%term

The Evolution of Cyber Attacks: Lessons for Staying Safe in 2025

Dec 16, 2024 By SecuritySenses In SecuritySenses

The pace at which cyberattacks are evolving has accelerated in recent years, driven by technological advances, particularly artificial intelligence (AI) and machine learning. The sophistication of cybercriminals' tactics has reached unprecedented levels, posing new challenges for traditional cybersecurity defenses. In this article, we will explore the key developments in cyber threats, identify emerging risks, and offer practical lessons on how businesses and individuals can stay safe in 2025.

Read Post

SecuritySenses

Read more about The Evolution of Cyber Attacks: Lessons for Staying Safe in 2025

10 Common DeFi Security Risks & How to Mitigate Them

Dec 16, 2024 By SecuritySenses In SecuritySenses

Learn about the ten most common security risks in decentralized finance (DeFi) and how you can mitigate them.

Read Post

SecuritySenses

Read more about 10 Common DeFi Security Risks & How to Mitigate Them

The Key Steps to Ensuring DORA Compliance

Dec 13, 2024 By Alasdair Anderson, VP of EMEA In Protegrity

As we approach 2025, financial institutions across the EU face the challenge of complying with the Digital Operational Resilience Act (DORA), which is set to take effect on the 17th of January. DORA is focused on strengthening cybersecurity and operational resilience across financial ecosystems, with the consequences for non-compliance ranging from regulatory fines to reputational damage and an increased risk of cyberattacks.

Read Post

Protegrity

Read more about The Key Steps to Ensuring DORA Compliance

How Threat Hunters Can Detect Scattered Spider Attacks and Related Intrusions

Dec 12, 2024 By David Bunting In ChaosSearch

Cyberattacks are becoming more advanced, and groups like Scattered Spider are leading the way with their sophisticated techniques. This group is notorious for using social engineering methods like SIM swapping, voice phishing, and SMS phishing to trick employees into giving them access to sensitive systems. By pretending to be IT administrators, they bypass traditional security defenses, moving through networks unnoticed and stealing valuable data.

Read Post

ChaosSearch

Read more about How Threat Hunters Can Detect Scattered Spider Attacks and Related Intrusions

27 DDoS-for-Hire Platforms Neutralized in a Worldwide Police Crackdown

Dec 12, 2024 By Key Dutch In ImmuniWeb

Read also: An alleged Scattered Spider member arrested in the US, a Chinese hacker who compromised over 80,000 Sophos firewalls charged, and more.

Read Post

ImmuniWeb

Read more about 27 DDoS-for-Hire Platforms Neutralized in a Worldwide Police Crackdown

Analyzing Salt Typhoon: Telecom Attacker

Dec 12, 2024 By Trustwave In Trustwave

Salt Typhoon is a Chinese-speaking threat actor that the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have tied to a series of attacks that breached and exfiltrated data from several of the world's most prominent telecommunications companies. Trustwave SpiderLabs has created a deep analysis of the threat group Salt Typhoon, detailing the group's history, techniques, tactics, and procedures (TTP), and preferred targets.

Read Post

Trustwave

Read more about Analyzing Salt Typhoon: Telecom Attacker

27 DDoS-For-Hire Services Disrupted In Run-Up To Holiday Season

Dec 12, 2024 By Graham Cluley In Tripwire

In a co-ordinated international effort, the law enforcement agencies of 15 countries have made the holiday season a little less stressful for companies and consumers - by seizing control of some of the internet's most popular DDoS-for-hire services. Operation PowerOFF has disrupted what was anticipated to be a surge of distributed denial-of-service (DDoS) attacks over the Christmas period by taking over two dozen "booter" or "stresser" websites offline.

Read Post

Tripwire

Read more about 27 DDoS-For-Hire Services Disrupted In Run-Up To Holiday Season

The Ultralytics Supply Chain Attack: Connecting the Dots with GitGuardian's Public Monitoring Data

Dec 11, 2024 By Guillaume Valadon In GitGuardian

On December 4, 2024, the Ultralytics Python module was backdoored to deploy a cryptominer. Using GitGuardian’s data, we reconstructed deleted commits, connecting the dots with the initial analysis. This investigation highlights the value of GitGuardian’s data in understanding supply chain attacks.

Read Post

GitGuardian

Read more about The Ultralytics Supply Chain Attack: Connecting the Dots with GitGuardian's Public Monitoring Data

Ultralytics AI Pwn Request Supply Chain Attack

Dec 11, 2024 By Stephen Thoemmes In Snyk

The ultralytics supply chain attack occurred in two distinct phases between December 4-7, 2024. In the first phase, two malicious versions were published to PyPI: version 8.3.41 was released on December 4 at 20:51 UTC and remained available for approximately 12 hours until its removal on December 5 at 09:15 UTC. Version 8.3.42 was published shortly after on December 5 at 12:47 UTC and was available for about one hour before removal at 13:47 UTC.

Read Post

Snyk

Read more about Ultralytics AI Pwn Request Supply Chain Attack

Phishing Holds the Top Spot as the Primary Entry Point for Ransomware Attacks

Dec 10, 2024 By Stu Sjouwerman In KnowBe4

New analysis of ransomware attacks shows that phishing is the primary delivery method and organizations need to offer more effective security awareness training to mitigate the threat. Hornet Security’s Q3 2024 Ransomware Attacks Survey report paints a pretty bleak picture of how organizations have fared this year against ransomware attacks. So almost one in five organizations is a victim. According to the survey data, 52.3% of the attacks started with a phishing email.

Read Post