The NCSC released guidance for operational technology (OT) organizations on migrating their SCADA systems to the cloud. This guidance aims to help organizations assess the benefits and risks of cloud-hosted SCADA to make informed decisions.
This campaign is noteworthy as it uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website.
Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise.
The victims were lured into slavery with false job offers and were forced to adopt fake identities to extract money from their victims through promises of cryptocurrency wins, investments, and romance.
The APT campaign targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa. It exploits public-facing servers and sends spear-phishing emails to deliver backdoors.
Moldovan national Sandu Boris Diaconu was sentenced to 42 months in federal prison for operating the E-Root cybercrime marketplace, which facilitated the sale of compromised computer credentials.
MediaWorks, a company based in New Zealand, says it is investigating an alleged security incident after a hacker claimed to have stolen the data of just over 2.4 million people and began targeting individuals for extortion payments.
Historical domain registration records suggest that the founder of Onerep, Dimitri Shelest, has been involved in numerous people-search services, indicating potential conflicts of interest.
Concerns are especially high in the public sector, with 87% worrying about employee email and social media lapses damaging their institutions, according to a Mimecast report.
North Korea’s Lazarus hacking group has reportedly used the Tornado Cash mixing service to launder $23 million stolen during a November 2023 cyberattack on the HTX cryptocurrency exchange.