Tag: tactics
-
North Korean Kimsuky Hackers Deploy New Tactics and Malicious Scripts in Recent Attacks
by
in SecurityNewsSecurity researchers have uncovered a new attack campaign by the North Korean state-sponsored APT group Kimsuky, also known as >>Black Banshee.
-
Rising attack exposure, threat sophistication spur interest in detection engineering
by
in SecurityNews
Tags: access, ai, attack, automation, banking, ceo, ciso, cloud, compliance, cyber, cybersecurity, data, detection, endpoint, exploit, finance, framework, healthcare, infrastructure, insurance, intelligence, LLM, malware, mitre, network, programming, ransomware, RedTeam, risk, sans, siem, software, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-dayMore than the usual threat detection practices: Proponents argue that detection engineering differs from traditional threat detection practices in approach, methodology, and integration with the development lifecycle. Threat detection processes are typically more reactive and rely on pre-built rules and signatures from vendors that offer limited customization for the organizations using them. In contrast, detection…
-
Unmasking Kimsuky’s Latest Tactics: A Deep Dive into Malicious Scripts and Payloads
by
in SecurityNewsRecently, K7 Labs provided an insightful analysis of a campaign attributed to the North Korean APT group Kimsuky, First seen on securityonline.info Jump to article: securityonline.info/unmasking-kimsukys-latest-tactics-a-deep-dive-into-malicious-scripts-and-payloads/
-
Ransomware Shifts Tactics as Payouts Drop: Critical Infrastructure in the Crosshairs
by
in SecurityNewsThreats themselves change very little, but the tactics used are continually revised to maximize the criminals’ return on investment and effort. The post Ransomware Shifts Tactics as Payouts Drop: Critical Infrastructure in the Crosshairs appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ransomware-shifts-tactics-as-payouts-drop-critical-infrastructure-in-the-crosshairs/
-
Pocket Card Users Targeted in Sophisticated Phishing Campaign
by
in SecurityNewsA new phishing campaign targeting Japanese Pocket Card users has been uncovered by Symantec. The attackers are employing sophisticated tactics to deceive cardholders into divulging their login credentials, potentially compromising their financial accounts. Japanese Cardholders at Risk of Credential Theft The phishing operation begins with fraudulent emails masquerading as official notifications from Pocket Card’s online…
-
VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics
by
in SecurityNewsA ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025.”The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%,” Check Point said in…
-
Chinese ‘Web Shell Whisperer’ Leverages Shells and Tunnels to Establish Stealthy Persistence
by
in SecurityNewsA recent cyber espionage operation by a China-nexus threat actor, dubbed >>Weaver Ant,
-
âš¡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
by
in SecurityNewsA quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects.That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the…
-
Hybrid Threats and AI: Shaping the Future of EU’s Organized Threat Landscape in 2025
by
in SecurityNewsThe European Union’s landscape of serious and organized crime is undergoing a significant transformation, according to the latest EU-SOCTA 2025 report released by Europol. This comprehensive assessment highlights how hybrid threats and artificial intelligence (AI) have become the core elements of the organized threat landscape in Europe, reshaping the tactics, tools, and strategies employed by…
-
Trump order on information sharing appears to have implications for DOGE and beyond
by
in SecurityNews
Tags: tacticsA new executive order on breaking down “information silos” across federal agencies does not mention DOGE’s aggressive tactics or the related legal challenges, but experts say the document clearly points in that direction. First seen on therecord.media Jump to article: therecord.media/trump-executive-order-information-silos-data-sharing-doge
-
VanHelsing Ransomware Targets Windows Systems with New Evasion Tactics and File Extension
by
in SecurityNews
Tags: advisory, breach, cyber, cybersecurity, data, encryption, extortion, leak, ransomware, tactics, windowsThe cybersecurity landscape has been recently disrupted by the emergence of the VanHelsing ransomware, a sophisticated strain identified by the CYFIRMA Research and Advisory Team. This ransomware targets Windows systems, employing advanced encryption techniques and appending a unique >>.vanhelsing
-
New KnowBe4 Report Reveals a Spike in Phishing Campaigns
by
in SecurityNewsKnowBe4, Security Awareness Training leader, today launched its Phishing Threat Trend Report, detailing key trends, new data, and threat intelligence insights surrounding phishing threats targeting organisations at the start of 2025. Based on data generated by KnowBe4 Defend, this edition highlights the growing threat of ransomware and explores how cybercriminals are using sophisticated tactics to…
-
New Arcane Stealer Spreads via YouTube, Stealing VPN and Browser Login Credentials
by
in SecurityNewsA new malware campaign has been uncovered, involving a sophisticated stealer known as Arcane, which is distributed through YouTube videos promoting game cheats. This campaign highlights the evolving tactics of cybercriminals, who continue to exploit popular platforms to spread malware. The Arcane stealer is notable for its extensive data collection capabilities, targeting a wide range…
-
Dragon RaaS Leading “Five Families” Crimeware with New Initial Access Exploitation Tactics
by
in SecurityNewsDragon RaaS, a ransomware group known for its blend of hacktivism and cybercrime, has emerged as a significant player in the >>Five Families
-
How CISOs are approaching staffing diversity with DEI initiatives under pressure
by
