Security News

Insight The developers of EvilProxy - a phishing kit dubbed the "LockBit of phishing" - have produced guides on using legitimate Cloudflare services to disguise malicious traffic. "In recent months, Proofpoint has observed a significant increase in EvilProxy campaigns that use Cloudflare services to disguise their traffic, which prevents automated sandbox detection and ensures only targeted human users interact with the phishing links to receive the credential phishing landing pages," Blackford explained.

The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. SideWinder, which is also known by the names APT-C-17, Baby Elephant, Hardcore Nationalist, Rattlesnake, and Razor Tiger, is assessed to be affiliated with India.

Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks. Ransomware groups have focused on creating lockers dedicated to encrypting ESXi VMs rather than targeting specific ESXi vulnerabilities that would provide them a quicker way of acquiring and maintaining access to a victim's hypervisors.

Cloud GenAI workloads inherit pre-existing cloud security challenges, and security teams must proactively evolve innovative security countermeasures, including threat detection mechanisms. More recently, detection engineering has spun off as a specialized aspect of threat detection, allowing detection engineers to customize threat detection systems.

Acronis warned customers to patch a critical Cyber Infrastructure security flaw that lets attackers bypass authentication on vulnerable servers using default credentials. Acronis Cyber Protect is a unified multi-tenant platform that combines remote endpoint management, backup, and virtualization capabilities and helps run disaster recovery workloads and store enterprise backup data securely.

The U.S. Department of Justice on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world. "Rim Jong Hyok and his co-conspirators deployed ransomware to extort U.S. hospitals and health care companies, then laundered the proceeds to help fund North Korea's illicit activities," said Paul Abbate, deputy director of the Federal Bureau of Investigation.

As AI-generated deepfake attacks and identity fraud become more prevalent, companies are developing response plans to address these threats, according to GetApp. Much like phishing attack preparation, it appears that companies are looking to run simulations of attacks to increase preparedness as a majority of respondents work in companies where this is already implemented.

The US Department of Justice on Thursday charged a North Korean national over a series of ransomware attacks on stateside hospitals and healthcare providers, US defense companies, NASA, and even a Chinese target. An indictment [PDF] named Rim Jong Hyok as a participant in "a conspiracy to hack and extort US hospitals and other health care providers, launder the ransom proceeds, and then use these proceeds to fund additional computer intrusions into defense, technology, and government entities worldwide."

The U.S. State Department is offering a reward of up to $10 million for information that could lead to the identification or location of a North Korean military hacker identified as Rim Jong Hyok. Part of the Andariel North Korean hacking group, Hyok and other Andariel operatives were linked to Maui ransomware attacks targeting critical infrastructure and healthcare organizations across the United States.

A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. "APT45 is a long-running, moderately sophisticated North Korean cyber operator that has carried out espionage campaigns as early as 2009," researchers Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, and Michael Barnhart said.