Cybersecurity

Sudanese Nationals Charged in Global Cyberattack Campaign

Two Sudanese nationals have been indicted for allegedly leading Anonymous Sudan, a cybercriminal group responsible for over 35,000 Distributed Denial of Service (DDoS) attacks targeting critical infrastructure worldwide. more

NordVPN Introduces Quantum-Resilient Encryption

NordVPN, a leading VPN service provider, has unveiled its first application featuring quantum-resilient encryption – a significant advancement in cybersecurity. Post-quantum cryptography support is currently available on NordVPN’s Linux client, with plans to extend this enhanced security to all applications by early 2025. more

Has Your ISP Been Hacked? (Growing Concern Over AI-Driven Hacking)

As if we didn't have a long enough list of problems to worry about, Lumen researchers at its Black Lotus Labs recently released a blog that said that it knows of three U.S. ISPs and one in India was hacked this summer. Lumen said the hackers took advantage of flaws in software provided by Versa Networks being used to manage wide-area networks. more

Over 2 Million VPN Passwords Compromised by Malware Attacks

A recent report from Specops Software reveals alarming security vulnerabilities within VPN password systems, highlighting over two million VPN passwords stolen by malware in the past year. more

The “Pact for the Future”: A Bold Vision for Global Cooperation with Lingering Doubts on SDGs Progress

Global leaders gathered in New York at the Summit of the Future and adopted the "Pact for the Future" on Sunday 22nd September. This is a historic milestone as the Pact is the first international agreement aimed at securing a better digital future for all, grounded in human rights. The recent adoption of the "Pact for the Future" at the United Nations General Assembly marks a significant step toward revitalizing multilateral cooperation in an increasingly fragmented world. more

UN Cyberdiplomcy I: PoC, Cybercrime and the Global Digital Compact

Despite global polarization, recent UN cyber diplomacy has achieved three significant agreements in 2024: a cyber attack reporting system, a convention against cybercrime, and a "Global Digital Compact." These successes show that consensus on global issues is possible, though the vague wording of agreements raises concerns about their long-term effectiveness in ensuring security and peace. more

FBI Takes Down China-Backed Botnet, Facilitates Ransomware Negotiations

The FBI and international partners dismantled a China-backed botnet run by the Integrity Technology Group, a company linked to Chinese government espionage. more

Internet Domain Shutdowns: Ineffective and Risky, Experts Warn

Efforts to curb illegal online content through domain shutdowns are proving ineffective and carry significant risks, according to a new report by eco and its topDNS initiative. more

Cybercrime Costs German Companies €267 Billion, Organised Crime and Foreign Nations Blamed

German companies have suffered substantial financial losses due to cybercrime and sabotage, totaling approximately €267 billion ($298 billion) over the past year. This represents a 29% increase compared to the previous year, according to a survey released on Wednesday by the industry association Bitkom. more

Rising Ransomware Threats and a Record-Breaking $75M Payout

A recent report has revealed an alarming trend in ransomware attacks and a staggering $75 million ransom payout. The report by Zscaler ThreatLabz team indicates a 17.8% increase in ransomware attacks. more

Phishers Exploit the Cybercrime Supply Chain Despite the Availability of Effective Countermeasures

Interisle Consulting Group today released its fourth annual Phishing Landscape report investigating where and how cybercriminals acquire naming and hosting resources for phishing. Our study shows that cybercriminals evolved their tactics for obtaining attack resources, including sharply increasing their exploitation of subdomain and gateway providers. more

An Unnatural .Bond: A Study of a ‘Megacluster’ of Malware Domains

A recent news story, following research from security provider Infoblox, highlighted the case of the 'Revolver Rabbit' cybercriminal gang, who have registered more than half-a-million domains to be used for the distribution of information-stealing malware. The gang make use of automated algorithms to register their domains, but unlike the long, pseudo-random ('high entropy') domain names frequently associated with such tools, the Revolver Rabbit domains instead tend to consist of hyphen-separated dictionary words (presumably so as to obfuscate their true purpose), with a string of digits at the end. more

Analysis of the Global IT Breakdown Caused by Microsoft-CrowdStrike

The Optus outage in Australia from last year was immediately on my mind when on Friday afternoon a similar event swept, this time, across the world. Also, in this case it was a software update that caused the problem. This time from global security software provider CrowdStrike. The culprit appears to be an update to the CrowdStrike Falcon platform, a security monitoring tool widely deployed by businesses and organisations on Microsoft desktop computers and notebooks. more

Kaspersky Lab to Shut Down U.S. Operations Amid Federal Ban

Russian cybersecurity firm Kaspersky Lab has announced the closure of its U.S. division, resulting in layoffs for its U.S.-based employees. The decision follows a recent U.S. Commerce Department ban on the sale of Kaspersky software, effective from July 20, due to national security concerns. more

Security Lapses Lead to Squarespace Domain Hijacks

At least a dozen organizations experienced domain hijacks through the domain registrar Squarespace last week. The incidents, occurring between July 9 and July 12, primarily affected cryptocurrency businesses such as Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. more