Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Latest News

HPU Website Defaced in Cyberattack, Investigation Underway

  Shimla, June 10 — The official website of Himachal Pradesh University (HPU) experienced an unexpected breach earlier this week, when its h...

All the recent news you need to know

Hypervisor Ransomware Threat Grows: MITRE ATT&CK v17 Puts C-Suite on Alert

 

The latest update to the MITRE ATT&CK framework—version 17—has brought hypervisor security into sharp focus, prompting a necessary shift in how organizations view the core of their virtualized infrastructure. For the first time, VMware ESXi hypervisors have received a dedicated matrix within the widely adopted framework, underscoring their growing vulnerability to targeted cyberattacks. This move serves as a wake-up call for executive leadership: hypervisor security is no longer just a technical concern, but a strategic imperative. 

As enterprises increasingly rely on virtual machines to run mission-critical workloads and store sensitive data, any compromise at the hypervisor level can have devastating consequences. A single attack could trigger operational downtime, lead to failed audits, and expose the organization to compliance violations and regulatory scrutiny. Experts warn that unaddressed ESXi vulnerabilities may even be classified as preventable lapses in due diligence. 

Compounding the issue is the fact that many organizations still lack defined incident response playbooks tailored to hypervisor attacks. With MITRE ATT&CK now mapping tactics used to breach, move laterally, and deploy ransomware within hypervisors, the risks are no longer theoretical—they are measurable and real. 

To mitigate them, leadership must champion a security strategy that includes robust access controls such as multi-factor authentication, role-based permissions, lockdown policies, and virtual patching to cover unpatched or zero-day vulnerabilities. Additionally, organizations are urged to deploy runtime monitoring and align defences with the MITRE ATT&CK framework to improve security posture and audit readiness. Failing to address this blind spot could cost companies more than just operational delays—it could lead to loss of customer trust and reputational damage. 

As threat actors grow more sophisticated, overlooking the hypervisor layer is no longer an acceptable risk. The inclusion of ESXi in ATT&CK v17 represents a broader industry recognition that hypervisors must be part of the core cybersecurity conversation. For the C-suite, this means embracing their role in driving hypervisor resilience across security, infrastructure, and governance functions before an attack makes that decision for them.

Office 365's Microsoft Defender Now Thwarts Email Bombing Assaults

 

Microsoft claims that the cloud-based email security suite Defender for Office 365 can now automatically detect and prevent email bombing attacks. 

Defender for Office 365 (previously known as Office 365 Advanced Threat Protection or Office 365 ATP) guards organisations working in high-risk industries and dealing with sophisticated attackers from malicious threats delivered via email messages, links, or collaboration tools.

"We're introducing a new detection capability in Microsoft Defender for Office 365 to help protect your organization from a growing threat known as email bombing," Redmond notes in a Microsoft 365 message center update. "This form of abuse floods mailboxes with high volumes of email to obscure important messages or overwhelm systems. The new 'Mail Bombing' detection will automatically identify and block these attacks, helping security teams maintain visibility into real threats.”

In late June 2025, the new 'Mail Bombing' feature began to roll out, and by late July, it should be available to all organisations. All messages detected as being a part of a mail bombing operation will be automatically routed to the Junk folder, require no manual configuration, and be toggled on by default. 

Security operations analysts and administrators can now employ Mail Bombing as a new detection type in Threat Explorer, the Email entity page, the Email summary panel, and Advanced Hunting, the company announced over the weekend.

By leveraging specialised cybercrime services that can send a high number of emails or by subscribing to several newsletters, attackers can use mail bombing operations to bombard their targets' email inboxes with thousands or tens of thousands of messages in a matter of minutes.

In the majority of cases, the perpetrators' ultimate goal is to overwhelm email security systems as part of social engineering schemes, creating the way for malware or ransomware operations that can aid in the exfiltration of sensitive data from victims' compromised devices. 

