Infosec.Pub

cross-posted from: https://lemmy.sdf.org/post/35083943

Archived

Advanced persistent threat (APT) groups with ties to China have become persistent players in the cyber espionage landscape, with a special emphasis on European governmental and industrial entities, according to a thorough disclosure from ESET’s APT Activity Report for Q4 2024 to Q1 2025.

The report, covering activities from October 2024 to March 2025, highlights the sophisticated tactics and tools employed by these threat actors to infiltrate sensitive networks.

[...]

These diverse and innovative techniques illustrate the persistent dedication of China-aligned APTs to espionage, often prioritizing long-term access over immediate financial returns.

The ESET report emphasizes that the highlighted operations are merely a snapshot of the broader threat landscape, with intelligence derived from proprietary telemetry data and verified by expert researchers.

The sustained focus on European targets by these APT groups signals a strategic intent to gather sensitive political and industrial intelligence, potentially influencing geopolitical dynamics.

[...]

Comments

Generate SVG images for handy useful glyphs, org/markdown badges and more, from Lisp (Guile Scheme)

https://codeberg.org/jjba23/ggg

Be proud and appreciate technologies and techniques you use, distinguish clearly supported versions of things, etc. With flexible support for badges between one and three parts.

Through SVG generation from Lisp (Guile Scheme) we leverage a beautiful DSL and apply some mathematical knowledge to build pixel perfect badges. These SVG can then be easily converted without quality loss to any desired format.

With GGG, you have the power to create your own badges and images with a consistent and clean aesthetic.

We use GenAI at work to make tasks easier, but are we aware of the risks? According to Netskope, the average organization now shares more than 7.7GB of data with AI tools per month, and 75% of enterprise users are accessing applications with GenAI features. The dark side of GenAI The fact that 89% of organizations have zero visibility into AI usage reveals a gap in oversight and control. On top of that, 71% of … More → The post Be careful what you share with GenAI tools at work appeared first on Help Net Security.

A sophisticated search engine optimization (SEO) poisoning attack has emerged, targeting employees through their mobile devices with fake login pages that mimic legitimate corporate portals. The attack, which has already affected organizations in the manufacturing sector, enables hackers to steal employee credentials, access payroll systems, and redirect salary payments to attacker-controlled accounts. This deceptive campaign […] The post Hackers Attacking Employees Mimic as Organizations to Steal Payroll Logins & Reroute Payments appeared first on Cyber Security News.

From Input Output via this RSS feed

Even after its refurbishing, Recall provides few ways to exclude specific apps.

A summer reading insert recommended made-up titles by real authors such as Isabel Allende and Delia Owens. The Sun-Times and The Philadelphia Inquirer have apologized.

The Nordic Model criminalizes buyers of sex in multiple European countries (and Maine). Sweden just voted to expand its reach to the internet.

The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. [...]

From IOG Academy via this RSS feed

Popular VR game Gorilla Tag partnered with the company k-ID to comply with age verification laws.

Credit card theft losses in 2023 alone totaled $36.5M International cops working with Microsoft have shut down infrastructure and seized web domains used to run a distribution service for info-stealing malware Lumma. Criminals paid $250 to $1,000 a month to get access to the infostealer.…

The company expects it will continue to struggle with online disruptions until at least July, due to the attack.

Experts tell CyberScoop that the U.S. telecom system is just too technologically fragmented to gather a clear picture of threats, and too big to ever fully eject all espionage efforts. The post A house full of open windows: Why telecoms may never purge their networks of Salt Typhoon appeared first on CyberScoop.

This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.

Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.

This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.

Social engineering used on outsourcer.

Attackers have made a decisive switch toward stealthy, identity-centric attacks. Forget breaking in – modern cybercriminals simply log in. And that should be a concern. According to the IBM X-Force 2025 Threat Intelligence Index, nearly one-third of intrusions in 2024 were initiated not through sophisticated attacks, but through valid account exploitation. Moreover, phishing-delivered infostealers surged, quietly harvesting credentials to fuel subsequent attacks, while slow patch cycles and unpatched public-facing applications continue to provide gateways for compromise. Let’s dive into that...

At yesterday’s I/O conference, Google announced plans to start putting its AI chatbot, Gemini, in a variety of different places, including cars. Today, Volvo said it was shoving its way to the front of the line to be the first to receive the new tech. Volvo said it was expanding its preexisting partnership with Google […]

Microsoft Deployment Toolkit (MDT) shares, an often-overlooked infrastructure component, can be a goldmine of credentials for attackers. A new report published by TrustedSec highlights how red teams can easily extract domain administrator credentials from misconfigured MDT deployments, potentially leading to complete network compromise. While security professionals have long focused on System Center Configuration Manager (SCCM) […] The post Extracting Credentials from Microsoft Deployment Toolkit Shares – Red Teaming appeared first on Cyber Security News.

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.