Cybersecurity researchers from Sekoia have discovered a new Adversary-in-the-Middle (AiTM) phishing kit named “Sneaky 2FA,” targeting Microsoft 365 accounts. First discovered in December last year, this phishing kit has been active since at least October 2024 and is distributed as…
Tag: Information Security Buzz
DORA Comes into Force: Experts Weigh In on Its Impact and Opportunities
Today marks the enforcement of the Digital Operational Resilience Act (DORA), a regulation aimed at strengthening the financial sector’s defenses against cyber threats and operational risks. With its focus on ICT risk management, incident reporting, and operational resilience, DORA sets…
Educate, Prepare, & Mitigate: The Keys to Unlocking Cyber Resilience
In 2024, consumers saw an array of cybersecurity incidents that impacted them directly, and in dramatic ways. From the Change Healthcare attack that impacted healthcare systems and prevented some from getting medication, to the more recent issues involving Ahold Delhaize…
O’Reilly 2025 Tech Trends: AI Skills Surge as Security Takes Center Stage
The 2025 technology landscape reveals a year of seismic shifts driven by surging interest in AI and an intensified focus on cybersecurity governance. Insights from the latest O’Reilly 2025 Technology Trends Report shed light on these pivotal changes shaping the…
DOJ, FBI Dismantle Malware Used by China-Backed Hackers in Global Operation
In an international effort, the US Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) have successfully eliminated a sophisticated malware threat known as “PlugX” from over 4,200 computers across the United States. The malware, used by bad…
Critical Infrastructure Embraces CISA CyHy Service
Critical infrastructure organization enrollment in CISA’s Cyber Hygiene (CyHy) service surged 201% between 1 August 2022, and 31 August 2024, a new report released by the US cybersecurity agency has revealed. The CISA CyHy service is a suite of free…
UK Government Seeking to ‘Turbocharge’ Growth Through AI
Earlier this week, UK Prime Minister Keir Starmer released a statement and made a subsequent speech unveiling and endorsing his government’s AI Opportunities Action Plan (AOAP). He declared Artificial intelligence (AI) to be “the defining opportunity of our generation” foreshadowing…
RansomHub Affiliates Exploit AI-Generated Python Backdoor in Advanced Cyberattacks
A sophisticated Python-based backdoor, potentially developed using AI, has been identified as a critical tool for RansomHub affiliates to infiltrate and maintain access to compromised networks. The discovery, made by Andrew Nelson, Principal Digital Forensics and Incident Response (DFIR) Consultant…
The Year of Proactive Defense: Staying Ahead of Threat Actors
As January reaches its midpoint, more cybersecurity experts have weighed in on what the year ahead holds for the industry. From the rapid advancement of artificial intelligence to evolving strategies in application security and a renewed focus on education and…
Critical RCE Vulnerability in Aviatrix Controller: Wiz Issues Urgent Patch Advisory
The Wiz Incident Response team is actively addressing multiple security incidents linked to CVE-2024-50603, a critical unauthenticated remote code execution (RCE) vulnerability in Aviatrix Controller. This flaw, rated the maximum CVSS score of 10.0, poses a severe risk of privilege…