Email bombing has been used in attacks by cybercrime and ransomware outfits for more than a year. It all started with the BlackBasta gang, who employed this approach to flood their victims' mailboxes with emails just minutes before beginning their attacks.

In order to deceive overwhelmed staff members into allowing remote access to their devices via AnyDesk or the integrated Windows Quick Assist application, they would follow up with voice phishing cold calls, pretending to be their IT support teams. Before unleashing ransomware payloads, the attackers would proceed laterally through corporate networks after penetrating their systems and deploying a variety of malicious tools and malware implants.

Chinese Scientists Develop Quantum-Resistant Blockchain Storage Technology

 

A team of Chinese researchers has unveiled a new blockchain storage solution designed to withstand the growing threat posed by quantum computers. Blockchain, widely regarded as a breakthrough for secure, decentralized record-keeping in areas like finance and logistics, could face major vulnerabilities as quantum computing advances. 

Typically, blockchains use complex encryption based on mathematical problems such as large-number factorization. However, quantum computers can solve these problems at unprecedented speeds, potentially allowing attackers to forge signatures, insert fraudulent data, or disrupt the integrity of entire ledgers. 

“Even the most advanced methods struggle against quantum attacks,” said Wu Tong, associate professor at the University of Science and Technology Beijing. Wu collaborated with researchers from the Beijing Institute of Technology and Guilin University of Electronic Technology to address this challenge. 

Their solution is called EQAS, or Efficient Quantum-Resistant Authentication Storage. It was detailed in early June in the Journal of Software. Unlike traditional encryption that relies on vulnerable math-based signatures, EQAS uses SPHINCS – a post-quantum cryptographic signature tool introduced in 2015. SPHINCS uses hash functions instead of complex equations, enhancing both security and ease of key management across blockchain networks. 

EQAS also separates the processes of data storage and verification. The system uses a “dynamic tree” to generate proofs and a “supertree” structure to validate them. This design improves network scalability and performance while reducing the computational burden on servers. 

The research team tested EQAS’s performance and found that it significantly reduced the time needed for authentication and storage. In simulations, EQAS completed these tasks in approximately 40 seconds—far faster than Ethereum’s average confirmation time of 180 seconds. 

Although quantum attacks on blockchains are still uncommon, experts say it’s only a matter of time. “It’s like a wooden gate being vulnerable to fire. But if you replace the gate with stone, the fire becomes useless,” said Wang Chao, a quantum cryptography professor at Shanghai University, who was not involved in the research. “We need to prepare, but there is no need to panic.” 

As quantum computing continues to evolve, developments like EQAS represent an important step toward future-proofing blockchain systems against next-generation cyber threats.

FBI Urges Airlines to Prepare for Evolving Threat Scenarios

 


Federal investigators have warned that the cyberextortion collective known as Scattered Spider is steadily expanding its reach to cover airlines and their technology vendors, a fresh alarm that has just been sounded for the aviation sector. According to an FBI advisory, the syndicate, already infamous for having breached high-profile U.S. casinos, Fortune 500 companies, and government agencies, relies more on social engineering tactics than malicious software. 

As it masquerades as a legitimate employee or trusted contractor, its operatives communicate with help desk staff, request credentials to be reset, or convince agents to enrol rogue devices in multi-factor authentication. The carefully orchestrated deceptions enable privileged network access, resulting in data exfiltration and ransomware deployment by enabling the exploitation of malicious malware. 

In a statement published by the Bureau, it stressed that the threat "remains ongoing and rapidly evolving," and encouraged organisations to report intrusions as soon as possible, as well as reiterating its longstanding prohibition against paying ransom. A loosely organised, but extremely effective group of cybercriminals, dominated by English-speaking cybercriminals, many of whom are teenagers or young adults, is regarded by experts as Scattered Spider. 

