Australian Spycatchers Snatch Pair of Married Russian Operatives
A 40-year-old Australian Defence Force (ADF) army private and her 62-year-old husband have been arrested and charged with spying for Russia, as part of a sting operation named BURGAZADA. The pair, Kira and Igor Korolev, have lived in Australia for more than a decade and were arrested at home in Brisbane on July 11. Each…
Cisco Talos analyzes attack chains, network ransomware tactics
As ransomware continues to be the scourge of enterprise security teams, Cisco’s Talos security intelligence group recently analyzed ransomware groups to identify common techniques and offer recommendations to help security team better protect their businesses. Cisco Talos reviewed 14 prominent ransomware groups between 2023 and 2024 and studied volume of attacks, impact on customers, and…
Akira Ransomware: Lightning-Fast Data Exfiltration in 2-Ish Hours
Akira ransomware actors are now capable of squirreling away data from victims in just over two hours, marking a significant shift in the average time it takes for a cybercriminal to move from initial access to information exfiltration. That’s the word from the BlackBerry Threat Research and Intelligence Team, which today released a breakdown of…
Evolve data breach impacted upward of 7.64 million consumers
The number of persons affected by a recent data breach at Evolve Bank & Trust exceeds 7.64 million, a document submitted to the Office of the Maine Attorney General this week by the law firm representing the financial services organization reveals. According to the document, the breach occurred on February 9, but was not discovered…
Feds Uncover Sprawling, GenAI-Enabled Russian Troll Farm
The Justice Department has announced the seizure of two domain names as well as nearly 1,000 social media accounts used by Russian actors to create and spread disinformation in the United States. US agencies including the FBI and Cyber National Mission Force (CNMF), alongside agencies in Canada and the Netherlands, released a joint advisory detailing…
Trojanized JQuery Packages Spread via ‘Complex’ Supply Chain Attack
Once again, cyberattackers are targeting JavaScript developers — this time in a “complex and persistent supply chain attack” that’s distributing Trojanized packages for the popular JavaScript library jQuery across GitHub, Node Package Manager (npm), and jsDelivr repositories. Each package contains a copy of jQuery with one small difference: the end function, a part of the…
Cisco adds heft to cybersecurity push with acquisitions, new talent
With new leadership, key acquisitions, and a platform-based vision, Cisco is betting big on security. Cisco’s dominance in networking and telecommunications products and services is well established, but its role in cybersecurity is less cemented. It has provided security software and network security appliances for some time, and it’s one of the dominant players in…
How CISA Plans to Measure Trust in Open-Source Software
The United States cyber defense agency is creating a new framework to answer a critical question in cybersecurity: How can the trustworthiness of open-source security projects be accurately measured and transparently communicated? The Cybersecurity and Infrastructure Security Agency is in the second phase of its open-source software security road map, according to a Monday blog…
What’s the Best Strategy for Exploiting Flaws in Ransomware?
What’s the best strategy for handling a known vulnerability in ransomware that helps victims decrypt their files for free? Security researchers and law enforcement have two options: stealth or reach. Stealth prolongs the life of the vulnerability and the ability of security teams to exploit it. Reach makes sure that more people know about it,…
New Golang-based Zergeca Botnet appeared in the threat landscape
Researchers at the QiAnXin XLab team uncovered a new Golang-based botnet called Zergeca that can carry out distributed denial-of-service (DDoS) attacks. On May, 2024, the researchers detected a suspicious ELF file at /usr/bin/geomi that was uploaded from Russia to VirusTotal. The file was packed with a modified UPX and had a unique magic number, 0x30219101,…
