North Korea's Lazarus hackers exploited a Windows AppLocker driver zero-day to gain kernel-level access and turn off security tools that could detect the group's bring-your-own-vulnerable-driver exploitation techniques. Microsoft fixed the bug in its February patch dump.
The U.S. presidential election is still eight months away, but the FBI is already seeing its share of cyberattacks, nation-state threats and AI-generated deepfakes. According to FBI Agent Robert K. Tripp, "We're no longer considering threats as a what-if situation; it's happening now."
Chinese threat actors are continuing to persist after exploiting the recent Ivanti Connect Secure VPN vulnerability even after factory resets, system upgrades and patches. The threat actor, UNC5325, is adept at "living off the land" techniques, warned threat intelligence firm Mandiant.
Russia's war of conquest against Ukraine grinds onward, but the number of self-proclaimed hacktivists appears to be dwindling as the strategy of temporarily disrupting the availability of high-profile websites has failed to sustain enthusiasm. Groups such as KillNet are still mostly a nuisance.
Has the U.S. created the wrong war machine? Developing and deploying advanced military technologies involves balancing the desire to improve national security with the need to navigate the ethical, strategic and existential challenges these technologies present.
Cybersecurity researchers identified a suspected Iranian espionage campaign targeting aerospace, aviation and defense industries across the Middle East. Hackers targeted employees within the aviation and defense sectors with fake job offers for tech and defense-related positions.
A campaign by Russian military intelligence to convert Ubiquiti routers into a platform for a global cyberespionage operation began as early as 2022, U.S. and foreign intelligence agencies said. The U.S. disrupted a botnet built by a hacking unit of Russian military's Main Intelligence Directorate.
In the latest "Proof of Concept," Jeff Brown, CISO for the state of Connecticut, and Lester Godsey, CISO for Maricopa County, Arizona, join ISMG editors to discuss AI-related threats to election security, safeguarding against cyber and physical threats and coordinating efforts for complete security.
North Korean espionage group TA406, aka the Konni Group, deployed information-stealing malware on a Russian government-owned software to spy on the country's foreign ministry officials. This is the latest attack in a North Korean campaign that targets Russian diplomatic activities.
The Russian intelligence hacking group known as APT29 or Cozy Bear is responding to the corporate migration to the cloud with matching hacking techniques, says an alert from international cyber agencies. Threat intelligence firms warn that APT29 has amplified its global cyberespionage operations.
Pharmacies at U.S. military hospitals and clinics worldwide are among the entities affected by the cyberattack on Optum's Change Healthcare this week, which has forced the IT services company to take many of its applications offline. Change Healthcare disconnected its IT systems on Wednesday.
As the two-year anniversary of Moscow's all-out war of conquest against Ukraine approaches, recent Russian cyber operations have focused not just on spear-phishing targets but also seeking to poison everyday Ukrainians' morale, focusing on heating outages and medical shortages.
An apparent leak of internal documents from a Chinese hacking contractor paints a picture of a disaffected, poorly paid workforce that nonetheless penetrated multiple regional governments and possibly NATO. Multiple experts told Information Security Media Group the documents appear to be legitimate.
South Korea's election watchdog warned on Monday that the parliamentary elections in April could be marred by artificial intelligence-generated deepfake campaigns aimed at influencing voters. The country's recently amended Elections Act bans the use of deepfakes for election campaigning.
In the latest weekly update, four ISMG editors discussed the relatively low profile of cyberwarfare in recent international conflicts, the potential revival of a dormant HIPAA compliance audit program and the security implications of sovereign AI development.