Despite their age, the group has demonstrated a level of sophistication that rivals seasoned threat actors. The primary motive of these criminals appears to be financial gain, with most of their operations focused on stealing and extorting corporate data in the form of ransom payments and extortion. Once the attackers obtain access to sensitive data, they often exfiltrate it for ransom or resale it on the underground market, and in many instances, they use ransomware to further compel victims to cooperate. 

The distinctiveness of Scattered Spider from other cybercriminal groups lies in the way it uses social engineering tactics to gain an advantage in cybercrime. Instead of relying heavily on malware, the group utilises psychological manipulation to attack organisations' vulnerabilities. In order to pressure employees, particularly employees who work at the help desk, to surrender their access credentials or override security protocols, phishing campaigns, impersonation schemes, and even direct threats are often used. 

Some reports have indicated that attackers have used coercion or intimidation to access support staff in an attempt to expedite access to the system. As a result of the group's reliance on human engineering rather than technology tools, they have been able to bypass even the most advanced security measures, making them especially dangerous for large organisations that utilise distributed and outsourced IT support services. Their tactical changes reflect a calculated approach to breaching high-value targets swiftly, stealthily, with minimal resistance, and with speed. 

There was a stark public warning released by the Federal Bureau of Investigation on June 27, 2025, stating that the United States aviation industry is now firmly under threat from a wave of cyber-aggression that is escalating rapidly. It has been observed that, unlike traditional threats that involved physical attacks, these new threats come from highly skilled cybercriminals rather than hijackers. 

There is a cybercrime group known as Scattered Spider at the forefront of this escalating threat, widely regarded to be among the most sophisticated and dangerous actors in the digital threat landscape. The group, which was previously known for its high-impact breaches on major hospitality giants such as MGM Resorts and Caesars Entertainment, has now switched its attention to the aviation sector, signalling that the group has taken a key step in changing the way it targets the aviation sector. 

At a time when geopolitical instability worldwide is at its peak, this warning has an even greater urgency than ever. Having large-scale cyberattacks on airline infrastructure is no longer just a theoretical possibility—it has become a credible threat with serious implications for national security, economic stability, and public safety that cannot be ignored. 

A new generation of malware-driven operations, Scattered Spider, utilising advanced social engineering techniques for infiltration into networks, as opposed to traditional malware-based attacks. It has been reported that members of the group impersonate legitimate employees or contractors and make contact with internal help desks by creating convincing narratives that manipulate agents into bypassing multi-factor authentication protocols. 

Once they have entered a network, they usually move laterally with speed and precision to gain access to sensitive data and systems. Researchers from Google's Mandiant division have confirmed the group's advanced capabilities in the field of cybersecurity. According to the Chief Technology Officer of Mandiant, Charles Carmakal, Scattered Spider is adept at maintaining persistence within compromised systems, moving laterally, and elevating privileges as quickly as possible. 

It is common knowledge that a group of individuals capable of deploying ransomware within hours of first access to their computer systems are capable of doing so, thereby leaving very little time for detection and response. As a result of the FBI's warning, airlines and their vendors need to increase access controls, train their staff against social engineering, and report suspicious activity immediately. 

There has been some observation from cybersecurity experts that Scattered Spider has previously targeted a broad range of high-value sectors, such as finance, healthcare, retail, as well as the gaming industry, in the past. However, as the group appears to be shifting its focus to the aviation sector, a domain that possesses an extremely wide-open attack surface and is particularly vulnerable. 

It is important to note that the airline industry heavily relies on interconnected IT infrastructure as well as third-party service providers, which makes it extremely vulnerable to cascading effects in the case of a breach. A single compromised vendor, especially one with access to critical systems like maintenance platforms, reservation networks, or crew scheduling tools, might pose an immediate threat to multiple airline customers. 

It is the FBI's latest advisory, in which they emphasise the urgency and the evolving nature of this threat, encouraging airlines and their related vendors to reevaluate their security protocols internally and to strengthen them. Organisations are encouraged to strengthen their identity verification procedures, particularly when dealing with IT-related requests involving password resets, reconfiguring multi-factor authentication (MFA), or access permissions that are related to IT.

