SecureList

NOVEMBER 29, 2024

The campaign, which we dubbed EastWind , used phishing emails with malicious shortcuts attached to deliver malware to target computers. The attack starts with phishing emails purporting to be a court order or summons from an institution in Colombia’s judicial system.

Energy and Utilities 100

Energy and Utilities Ransomware Malware Government 100

SecureWorld News

APRIL 23, 2025

As the report starkly states: "The three primary ways in which attackers access an organization are stolen credentials, phishing and exploitation of vulnerabilitiesacross every single industry." Phishing accounted for nearly 25% of all breaches. Threat actors aren't brute-forcing their way inthey're logging in through the front door.

CISO 102

CISO Backups Ransomware Risk 102

Security Boulevard

MARCH 21, 2025

Migration to PQC can be viewed as any large technology transition. National Institute of Standards and Technology (NIST) last year released three quantum-resistant algorithm standards that are ready to be adopted. Thats the opinion of Consumer Reports, the Center for Democracy and Technology, the U.S.

Risk 68

Risk IoT Cybersecurity Manufacturing 68

Security Affairs

JANUARY 10, 2025

The campaign has been active since at least 2019, it targets Japanese technology and national security, evolving methods to steal advanced tech and intelligence. Campaign B (2023): Exploited software vulnerabilities in networking devices, focusing on semiconductor, manufacturing, and aerospace sectors.

Antivirus 75

Antivirus Malware System Administration Technology 75

IT Security Guru

MARCH 26, 2025

Until the last ten years or so, we would largely categorise robots as reactive with mostly industrial applications in areas like manufacturing or warehousing. world, represent perhaps the most disruptive technology to transform IT, our industries and how businesses operate. However, AI is a double-edged sword.

Cybersecurity 113

Cybersecurity Encryption Threat Detection Authentication 113

Security Affairs

MARCH 13, 2025

As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing.” ” reads the joint advisory.

Ransomware 69

Ransomware Encryption Cryptocurrency Insurance 69

Security Boulevard

MAY 2, 2025

1 - How to choose cyber secure OT products If your organization is shopping around for operational technology (OT) products, CISA published a guide in January 2025 aimed at helping OT operators choose OT products designed with strong cybersecurity features. In case you missed it, heres CISAs advice on six cybersecurity areas.

Cybersecurity 52

Cybersecurity Software Cyber Risk Risk 52

SecureList

DECEMBER 9, 2024

User data was stolen from Cisco Duo, a service that provides organizations with multi-factor authentication (MFA) and single sign-on (SSO) network access, as a consequence of a phishing attack targeting an employee of a third-party telephony provider. The breach allowed the threat actor to download SMS message logs. Why does it matter?

Internet 107

Internet Internet Risk Social Engineering 107

SecureList

DECEMBER 23, 2024

Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor ( CVE-2018-0802 ) to download and execute malware code. We’ve observed that, similar to past Cloud Atlas campaigns, phishing emails continue to be the initial access point.

Encryption 132

Encryption Penetration Testing Malware Phishing 132

SecureWorld News

FEBRUARY 24, 2025

Additionally, quantum computing could revolutionize identity and authentication systems by eliminating weaknesses in traditional authentication methods and implementing quantum-secure biometric authentication and digital signatures, thereby significantly reducing the risk of identity theft, phishing attacks, and deepfake-driven fraud.

Cybersecurity 63

Cybersecurity Encryption Cyber threats Threat Detection 63

Digital Shadows

MARCH 17, 2025

The ransomware targets unpatched internet-facing servers, impacting systems across 70+ countries in sectors like critical infrastructure, health care, governments, education, technology, manufacturing, and small- to medium-sized businesses.

VPN 133

VPN Authentication Ransomware Risk 133

SecureWorld News

JULY 10, 2025

Manufacturing and logistics firms, increasingly digitized and AI-driven, are acutely at risk: state-aligned hackers are "infiltrating the digital arteries of commerce" from ports to payment systems. Nation-state actors have experimented with implanting backdoors on hardware components during manufacturing—a nightmare scenario for detection.

Manufacturing 68

Manufacturing Software Energy and Utilities Risk 68

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. This increase is likely driven by high employee turnover and easy access to phishing kits. Meanwhile, “RansomHub” is rising rapidly due to its attractive ransomware-as-a-service (RaaS) model.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

SecureList

APRIL 25, 2025

For this purpose, the malware periodically transmits a wealth of device information (MAC address, model, CPU, manufacturer, IMEI, IMSI, etc.), However, we believe that the malware creators could also use this functionality for, say, phishing. along with the host application name and version, to its command-and-control server.

