45 matches found
Predicting 2026
Welcome to this week's edition of the Threat Source newsletter. It's become traditional at this time of year to make predictions about cybersecurity for the coming year. Obviously, no one has a crystal ball to predict the future, and if they did, they would be quietly making a fortune rather than...
Friday Squid Blogging: Squid Camouflage
New research: Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have focused on benthic species of octopus and cuttlefish, while studies on squid focused mainly on the...
The CISO imperative: Building resilience in an era of accelerated cyberthreats
The latest Microsoft Digital Defense Report 2025 paints a vivid picture of a cyberthreat landscape in flux. The surge in financially motivated cyberattacks and the persistent risk of nation-state actors demand urgent attention. But for those of us in the Office of the Chief Information Security...
Towards Proactive Defense against Cyber Cognitive Attacks
Cyber cognitive attacks leverage disruptive innovations DIs to exploit psychological biases and manipulate decision-making processes. Emerging technologies, such as AI-driven disinformation and synthetic media, have accelerated the scale and sophistication of these threats. Prior studies primaril...
Android botnet BadBox largely disrupted
Removing 24 malicious apps from the Google Play store and silencing some servers almost halved a botnet known as BadBox. The BadBox botnet focuses on Android devices, but not just phones. It also affects other devices like TV streaming boxes, tablets, and smart TVs. The German BSI Federal Office...
The Most Dangerous People on the Internet in 2023
From Sam Altman and Elon Musk to ransomware gangs and state-backed hackers, these are the individuals and groups that spent this year disrupting the world we know it...
Hacker Group Linked to Russian Military Claims Credit for Cyberattack on Kyivstar
A hacker group calling itself Solntsepek—previously linked to Russia’s notorious Sandworm hackers—says it carried out a disruptive breach of Kyivstar, a major Ukrainian mobile and internet provider...
Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years
An Indian hack-for-hire group targeted the U.S., China, Myanmar, Pakistan, Kuwait, and other countries as part of a wide-ranging espionage, surveillance, and disruptive operation for over a decade. Indian security firm under scrutiny, according to an in-depth analysis from SentinelOne, began as a...
China Hacks US Critical Networks in Guam, Raising Cyberwar Fears
Researchers say the state-sponsored espionage operation may also lay the groundwork for disruptive cyberattacks...
CISA issues alert with South Korean government about DPRK's ransomware antics
CISA and other federal agencies were joined by the National Intelligence Service NIS and the Defense Security Agency of the Republic of Korea ROK in releasing the latest cybersecurity advisory in the US government's ongoing StopRansomware effort. This alert highlights continuous state-sponsored...
The Most Dangerous People on the Internet in 2022
From SBF to the GRU, these were the most disruptive forces of online chaos this year...
Ukraine war spotlights agriculture sector's vulnerability to cyber attack
By Joe Marshall. The war in Ukraine has caused massive problems for global food supplies, underscoring the high impact of disruptive events to agriculture entities and related organizations. The challenges to the Ukrainian agriculture sector imposed by the war--and global ripple effects--have bee...
Iranian Hackers Likely Behind Disruptive Cyberattacks Against Albanian Government
A threat actor working to further Iranian goals is said to have been behind a set of damaging cyberattacks against Albanian government services in mid-July 2022. Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a "geographic expansion of Iranian disruptive...
The Limits of Cyber Operations in Wartime
Interesting paper by Lennart Maschmeyer: "The Subversive Trilemma: Why Cyber Operations Fall Short of Expectations": Abstract: Although cyber conflict has existed for thirty years, the strategic utility of cyber operations remains unclear. Many expect cyber operations to provide independent utili...
Palo Alto Networks PAN-OS 8.1.x < 8.1.23 / 9.0.x < 9.0.16 / 9.1.x < 9.1.13 / 10.0.x < 10.0.10 / 10.1.x < 10.1.5 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.23 or 9.0.x prior to 9.0.16 or 9.1.x prior to 9.1.13 or 10.0.x prior to 10.0.10 or 10.1.x prior to 10.1.5. It is, therefore, affected by a vulnerability. - A vulnerability exists in Palo Alto Networks PAN-OS...
SHIELDS UP in bite sized chunks
Unless you are living completely off the grid, you know the horrifying war in Ukraine and the related geopolitical tensions have dramatically increased cyberattacks and the threat of even more to come. The Cybersecurity and Infrastructure Security Agency CISA provides guidance to US federal...
CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine
CISA and the Federal Bureau of Investigation FBI have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine, originally released February 26, 2022. The advisory has been updated to include additional indicators of compromise for WhisperGate and...
LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong
Law enforcement, C-suite executives and the cybersecurity community at-large have been laser-focused on stopping the expensive and disruptive barrage of ransomware attacks — and it appears to be working, at least to some extent. Nonetheless, recent moves from the LockBit 2.0 and BlackCat gangs,...
New reforms will enhance the security and resilience of Australia’s critical infrastructure
Improving the security of critical infrastructure has become the focus of many governments around the world, including Australia. This is because a failure or disruption in one area of critical infrastructure can have flow on effects that affect a nation’s security, economy and sovereignty. In th...
CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a DHEat or DHEater attack. The client needs very little CPU resources...