According to the Bureau, stricter controls should be implemented over privileged access, and staff members should be trained and made aware of social engineering tactics, as well as closely monitoring for unusual activity, such as attempts to log in from unfamiliar locations or devices that have not been previously associated with an account. The report of suspected intrusions must also be done quickly and efficiently. 

In addition to the FBI’s emphasis on early notification, law enforcement and intelligence agencies are able to trace malicious activity more effectively, which can limit the damage and prevent further compromise if it is caught in the first place. Scattered Spider has been involved in several previous operations in which not only has it stolen data, but it has also extorted money. It frequently threatens to release or encrypt sensitive data until ransom demands are met. 

Despite the fact that there is no evidence to suggest that flight safety has been directly affected, the nature of the intrusions has raised serious concerns. In light of the potential vulnerability of systems that process passenger information, crew assignments, and operational logistics, the risk for business continuity, and by extension, public trust, remains high. 

Aviation is now being called upon to act decisively in order to combat the threat of cybercriminal groups like Scattered Spider, which is not merely a back-office function but rather a core component of operational resilience. The airline IT departments, the helpdesk teams at the airlines, and third-party vendors must all implement robust identity verification processes as well as technical safeguards in order to combat the growing threat posed by cybercriminal groups like Scattered Spider. 

Among the most urgent priorities right now is strengthening the frontline defences at the level of the help desk, where attackers often exploit human error and the inexperience of employees. According to security experts, callback procedures should be established with only pre-approved internal contact numbers, callers should be required to verify a non-obvious “known secret” such as an internal training code, and a dual-approval policy should be implemented when performing sensitive actions such as resets of multi-factor authentication (MFA), especially when those accounts are privileged. 

Also, every identity enrollment should be logged and audited, with a Security Information and Event Management (SIEM) system able to trigger real-time alerts that flag suspicious behaviour. In addition, airlines are being advised to implement enhanced access controls immediately on a technical front. In combination with velocity rules, conditional access policies can be used to block login attempts and MFA enrollments from geographically improbable or high-risk locations. 

A just-in-time (JIT) privilege management process should replace static administrative access, limiting access to restricted areas of the system within limited time windows, sometimes just minutes, so that attack opportunities are reduced. Endpoint detection and response (EDR) tools must be deployed on virtual desktop environments and jump hosts so as to detect credential theft in real time. DNS-layer isolation will also provide a way for you to block outbound connections to attacker-controlled command-and-control (C2) servers, thereby preventing outbound connections from the attacker. 

There are five crucial pillars necessary to build an incident response plan tailored to aviation: identification, containment, eradication, recovery, and communication. It is essential to monitor the logs of identity providers continuously, 24 hours a day, 7 days a week, in order to detect suspicious activity early on. If an account is compromised, immediate containment measures should be triggered, including the disabling of affected accounts and the freezing of new MFA enrollments. 


In the eradication phase, compromised endpoints are reimaged and credentials are rotated in both on-premise and cloud-based identity management systems, and in the recovery phase, systems must be recovered from immutable, clean backups, and sensitive passenger data must be validated to ensure that the data is accurate. A crucial part of the process has to do with communication, which includes seamless coordination with regulatory organisations such as the Transportation Security Administration (TSA) and the Cybersecurity and Infrastructure Security Agency (CISA), as well as internal stakeholders inside and outside the organisation.

Additionally, third-party vendors, such as IT service providers, ground handlers, and catering contractors, must also be stepped up in terms of their security posture. These organisations are often exploited as entry points for island-hopping attacks, which must be taken into account. This risk can be reduced by aligning vendor identity verification protocols with those of the airlines they serve, reporting any suspicious activity related to MFA within four hours, and performing regular penetration tests, especially those that simulate social engineering attacks, in order to reduce this risk. 

