Product Security Bad Practices

As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle. This voluntary Read More …

China protests US sanctions for its alleged role in hacking, complains of foreign hacker attacks

China has slammed a decision by the U.S. Treasury to sanction a Beijing-based cybersecurity company for its alleged role in multiple hacking incidents targeting critical U.S. infrastructure, while the Chinese cyber security agency complained Monday of attacks on Chinese networks. Read More …

Ukraine Hit By Massive Cyber Attack

Ukraine government databases, described as critically important infrastructure, have been hit by a cyber attack that’s being blamed on Russia. Deputy prime minister Olha Stefanishyna said it was the largest external cyber attack on the state registers of Ukraine in recent Read More …

Dragos Industrial Ransomware Analysis Q3 2024

The third quarter (July – September) of 2024 brought transformative shifts to the ransomware landscape, emphasizing its dynamic and continuously evolving nature. The ransomware threat ecosystem remained highly active in the third quarter, fueled by new groups, rebranding of existing Read More …

US sanctions Chinese cybersecurity firm for firewall hacks targeting critical infrastructure

The U.S. sanctioned a Chinese cybersecurity company and one of its employees for exploiting a zero-day vulnerability in Sophos firewalls to target U.S. organizations. On Tuesday, the U.S. Treasury Department said Guan Tianfeng, an employee of Sichuan Silence, used the Read More …

NCIA experts enable Exercise Cyber Coalition 24

From 27 November to 6 December 2024, Exercise Cyber Coalition took place from the Cyber Range 14 in Tallinn, Estonia. Operating annually since 2008, Cyber Coalition is NATO’s flagship cyber defence exercise and one of the largest in the world. Read More …

US critical infrastructure hit once again by a new group on the scene

Storm-0227, a Chinese state-sponsored advanced persistent threat (APT) actor started targeting critical infrastructure organizations, as well as government entities, in the United States. The group abuses software vulnerabilities and engages in spear phishing attacks to gain access to people’s devices. Read More …

Enhanced Visibility and Hardening Guidance for Communications Infrastructure

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC), Canadian Cyber Security Centre (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ) warn that Read More …

FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications

In July 2024, the operational technology (OT)-centric malware FrostyGoop/BUSTLEBERM became publicly known, after attackers used it to disrupt critical infrastructure. The outage occurred after the Cyber Security Situation Center (CSSC), affiliated with the Security Service of Ukraine, disclosed details of Read More …

Singapore cyber defenders fight simulated attacks on AI-enabled systems in 4-day exercise

More technology is moving onto the cloud – meaning its data is hosted on remote servers rather than on personal devices – and integrating artificial intelligence (AI), which opens it up to new kinds of malicious attacks. To improve Singapore’s Read More …