in SecurityNewsStaffing diversity can help avoid homogenous thinking: Similarly, Sam McMahon, senior manager of IT and security at Valimail, underscores the necessity of representing different backgrounds and mindsets.”In my experience, even small security teams benefit greatly from the variety of perspectives that come with different backgrounds and skill sets,” he says. “We know that the majority…
-
Emulating the Sophisticated Chinese Adversary Salt Typhoon
by
in SecurityNewsAttackIQ has released a new assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the sabotage-motivated Chinese adversary Salt Typhoon. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/emulating-the-sophisticated-chinese-adversary-salt-typhoon/
-
Russia using criminal networks to drive increase in sabotage acts, says Europol
by
in SecurityNewsProxies deploying tactics including migrant smuggling in destabilisation efforts across EU, enforcement agency finds<ul><li><a href=”https://www.theguardian.com/world/live/2025/mar/18/trump-putin-call-ukraine-ceasefire-proposals-european-council-meeting-europe-live-news-latest”>Europe live latest updates</li></ul>Russia and other state actors are driving an increase in politically motivated cyber-attacks and sabotage of infrastructure and public institutions in the EU, the bloc’s police enforcement agency has found.Europol’s 80-page serious and organised crime threat assessment for…
-
Tomcat PUT to active abuse as Apache deals with critical RCE flaw
by
in SecurityNews
Tags: apache, api, attack, authentication, backdoor, cve, cvss, data, encryption, exploit, flaw, malicious, rce, remote-code-execution, tactics, threat, update, vulnerability) exploit released for the flaw, CVE-2025-24813, just 30 hours after it was publicly disclosed.”A devastating new remote code execution (RCE) vulnerability is now actively exploited in the wild,” Wallarm said in a blog post. “Attackers need just one PUT API request to take over vulnerable Apache Tomcat servers.”PUT API requests are used to update…
-
BlackLock Ransomware Strikes Over 40 Organizations in Just Two Months
by
in SecurityNewsIn a concerning escalation of cyber threats, the BlackLock ransomware group has executed a series of attacks on over 40 organizations across various sectors in the first two months of 2025. This surge in activity positions BlackLock as one of the most active and formidable ransomware-as-a-service (RaaS) operators of the year. The group’s tactics, including…
-
Report on ransomware attacks on Fortinet firewalls also reveals possible defenses
by
in SecurityNews
Tags: access, attack, authentication, automation, backdoor, backup, ciso, control, credentials, cve, cybercrime, data, data-breach, defense, exploit, firewall, fortinet, group, infrastructure, Internet, lockbit, malicious, monitoring, network, password, radius, ransom, ransomware, risk, router, tactics, threat, tool, update, vpn, vulnerability, windowsSigns of intrusion: “This actor exhibits a distinct operational signature that blends elements of opportunistic attacks with ties to the LockBit ecosystem,” Forescout said in its analysis.”Mora_001’s relationship to the broader Lockbit’s ransomware operations underscores the increased complexity of the modern ransomware landscape where specialized teams collaborate to leverage complementary capabilities.”CISOs should note these consistent…
-
Best Cloud Pentesting Tool in 2025: Azure, AWS, GCP
by
in SecurityNews
Tags: breach, cloud, data, data-breach, exploit, hacker, penetration-testing, risk, tactics, tool, vulnerabilityCloud pentesting involves manually or automatically exploiting vulnerabilities detected by a security expert or vulnerability scanner, simulating real-world hacker tactics to uncover weaknesses. By identifying these vulnerabilities, cloud providers and customers can strengthen data security and mitigate risks, preventing incidents like the February 2024 23andMe breach, which exposed the private data of over 700 million……
-
Lazarus Breaches IIS: Web Shells Evolving C2 Tactics Unveiled
by
in SecurityNewsThe notorious North Korean threat actor Lazarus Group has been identified breaching Windows web servers to establish command-and-control First seen on securityonline.info Jump to article: securityonline.info/lazarus-breaches-iis-web-shells-evolving-c2-tactics-unveiled/
-
Silk Typhoon Targeting IT Supply Chains and Network Devices, Microsoft Reports
by
in SecurityNews
Tags: china, espionage, exploit, group, intelligence, microsoft, network, supply-chain, tactics, threatMicrosoft Threat Intelligence has issued new reporting about tactics being used by Silk Typhoon (also called APT27 or HAFNIUM by some researchers). Silk Typhoon is a Chinese espionage group, observed targeting Microsoft Exchange Servers in 2021, now reported to be targeting common IT solutions for initial access. Microsoft reports that Silk Typhoon exploits unpatched applications,……
-
FBI and CISA Urge Enabling 2FA to Counter Medusa Ransomware
by
in SecurityNewsFBI and CISA warn of Medusa ransomware attacks impacting critical infrastructure. Learn about Medusa’s tactics, prevention tips, and… First seen on hackread.com Jump to article: hackread.com/fbi-cisa-urge-enabling-2fa-counter-medusa-ransomware/
-
Medusa Ransomware Turns Critical Infrastructure to Stone
by
in SecurityNewsFBI Ties Group to Triple-Extortion Tactics Involving Follow-On Ransom Demands. The Medusa ransomware group has been continuing to pummel critical infrastructure sectors across America, warns a joint U.S. government alert. The FBI said the group’s tactics include triple extortion, meaning it continues to shake victims down for a ransom, even after they’ve paid. First seen…
-
CISA, FBI Warn of Medusa Ransomware Impacting Critical Infrastructure
by
in SecurityNewsCISA and FBI warn of Medusa ransomware impacting over 300 victims across critical infrastructure sectors with double extortion tactics First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-fbi-warn-medusa-ransomware/