Cybersecurity
TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks
In this blogpost, ESET researchers provide an analysis of Spellbinder, a lateral movement tool for performing adversary-in-the-middle attacks, used by the China-aligned threat actor that we have named TheWizards. Spellbinder enables adversary-in-the-middle (AitM) attacks, through IPv6 stateless address autoconfiguration (SLAAC) spoofing, to move laterally in the compromised network, intercepting packets and redirecting the traffic of…
Why top SOC teams are shifting to Network Detection and Response
Security Operations Center (SOC) teams are facing a fundamentally new challenge — traditional cybersecurity tools are failing to detect advanced adversaries who have become experts at evading endpoint-based defenses and signature-based detection systems. The reality of these “invisible intruders” is driving a significant need for a multi-layered approach to detecting threats, including Network Detection and…
The 14 most valuable cybersecurity certifications
Exam fee: US$575, members; US$760, non-members Why it’s on our list: CISA is a highly regarded certification with strong industry recognition. It appears frequently on industry lists, and 45,775 job postings explicitly seek candidates with this credential. With over 151,000 certified professionals, CISA offers a vast networking pool of auditors and security experts and an…
End users can code with AI, but IT must be wary | TechTarget
Though most of my vibe coding — a term I’m not in love with — has been around hobbies, a fair amount is in support of work-related projects. In fact, my colleague Tyler Shields recently wrote about his experience with vibe coding and how he used it to build a tool that helps with…
HPE strengthens hybrid cloud and connectivity with Aruba Networking and GreenLake security upgrades – Help Net Security
Hewlett Packard Enterprise has announced expansions of HPE Aruba Networking and HPE GreenLake cloud to help enterprises modernize secure connectivity and hybrid cloud operations by blending multi-layered and zero trust approaches to protect against threats. These new expansions include: New cloud-based access control security capabilities of HPE Aruba Networking Central, which accelerate enterprise-grade zero trust…
Finding Minhook in a sideloading attack – and Sweden too
Late in 2023 and during the first half of 2024, we monitored an attack campaign targeting several of our customers in multiple locations. Though the attack attempts dropped a Cobalt Strike payload, which could have led to any number of further activities, the information we were able to glean from our detections causes us to…
How fraudsters abuse Google Forms to spread scams
The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe. 23 Apr 2025 • , 5 min. read When Google enters a particular market, it often means bad news for the incumbents. So it was with Google Forms, the tech giant’s form and quiz-building tool that…
North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures
North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. “In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry—BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)—to spread malware via…
Trump Revenge Tour Targets Cyber Leaders, Elections – Krebs on Security
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs’s employer SentinelOne, comes as…
Die Bösen kooperieren, die Guten streiten sich
Eine Koalition einflussreicher CISOs sieht den G7-Gipfel 2025 als ideale Gelegenheit, die G7- und OECD-Mitgliedsstaaten zu einer stärkeren Zusammenarbeit und Harmonisierung der Cybersicherheitsvorschriften zu bewegen. Maxx-Studio – shutterstock.com Da Cyberangriffe immer weiter zunehmen und internationale Banden vermehrt miteinander kooperieren, bedarf es einer stärkeren, grenzüberschreitenden Zusammenarbeit der „Guten“. Das zumindest behaupten Führungskräfte namhafter Unternehmen wie Salesforce,…