat" cloud instances—publicly exposed, critically vulnerable, and highly privileged—fell from 38% to 29%, suggesting progress in addressing major vulnerabilities. Despite some improvements, serious concerns remain, such as 3.5% of AWS EC2 instances containing sensitive secrets, which could lead to severe exploitative incidents. Risks of Cloud Storage Exposure Recent studies reveal a troubling trend in cloud storage security.…

Quick Takeaways Nucor Restores Operations: The leading U.S. steel manufacturer, Nucor, has resumed full operations after a May cyberattack that affected limited information. Minimal Financial Impact: Nucor asserts the hack will not materially impact its financial performance, expecting earnings between $2.55 and $2.65 per share for Q2. Enhanced Security Measures: The company took its systems offline temporarily, collaborated with forensic experts, and reinforced IT security to prevent future attacks. Earnings Outlook Positive: Nucor anticipates increases in earnings across all business segments, particularly driven by higher average selling prices in its steel-mills division. Restoring Operations After a Data Breach Nucor, the…

Fast Facts The FTC has updated regulations under the Safeguards Rule, emphasizing that auto dealers must protect customer data and implement comprehensive security programs. Key updates include requirements for breach notifications within 30 days if data breaches impact over 500 customers, alongside a framework detailing ten elements for compliance. The updates reflect ongoing efforts to prioritize driver privacy amidst the increasing integration of internet technology in vehicles, with existing concerns about data misuse by automakers. The regulatory landscape is shifting, as both Democratic and Republican leadership push for accountability in mishandling customer data, impacting the automotive sector significantly. Importance of…

Quick Takeaways Four REvil ransomware members were released in January 2022 after pleading guilty to carding and malware distribution, having served their time in a detention center during their trial. The REvil group, known for its extensive ransomware operations and the Kaseya attack in July 2021, faced increased law enforcement pressure leading to multiple arrests, including a total of 14 individuals linked to the operation. U.S. actions against REvil included the arrest of affiliates and significant asset seizures, notably Yaroslav Vasinskyi, who was sentenced to 13 years in prison for his role in ransomware attacks. Following the collapse of REvil’s…