Dark Reading: Cybersecurity News.

"Unconventional cyberattacks aim to take over PayPal accounts."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 11 January 2025, 2102 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Dark Reading

161K followers27 articles per week#security#tech

34

Most popular

Unconventional Cyberattacks Aim to Take Over PayPal Accounts

6 TTPs

•

200+by Elizabeth Montalbano, Contributing Writer / 3d

•

PayPal phishing scam exploits Microsoft 365

Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them.

Threat Actors Exploit a Critical Ivanti RCE Bug, Again

7 TTPs

•

by Nate Nelson, Contributing Writer / 3h

New year, same story. Despite Ivanti's commitment to secure-by-design principles, threat actors — possibly the same ones as before — are exploiting its edge devices for the nth time.

New Docuseries Spotlights Hackers Who Shaped Cybersecurity

31by Andrada Fiscutean / 3d

"Where Warlocks Stay Up Late" project speaks to hackers who have played pivotal roles in shaping the field of cybersecurity. The video interviews are complemented by an encyclopedia and an anthropological map.

Yesterday

China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again

7 TTPs

•

by Nate Nelson, Contributing Writer / 22h

•

CVE-2025-0282

New year, same story. Despite Ivanti's commitment to secure-by-design principles, Chinese threat actors are exploiting its edge devices for the nth time.

Fake CrowdStrike 'Job Interviews' Become Latest Hacker Tactic

8 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 1d

•

CrowdStrike phishing targets developers with

Cybercriminals are luring victims into downloading the XMRig cryptomining malware via convincing emails, inviting them to schedule fake interviews using a malicious link.

Russia Carves Out Commercial Surveillance Success Globally

Russian surveillance tech expands globally

•

by Robert Lemos, Contributing Writer / 1d

Growing sales of the System for Operative Investigative Activities (SORM), a Russian wiretapping platform, in Central Asia and Latin American suggests increasing risks for Western businesses.

The Path Toward Championing Diversity in Cybersecurity Education

by Laurie Salvail / 1d

To build a truly inclusive and diverse cybersecurity workforce, we need a comprehensive approach beyond recruitment and retention.

Jan 9, 2025

Chinese APT Group Is Ransacking Japan's Secrets

8 TTPs

•

by Becky Bracken, Senior Editor, Dark Reading / 1d

Since 2019, MirrorFace has been stealing information from myriad Japanese organizations to gain leverage over Japan in the event of hostilities between the two countries, experts said.

Banshee 2.0 Malware Steals Apple's Encryption to Hide on Macs

8 TTPs

•

20by Nate Nelson, Contributing Writer / 1d

•

Banshee Stealer evades macOS antivirus

The most recent iteration of the open source infostealer skates by antivirus programs on Macs, using an encryption mechanism stolen from Apple's own antivirus product.

Hacking Group 'Silk Typhoon' Linked to US Treasury Breach

4 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 1d

•

Chinese hackers breach US Treasury

The attack used a stolen remote support SaaS API key to exfiltrate data from workstations in the Treasury Department's Office of Foreign Assets Control.

New AI Challenges Will Test CISOs & Their Teams in 2025

by Josh Lemos / 2d

CISOs need to recognize the new threats AI can present — while also embracing AI-powered solutions to stay ahead of those threats.

Jan 8, 2025

India Readies Overhauled National Data Privacy Rules

India drafts Digital Data Protection rules

•

by Nate Nelson, Contributing Writer / 2d

The country awaits implementation guidelines for a framework that gives Indians greater autonomy and security over their personal data — and recognizes a right to personal privacy.

Fed 'Cyber Trust' Label: Good Intentions That Fall Short

White House launches Cyber Trust Mark

•

by Kristina Beek, Associate Editor, Dark Reading / 2d

The voluntary program is intended to boost consumer confidence in vulnerable IoT devices, but experts want to see vendors held to a higher standard.

CrowdStrike Achieves FedRAMP Authorization for New Modules

2d

[no content]

Trend Micro and Intel Innovate to Weed Out Covert Threats

Trend Micro Intel enhance ransomware detection

•

2d

[no content]

Green Bay Packers' Online Pro Shop Sacked by Payment Skimmer

4 TTPs

•

by Tara Seals, Managing Editor, News, Dark Reading / 2d

•

Packers Pro Shop data breach

Cyberattackers injected the NFL Wild Card team's online Pro Shop with malicious code to steal credit card data from 8,500 fans.

