CyberSecurity Updates

10 Apr

China-based SMS Phishing Triad Pivots to Banks

Information, Insights

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff. An image of an iPhone device farm shared on Telegram by one of the Smishing Triad…

Read More
10 Apr

Botnets: remote controls for cybercriminals

Information

As promised in our post about the European Cyber Security Month during October, we are publishing about Botnets and Exploits this week. Even though we had the Poodle flaw in the web encryption standard a few days ago, we are using this week to explain what are botnets and exploits and how they work. Ignacio Pérez 20 Oct 2014  •  , 3 min. read As promised in our post about the European Cyber Security Month…

Read More
10 Apr

Myths about malware: an exploit is the same as malware

Information

In this post we want to share with you a question that arose from the first post in this series: whether exploits are the same as malware. What are we talking about? The best way to debunk any myth is to start by understanding what it is we are talking about. Camilo Gutiérrez Amaya 21 Oct 2014  •  , 2 min. read Continuing with our support to the European Cyber Security Month, we are publishing…

Read More
10 Apr

Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland

Information

State organizations and private businesses from various sectors in Ukraine and Poland have been targeted with new versions of BlackEnergy, a malware that’s evolved into a sophisticated threat with a modular architecture. Robert Lipovsky 22 Sep 2014  •  , 5 min. read A large number of state organizations and private businesses from various industry sectors in Ukraine and Poland have been targeted in recent attacks using malware designed for network discovery and remote code execution,…

Read More
08 Apr

Patch Tuesday, April 2025 Edition

Information, Insights

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users. The zero-day flaw already seeing exploitation is CVE-2025-29824, a local elevation of privilege bug in the Windows Common Log File System (CLFS)…

Read More
04 Apr

Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe

Information, Insights

A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to reopen a number of adjudicated cases in which the expert’s testimony may have been pivotal. One might conclude from reading Mr. Lanterman’s LinkedIn profile that has a degree from…

Read More
04 Apr

Ivanti Releases Security Updates for Connect Secure, Policy Secure & ZTA Gateways Vulnerability (CVE-2025-22457)

Attacks, Insights, Malware

Ivanti released security updates to address vulnerabilities (CVE-2025-22457) in Ivanti Connect Secure, Policy Secure & ZTA Gateways. A cyber threat actor could exploit CVE-2025-22457 to take control of an affected system. CISA has added CVE-2025-22457 to its Known Exploited Vulnerabilities Catalog. See the following resources for more guidance: April Security Update | Ivanti April Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457) Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)…

Read More
03 Apr

NSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on “Fast Flux,” a National Security Threat

Attacks, Insights, Malware

Today, CISA—in partnership with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ)—released joint Cybersecurity Advisory Fast Flux: A National Security Threat (PDF, 841 KB). This advisory warns organizations, internet service providers (ISPs), and cybersecurity service providers of the ongoing threat of fast flux enabled malicious activities and provides guidance on…

Read More
30 Mar

How Each Pillar of the 1st Amendment is Under Attack

Information, Insights

“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.” -U.S. Constitution, First Amendment. Image: Shutterstock, zimmytws. In an address to Congress this month, President Trump claimed he had “brought free speech back to America.” But barely two months into…

Read More
28 Mar

CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure

Attacks, Insights, Malware

CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the SPAWNCHIMERA[1] malware variant, including surviving reboots; however, RESURGE contains distinctive commands that alter its behavior. These commands:  Create a web shell, manipulate integrity checks, and modify files.  Enable the use of web shells for credential harvesting, account creation, password resets, and escalating permissions.  Copy the web…

Read More