Ultimately, the broader transportation sector must acknowledge that people are the weakest link in today’s threat landscape and not passwords. A zero-trust approach to help desk operations must be adopted, including scripted callbacks, rigorous identification verifications, and mandatory dual-approval processes. 

Managing coordinated threats can become increasingly challenging as ISACs (Information Sharing and Analysis Centres) play an important role in enabling rapid, industry-wide information sharing. As isolated organisations are often the first to fall victim, ISACs can play an essential role in protecting against coordinated threats. Furthermore, security budgets need to prioritise human-centred investments, such as training and resilient response procedures, rather than just the latest security technologies. 

Currently, the aviation industry faces a rapidly evolving landscape of cyber threats, particularly from adversaries as resourceful and determined as Scattered Spider. To counter these threats, both airlines and the broader ecosystem should adopt a proactive cybersecurity posture that is forward-looking. Security is no longer reactive. A proactive, intelligently driven defence must now take precedence, combining human vigilance, procedural discipline, and adaptive technology to ensure its effectiveness. 

In order to achieve this, organisations need to develop zero-trust architectures, foster a culture of security at every operational level, and integrate cybersecurity into every strategic decision they make. As a result, cross-sector cooperation should transcend compliance checklists and regulatory requirements, but instead evolve into a dynamic exchange of threat intelligence, defence tactics, and incident response insights that transcend compliance checklists and regulatory obligations. 

In the era of convergent digital and physical infrastructures, cyber complacency could lead to catastrophic outcomes that will undermine not only the continuity of operations but also public trust as well as national resilience. There is now an opportunity for aviation leaders to rethink cybersecurity as not just a technical issue, but as a strategic imperative integral to ensuring global air travel is safe, reliable, and profitable into the future.

Ditch Passwords, Use Passkeys to Secure Your Account

Ditch Passwords, Use Passkeys to Secure Your Account

Ditch passwords, use passkeys

Microsoft and Google users, in particular, have been warned about ditching passwords for passkeys. Passwords are easy to steal and can unlock your digital life. Microsoft has been at the forefront, confirming it will delete passwords for more than a billion users. Google, too, has warned that most of its users will have to add passkeys to their accounts. 

What are passkeys?

Instead of a username and password, passkeys use our device security to log into our account. This means that there is no password to hack and no two-factor authentication codes to bypass, making it phishing-resistant.

At the same time, the Okta team warned that it found threat actors exploiting v0, an advanced GenAI tool made by Vercelopens, to create phishing websites that mimic real sign-in webpages

Okta warns users to not use passwords

A video shows how this works, raising concerns about users still using passwords to sign into their accounts, even when backed by multi-factor authentication, and “especially if that 2FA is nothing better than SMS, which is now little better than nothing at all,” according to Forbes. 

According to Okta, “This signals a new evolution in the weaponization of GenAI by threat actors who have demonstrated an ability to generate a functional phishing site from simple text prompts. The technology is being used to build replicas of the legitimate sign-in pages of multiple brands, including an Okta customer.”

Why are passwords not safe?

It is shocking how easy a login webpage can be mimicked. Users should not be surprised that today’s cyber criminals are exploiting and weaponizing GenAI features to advance and streamline their phishing attacks. AI in the wrong hands can have massive repercussions for the cybersecurity industry.

According to Forbes, “Gone are the days of clumsy imagery and texts and fake sign-in pages that can be detected in an instant. These latest attacks need a technical solution.”

Users are advised to add passkeys to their accounts if available and stop using passwords when signing in to their accounts. Users should also ensure that if they use passwords, they should be long and unique, and not backed up by SMS 2-factor authentication. 

IdeaLab Data Breach Exposes Sensitive Employee Information: Hackers Leak 137,000 Files Online

 

IdeaLab has begun notifying individuals whose personal data was compromised in a cybersecurity incident that occurred last October, when malicious actors infiltrated the company’s network and accessed confidential information.

Although the company did not specify the precise nature of the attack, the breach was claimed by the Hunters International ransomware group, which later published the stolen files on the dark web.