Zivver Report Reveals Critical Challenges in Email Security for 2025

2d

[no content]

Palindrome Technologies Approved as Cybersecurity Label Administrator for FCC's IoT Program

Palindrome Technologies approved for FCC IoT

•

2d

[no content]

Best Practices & Risks Considerations in LCNC and RPA Automation

by Jordan Bonagura / 3d

Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits.

1Password Acquires SaaS Access Management Provider Trelica

1Password acquires Trelica for security

•

by Jeffrey Schwartz / 3d

The deal will enhance 1Password Extended Access Management offering with capabilities to address challenges around software-as-a-service sprawl and shadow IT.

Jan 7, 2025

Ransomware Targeting Infrastructure Hits Telecom Namibia

3 TTPs

•

by Robert Lemos, Contributing Writer / 3d

•

Ransomware attacks on infrastructure exceed 2000

The southern African telco is the latest entity on the continent to have its critical infrastructure hacked, and attackers release sensitive info online when Telecom Namibia refuses to negotiate.

Sharing of Telegram User Data Surges After CEO Arrest

Telegram shares user data with authorities

•

by Becky Bracken, Senior Editor, Dark Reading / 3d

Until September 2024, the encrypted messaging service acceded to 14 requests for user data from the US; that number jumped to 900 after its CEO was detained by French authorities in August.

Pentagon Adds Chinese Gaming Giant Tencent to Federal Ban

US blacklists Tencent and CATL

•

by Kristina Beek, Associate Editor, Dark Reading / 4d

The sprawling social media and gaming platform says that being considered a Chinese military business must be a mistake.

CISA: Third-Party Data Breach Limited to Treasury Dept.

Collection (Enterprise TA0009)

•

by Kristina Beek, Associate Editor, Dark Reading / 4d

•

China hacks US Treasury computers

The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company, just last week.

PhishWP Plug-in Hijacks WordPress E-Commerce Checkouts

9 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 4d

•

PhishWP plugin facilitates payment scams

The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites.

Name That Edge Toon: Greetings and Salutations

by John Klossner / 4d

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

Cybercriminals Don't Care About National Cyber Policy

by Christy Wyatt / 4d

We can't put defense on hold until Inauguration Day.

Veracode Buys Package Analysis Technology From Phylum

Veracode acquires Phylum technology

•

by Fahmida Y. Rashid / 4d

The deal adds Phylum's technology for malicious package analysis, detection, and mitigation to Veracode's software composition analysis portfolio.

Will AI Code Generators Overcome Their Insecurities This Year?

by Robert Lemos, Contributing Writer / 4d

In just two years, LLMs have become standard for developers — and non-developers — to generate code, but companies still need to improve security processes to reduce software vulnerabilities.

Jan 6, 2025

In Appreciation: Amit Yoran, Tenable CEO, Passes Away

Tenable CEO Amit Yoran passes away

•

33by Dark Reading Staff / 4d

Cybersecurity industry visionary and renowned executive Amit Yoran has passed away after an almost one-year battle with cancer.

China's Salt Typhoon Adds Charter, Windstream to Telecom Victim List

Chinese hackers breach more telecoms

•

20by Kristina Beek, Associate Editor, Dark Reading / 4d

These latest attacks follow a long string of cyberattacks and breaches targeting US and global telecom and ISP companies.

FireScam Android Spyware Campaign Poses 'Significant Threat Worldwide'

IoC > 1 domain

•

by Becky Bracken, Senior Editor, Dark Reading / 4d

•

FireScam Android malware steals data

A fake Telegram Premium app delivers information-stealing malware, in a prime example of the rising threat of adversaries leveraging everyday applications, researchers say.

EagerBee Backdoor Takes Flight Against Mideast ISPs, Government Targets

10 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 5d

•

EAGERBEE malware targets Middle Eastern entities

The malware, operated by China-backed cyberattackers, has been significantly fortified with new evasive and post-infection capabilities.

IoT's Regulatory Reckoning Is Overdue

27by Carsten Rhod Gregersen / 5d

New security regulations are more than compliance hurdles — they're opportunities to build better products, restore trust, and lead the next chapter of innovation.

End of feed