threat
-
Blog
/cdn.vox-cdn.com/uploads/chorus_asset/file/25829976/STK051_TIKTOKBAN_B_CVirginia_B.jpg)
The Biden White House says TikTok’s threat to go dark is a ‘stunt’
White House Press Secretary Karine Jean-Pierre called TikTok’s threat to “go dark” tomorrow a “stunt,” and said there is no reason that TikTok or any other companies should take any actions under the ban before the Trump administration is sworn in Monday morning, several news outlets are reporting. “It is a stunt, and we see no reason for TikTok or…
Read More » -
Blog
Microsoft files suit against threat actors abusing AI services
Microsoft has filed a lawsuit against 10 foreign threat actors, accusing the group of stealing API keys for its Azure OpenAI service and using it to run a hacking as a service operation. According to the complaint, filed in December 2024, Microsoft discovered the customer API keys were being used to generate illicit content in late July that year. After…
Read More » -
Blog
China-Linked Cyber Threat Group Hacks US Treasury Department
A Chinese-state-sponsored cyberattack compromised the U.S. Treasury, gaining access to classified documents through a vulnerability through third-party cybersecurity provider BeyondTrust. The breach, revealed on Dec. 31, underscores the growing sophistication of state-backed cyber espionage efforts. “Treasury takes very seriously all threats against our systems, and the data it holds,” a department spokesperson said in a statement. “Over the last four…
Read More » -
Blog
Chinese threat actors breached the US Treasury in ‘major incident’ – here’s what you need to know
Chinese threat actors were able to access highly sensitive information held by the US Treasury Department after compromising a third party service used for remote IT support. On 8 December, cybersecurity firm BeyondTrust warned users it had discovered an API key for its remote support SaaS solution had been compromised. The stolen key could allow threat actors to trigger password…
Read More » -
Blog
Winnti hackers target other threat actors with new Glutton PHP backdoor
The Chinese Winnti hacking group is using a new PHP backdoor named ‘Glutton’ in attacks on organizations in China and the U.S., and also in attacks on other cybercriminals. Chinese security firm QAX’s XLab discovered the new PHP malware in late April 2024, but evidence of its deployment, along with other files, dates back to December 2023. XLab comments that,…
Read More » -
Blog
Threat of personal liability has CISOs sweating
CISOs are feeling the pressure over stories of their peers being held personally liable for cybersecurity incidents. In the most notorious example, the US Securities and Exchange Commission (SEC) last year announced that it was filing charges against both SolarWinds and its CISO, Tim Brown, amid allegations of “fraud and internal control failures relating to allegedly known cybersecurity risks and…
Read More » -
Blog
Cloudflare’s developer domains increasingly abused by threat actors
Cloudflare’s ‘pages.dev’ and ‘workers.dev’ domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities. According to cybersecurity firm Fortra, the abuse of these domains has risen between 100% and 250% compared to 2023. The researchers believe the use of these domains is aimed at improving the legitimacy and effectiveness…
Read More » -
Blog
UK underestimates threat from hostile states, says new NCSC head
The UK is failing to take cyber threats seriously enough, the new head of the National Cyber Security Centre (NCSC) has warned. In his first major speech in the role, Richard Horne is warning that organizations are underestimating the risks from hostile states and cyber criminals. Speaking at the NCSC’s headquarters for the launch of its Annual Review, Horne stressed…
Read More » -
Blog
Fresh warning issued over encryption-less ransomware as notorious threat group shifts tactics
Security agencies have updated their information on notorious ransomware gang BianLian, warning the group has shifted its tactics and is moving away from encryption based attacks. A cybersecurity advisory issued by the FBI, CISA, and Australia Cyber Security Centre was recently updated on 20 November 2024 to reflect a change in tactics from the group, signaling a potentially wider shift…
Read More » -
Blog
The biggest IT threat? That seemingly innocuous web browser – Computerworld
Desktop vs. mobile. Some enterprises might need to consider standardizing on one browser for desktop and possibly a different browser for mobile. IT political issues. Some of the browsers with major market share are deeply integrated with one vendor’s environments, such as Google Chrome and Microsoft Edge. Depending on how your environments are integrated with different platforms, this could be…
Read More »