Founded in 1996, IdeaLab is a prominent California-based technology incubator known for launching over 150 companies, including GoTo.com, CitySearch, eToys, Authy, Pet.net, Heliogen, and Energy Vault. As one of the most established venture capital firms in the United States, IdeaLab has driven substantial economic growth, job creation, and investment returns over nearly three decades.

Suspicious activity was first detected on IdeaLab’s systems on October 7, 2024. A subsequent investigation revealed that unauthorized access began three days earlier. To respond, the company engaged external cybersecurity experts to conduct a thorough assessment, which concluded on June 26, 2025.

Investigators confirmed that data belonging to current and former employees, support service contractors, and their dependents had been stolen. In regulatory disclosures, IdeaLab stated that the compromised records included names along with various other sensitive details, though the exact types of data were not fully disclosed.

On October 23, 2024, after what appears to have been a failed extortion attempt, Hunters International published approximately 137,000 files—totaling 262.8 gigabytes. While the download link has since become inactive, security analysts believe other cybercriminals likely retrieved the files prior to removal.

Earlier today, the threat actor announced it was shutting down Hunters International operations, deleting all extortion-related data and offering free decryption keys to victims. However, cybersecurity researchers at Group-IB previously reported that the group had already begun transitioning to a new extortion-focused platform named World Leaks, suggesting this shutdown could be a strategic rebrand.

To help mitigate potential harm, IdeaLab is providing affected individuals with complimentary 24-month access to credit monitoring, identity theft protection, and dark web surveillance services through IDX. Impacted parties must enroll by October 1 to take advantage of these resources.

Over 40 Malicious Crypto Wallet Extensions Found on Firefox Add-Ons Store

 

In a disturbing cybersecurity development, researchers at Koi Security have uncovered more than 40 malicious Firefox browser extensions impersonating popular cryptocurrency wallets. These extensions, found on Mozilla’s official add-ons store, are designed to steal sensitive wallet credentials and recovery phrases from unsuspecting users. The deceptive add-ons pose as legitimate wallets from major crypto service providers including Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, and MyMonero. 

By cloning the open-source versions of these tools and embedding malicious code, the attackers aim to harvest users’ seed phrases—sensitive keys that grant full access to cryptocurrency funds. According to Koi Security’s report shared with BleepingComputer, the malicious extensions include event listeners that monitor users' activity in the browser. These scripts specifically look for text inputs longer than 30 characters—a common trait of seed phrases—and quietly send the captured data to attacker-controlled servers. Error messages that could potentially alert users are cleverly hidden using CSS tricks that make the alerts invisible. 

The theft of a seed phrase enables full access to a user's crypto wallet and is often irreversible, with the fraudulent transaction appearing legitimate on the blockchain. The campaign has reportedly been active since at least April, and new extensions continue to surface on the Firefox store, with the latest additions detected just last week. Many of the fraudulent extensions use authentic logos of trusted brands and are bolstered by fake five-star reviews to enhance credibility. 

However, some also display one-star warnings from users who likely fell victim to the scam. Mozilla has acknowledged the issue, confirming it is part of a broader trend targeting the Firefox add-ons ecosystem. The company says it has deployed an early detection system that flags risky extensions based on automated risk indicators, triggering manual reviews for further action. 

In a statement to BleepingComputer, a Mozilla spokesperson said, “We are aware of attempts to exploit Firefox’s add-ons ecosystem using malicious crypto-stealing extensions. Through improved tooling and process, we have taken steps to identify and take down such add-ons quickly.” Mozilla noted that many of the add-ons highlighted by Koi Security had already been removed before the publication of the report. However, the company continues to review remaining flagged extensions and has reaffirmed its commitment to user safety. 

Despite Mozilla's efforts, Koi Security says several of the fake extensions remain live on the platform. The cybersecurity firm used Mozilla’s official reporting tools to alert the company but stresses that more action is needed.