A California man has been sentenced to seven years in prison for his involvement in a fraudulent scheme that saw over 50 individuals and organisations lose millions of dollars.
Read more in my article on the Tripwire State of Security blog.
A California man has been sentenced to seven years in prison for his involvement in a fraudulent scheme that saw over 50 individuals and organisations lose millions of dollars.
Read more in my article on the Tripwire State of Security blog.
Chainalysis found that ransomware payments fell significantly year-over-year despite a recorded increase in the number of ransomware events in 2024
LevelBlue is pleased to announce the launch of the LevelBlue Threat Trends Report! This biannual report, which is a collaboration between various LevelBlue Security Operations teams, is a must-have for security practitioners at organizations of all sizes. It provides relevant, actionable information about ongoing threats as well as guidance on how organizations can work to secure themselves against these threats.
In this edition, our analysts review attacks and threat actor techniques observed by LevelBlue in the second half of 2024 (from June through November). Additionally, our Incident Response team, which provides support and guidance to customers during and after incidents, reviews 12 compromises, 10 of which involved known ransomware groups. In each case, the team recommends hardening and mitigation techniques that can be used to safeguard against these attacks.
Other report highlights include:
Phishing-as-a-Service (PhaaS) is on the rise. The report contains an in-depth analysis of RaccoonO365, a recently identified PhaaS kit, including details on the infection process and a list of the top 10 active domains associated with RaccoonO365 based on our telemetry.
The most common attacks observed by our teams during the second half of 2024 were business email compromise (BEC). And these attacks were most successful when they combined credential harvesting techniques with phishing. Of the BEC attacks observed, 96% involved phished users.
The top five malware families observed during the second half of 2024 accounted for more than 60% of the malware hits on our customers.
At LevelBlue, our goal is not only to provide a portfolio of industry-leading managed security services to help protect organizations against threats but also to share intelligence and contribute in a meaningful way to strengthening cyber defenses across the globe.
Download the new LevelBlue Threat Trends Report for more critical insights on current and emerging threats and guidance on how to secure your organizations against them!
Indian banking malware attack exposes 50,000 users, stealing financial data via SMS interception and phishing
Microsoft’s AI Red Team just published “Lessons from
Red Teaming 100 Generative AI Products.” Their blog post lists “three takeaways,” but the eight lessons in the report itself are more useful:
Understand what the system can do and where it is applied.
You don’t have to compute gradients to break an AI system.
AI red teaming is not safety benchmarking.
Automation can help cover more of the risk landscape.
The human element of AI red teaming is crucial.
Responsible AI harms are pervasive but difficult to measure.
LLMs amplify existing security risks and introduce new ones.
The work of securing AI systems will never be complete.
The UK and its Five Eyes partners have launched new security guidance for edge device manufacturers and network defenders
Check Point has observed cybercriminals toy with Alibaba’s Qwen LLM to develop infostealers
Contrast Security reveals a 12.5% annual increase in destructive cyber-attacks on banks
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-1052.
This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-1044.