Information security

Information security

The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins). "The campaign relied on phishing emails with PDFs that contained embedded malicious links," Pei Han Liao, researcher with Fortinet's FortiGuard Labs, said in a report shared with The Hacker News.

In August, the New York State Department of Financial Services reached agreement with Healthplex, Inc., a licensed insurance agent and independent adjuster, to pay a $2 million civil penalty after a hacker executed a phishing attack on an employee's email and gained access to the private health data and sensitive nonpublic information of tens of thousands of Healthplex consumers. Eight years in the making, the final phase of New York's groundbreaking Cybersecurity Regulation Part 500 takes effect Nov. 1.

"Every day, organizations face a spectrum of insider risk, from accidental missteps to deliberate sabotage," states Dr. Margaret Cunningham, Vice President of Security & AI Strategy at Darktrace. "The high-profile cases we see in headlines - sabotage, bribery, espionage - are real and damaging, but they're relatively rare. The daily reality is far more mundane: employees forwarding files to personal accounts, bypassing controls to meet deadlines, or uploading sensitive data into unsanctioned AI tools. These 'tiny crimes' are normalized behaviors that, at scale, create significant organizational risk."

Travelers and fraudsters both use AI agents now, creating a challenge for fraud detection teams: How do they tell the difference between a real customer booking their own travel, an automated agent acting on behalf of a user, and an automated malicious agent that is engaging in legitimate user workflows? The problem becomes more complex as fraudsters have already tested these tactics during summer travel and are ready to exploit the busiest travel season of the year: the holidays.

The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset. That's according to new findings from Cisco Talos, which said recent campaigns undertaken by the hacking group have seen the functions of BeaverTail and OtterCookie coming closer to each other more than ever, even as the latter has been fitted with a new module for keylogging and taking screenshots.

EXPERT OPINION - In order for the U.S. to successfully compete for global influence against its adversaries and to avoid a kinetic fight, we must excel at cognitive warfare; that is military activities designed to affect attitudes and behaviors. This type of warfare is a subset of irregular warfare (IW) and combines sensitive activities to include information operations, cyber, and psychological operations to meet a goal. To develop these kinds of operations, the U.S. needs intelligence professionals who are creative and experts in their field.

Members of Gen Z are often referred to as "digital natives." They were born and raised in the internet era and have been engaging with computers, tablets, smartphones, and other connected devices from an early age. In many ways, this gives Gen Z an advantage in today's increasingly digital working environments-but that isn't always the case. In fact, research has consistently shown that each generation has its own unique blind spots when it comes to safely navigating the digital realm.

Penetration testing helps organizations ensure IT systems are secure, but it should never be treated in a one-size-fits-all approach. Traditional approaches can be rigid and cost your organization time and money - while producing inferior results. The benefits of pen testing are clear. By empowering "white hat" hackers to attempt to breach your system using similar tools and techniques to an adversary, pen testing can provide reassurance that your IT set-up is secure. Perhaps more importantly, it can also flag areas for improvement.

The activity, codenamed Operation Zero Disco by Trend Micro, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow an authenticated, remote attacker to execute arbitrary code by sending crafted SNMP packets to a susceptible device. The intrusions have not been attributed to any known threat actor or group.

His analysis cites academic research published in August as part of the USENIX Security Symposium. The paper, "Confusing Value with Enumeration: Studying the Use of CVEs in Academia," (Moritz Schloegel et al.), reports that 34 percent of 1,803 CVEs cited in research papers over the past five years either have not been publicly confirmed or have been disputed by maintainers of the supposedly vulnerable software projects. The authors argue that CVEs should not be taken as a proxy for the real-world impact of claimed vulnerabilities.

The following Resecurity report will explore the Qilin ransomware-as-a-service (RaaS) operation's reliance on bullet-proof-hosting (BPH) infrastructures, with an emphasis on a network of rogue providers based in different parts of the world. Qilin is one of the most prolific and formidable threat groups extorting organizations today. Most notably, they recently claimed responsibility for the September ransomware attack that crippled operations and manufacturing functions at Japanese brewing conglomerate, Asahi Group Holdings, for nearly two weeks.

You probably know by now that 10-year-old Windows 10 is no longer supported. Microsoft won't provide bug fixes, security patches, or other important updates to defend these PCs against new vulnerabilities. However, if you're still running Windows 10, the good news is Microsoft Defender will still protect your computer against viruses and other threats. Protected by Defender In a Tuesday blog post spotted by the folks at Neowin, Microsoft explained how Defender in its different incarnations will continue to work as expected in Windows 10.

The tech giant published its latest Microsoft Digital Defense Report on Thursday. On average, Microsoft processes over 100 trillion signals every day, blocks approximately 4.5 million new malware attempts, screens 5 billion emails for malware and phishing, and scrutinizes approximately 38 million identity risk detections, which grants the company the data needed to provide a thorough overview of current cybercriminal trends, tactics, and techniques.

"This backdoor features functionalities relying on the installation of two eBPF [extended Berkeley Packet Filter] modules, on the one hand to conceal itself, and on the other hand to be remotely activated upon receiving a 'magic packet,'" security researcher Théo Letailleur said. The infection, per the French cybersecurity company, involved the attackers exploiting an exposed Jenkins server vulnerable to CVE-2024-23897 as the starting point, following which a malicious Docker Hub image named "kvlnt/vv" (now removed) was deployed on several Kubernetes clusters.

Red Lion's Sixnet RTUs provide advanced automation, control, and data acquisition capabilities in industrial automation and control systems, primarily across energy, water, and wastewater treatment, transportation, utilities, and manufacturing sectors. These industrial devices are configured using a Windows utility called Sixnet IO Tool Kit, with a proprietary Sixnet "Universal" protocol used to interface and enable communication between the kit and the RTUs.

The NCSC also reported that hostile states are using artificial intelligence (AI) to increase the efficiency and frequency of their existing attack methods, but are not yet using the technology for novel attacks. Actors linked to China, Russia, Iran and North Korea are starting to use large language models to evade detection, exfiltrate data, research security vulnerabilities and devise social engineering to gain access to systems.

Passkeys are credentials stored in an authenticator. Some are device-bound, others are synced across devices through consumer cloud services like iCloud and Google Cloud. Sync improves usability and recovery in low-security, consumer-facing scenarios, but shifts the trust boundary to cloud accounts and recovery workflows. The FIDO Alliance and Yubico, have both issued important advisories for enterprises to evaluate this split and to prefer device-bound options for higher assurance.

Of the 183 vulnerabilities, eight of them are non-Microsoft issued CVEs. As many as 165 flaws have been rated as Important in severity, followed by 17 as Critical and one as Moderate. The vast majority of them relate to elevation of privilege vulnerabilities (84), with remote code execution (33), information disclosure (28), spoofing (14), denial-of-service (11), and security feature bypass (11) issues accounting for the rest of them.

The nmap command (short for network mapper) is a network exploration/security auditing tool that can rapidly scan networks to help you find out what hosts are available. With nmap, you can discover open ports and services, and even find out what operating systems are on your network. I've used nmap to find out what machines are on a network and what ports/services are open. If I find a port that shouldn't be open, I can close it to avoid security issues.

"A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base," Wiz security researcher Rami McCarthy said in a report shared with The Hacker News. "An attacker who discovered this issue would have been able to directly distribute malware to the cumulative 150,000 install base."