Cybersecurity
Taking the shine off BreachForums
On June 25, 2025, French authorities announced that four members of the ShinyHunters (also known as ShinyCorp) cybercriminal group were arrested in multiple French regions for cybercrime activities and involvement in the English-language underground forum known as BreachForums. The coordinated global law enforcement effort targeting the ‘ShinyHunters’, ‘Hollow’, ‘Noct’, and ‘Depressed’ personas followed the February…
You will always remember this as the day you finally caught FamousSparrow
In July 2024, ESET Research noticed suspicious activity on the system of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate the compromise, we made an unexpected discovery in the victim’s network: malicious tools belonging to FamousSparrow, a China-aligned APT group. There had been no…
Beware the Hidden Risk in Your Entra Environment
If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. A gap in access control in Microsoft Entra’s subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them. All the guest…
The CISO’s 5-step guide to securing AI operations
When ChatGPT first came out, I asked a panel of CISOs what it meant for their cybersecurity programs. They recognized impending changes, but reflected on past disruptive technologies, like iPods, Wi-Fi access points, and SaaS applications entering the enterprise. The consensus was that security AI would be a similar disrupter, so they agreed that 80%…
22 Free Cybersecurity Tools You Should Know About | TechTarget
Cybersecurity tools aren’t just for the enterprise anymore; they’re essential for every type and size of organization. Some tools specialize in antivirus, while others focus on spear phishing, network security or scripting. Even the best cybersecurity products can only do a few things very well, and there is no room for error. Effective products,…
How CISOs can justify security investments in financial terms – Help Net Security
In this Help Net Security interview, John Verry, Managing Director at CBIZ, discusses how insurers and financial risk professionals evaluate cybersecurity maturity through different lenses. He also shows how framing cyber risk in business terms can strengthen investment cases and elevate cybersecurity as a strategic driver. What should CISOs know about how insurers and financial…
Shifting the sands of RansomHub’s EDRKillShifter
ESET researchers take a look back at the significant changes in the ransomware ecosystem in 2024 and focus on the newly emerged and currently dominating ransomware-as-a-service (RaaS) gang, RansomHub. We share previously unpublished insights into RansomHub’s affiliate structure and uncover clear connections between this newly emerged giant and well-established gangs Play, Medusa, and BianLian. We…
Qilin Ransomware Adds
The threat actors behind the Qilin ransomware-as-a-service (RaaS) scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the cybercrime group intensifies its activity and tries to fill the void left by its rivals. The new feature takes the form of a “Call Lawyer” feature on the…
Foreign aircraft, domestic risks
Disclaimer: The content presented in this article is based exclusively on publicly available, unclassified information and open-source research. It does not draw upon any classified or proprietary data. The analysis is intended solely as a technical thought exercise to explore potential cybersecurity considerations in the context of legacy aircraft systems and industrial control system analogies….
What is a Risk Assessment? | Definition from TechTarget
What is a risk assessment? Risk assessment is the process of identifying hazards that could negatively affect an organization’s ability to conduct business. These assessments help identify inherent business risks and prompt measures, processes and controls to reduce the impact of these risks on business operations. Risk assessments help ensure the health and safety of…