Cryptocurrency 77

Cryptocurrency Malware Firmware Accountability 77

Digital Shadows

DECEMBER 5, 2024

One private equity CISO reported a 400% increase in phishing attempts on acquired companies post-M&A deal announcements. This likely relates to the sector’s reliance on legacy systems and operational technologies, which complicate updates and incident response and are only magnified during M&A. Totaling an impressive $2.5

Cybersecurity 59

Cybersecurity Accountability Risk Software 59

Security Boulevard

MARCH 20, 2025

enterprises embrace AI to boost productivity, accelerate decision-making, and automate workflows, to name a few benefits, cybercriminals are using the same technology to automate and scale more sophisticated attacks. visibility: Get in-depth visibility into AI application trends and interactions through interactive dashboards.AI-powered

Social Engineering 75

Social Engineering Phishing Risk Insurance 75

Jane Frankland

JANUARY 12, 2025

Cybersecurity is on the brink of significant transformation as we approach 2025, grappling with escalating complexities driven by advancements in technology, increasing geopolitical tensions, and the rapid adoption of AI and IoT. Ethics The ethical challenges posed by advancing AI technologies will demand urgent attention in 2025.

Cybersecurity 130

Cybersecurity CISO Insurance IoT 130

SecureList

OCTOBER 15, 2024

SideWinder’s most recent campaign schema Infection vectors The SideWinder attack chain typically starts with a spear-phishing email with an attachment, usually a Microsoft OOXML document (DOCX or XLSX) or a ZIP archive, which in turn contains a malicious LNK file. It uses GlobalMemoryStatusEx to determine the size of RAM memory.

Malware 143

Malware Encryption Architecture Phishing 143

SecureList

DECEMBER 27, 2024

Percentage of ICS computers on which malicious objects were blocked in selected industries In the third quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased across most industries, with the exception of the biometrics and manufacturing sectors. pp) and 1.97% (by 0.01 pp), respectively.

Malware 101

Malware Spyware Internet Internet 101

Thales Cloud Protection & Licensing

MARCH 12, 2025

The FIDO (Fast Identity Online) standard has emerged as the gold standard in authentication technology, providing a robust framework for secure and convenient access. The newly introduced SafeNet eToken Fusion NFC PIV enables passwordless, phishing-resistant authentication across a wide range of devices. Trade Agreements Act (TAA).

Passwords 71

Passwords Authentication Digital transformation Government 71

Troy Hunt

MAY 5, 2025

that's where the problem lies, and I demonstrated this just recently, not intentionally, but rather entirely by accident when I fell victim to a phishing attack. Here's how it worked: I was socially engineered into visiting a phishing page that pretended to belong to Mailchimp who I use to send newsletters for this blog.

Passwords 322

Passwords Authentication Phishing Password Management 322

Security Boulevard

MARCH 17, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. The reality is, the original findings found undocumented commands - that were likely manufacturer debugging tools - shipped in the final, consumer-facing products. In theory, these could be abused for malicious actions.

Surveillance 59

Surveillance Data breaches Spyware Malware 59

SecureWorld News

MAY 8, 2025

Secure remote access to OT assets using virtual private networks (VPNs) with phishing-resistant multifactor authentication (MFA). The advisory also emphasizes the importance of regular communication with third-party managed service providers, system integrators, and system manufacturers to secure OT systems effectively.

Technology 63

Technology Internet Internet Risk 63

Security Boulevard

MARCH 3, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. The manufacturer (Hirsch) does not plan a security fix. Anyone with this default password could access these "locked" apartment complexes. While it could be changed, the device does not prompt end users to change the password.

Surveillance 52

Surveillance Data breaches Firmware Encryption 52

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing 309

Phishing Cryptocurrency DDOS Internet 309

Adam Levin

MARCH 23, 2020

Secure Your Router: If you’re still using your router’s manufacturer default password, it’s past time for a change. Be sure to change the default manufacturer password, and update software with the latest patches. Beware of Phishing Links: Phishing scams are on the rise.

Manufacturing 245

Manufacturing Passwords Phishing Firewall 245

Dark Reading

MAY 11, 2023

New "Greatness" phishing-as-a-service used in attacks targeting manufacturing, healthcare, technology, and other sectors.

Phishing 124

Phishing Manufacturing Healthcare Technology 124

Cisco Security

MAY 16, 2022

So you can imagine my relief when I found out we’d be able to help them overcome a significant manufacturing hurdle that could have brought my snack supply to a halt. Visibility into the production line, processes and vital manufacturing machines was blocked. I’ve personally tried their snacks – they’re delicious.

Manufacturing 142

Manufacturing Technology Architecture Firewall 142

The Hacker News

JANUARY 26, 2021

An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information.

Phishing 120

Phishing Social Engineering Manufacturing Engineering 120

The Hacker News

MARCH 25, 2024

The Iran-affiliated threat actor tracked as MuddyWater (aka Mango Sandstorm or TA450) has been linked to a new phishing campaign in March 2024 that aims to deliver a legitimate Remote Monitoring and Management (RMM) solution called Atera.

Phishing 120

Phishing Surveillance Manufacturing Technology 120

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin.

Ransomware 362

Ransomware Encryption Backups Manufacturing 362

The Last Watchdog

NOVEMBER 12, 2023

This is precisely what the consortium of software companies and device manufacturers, led Google, Amazon and Apple, set out to achieve when Matter was conceived four years ago. Following a successful debut in November 2022, Matter is picking up steam, Nelson told me. This same approach really could be applied to other industries.

Manufacturing 276

Manufacturing Authentication Marketing Encryption 276

Malwarebytes

AUGUST 25, 2022

September 2021 saw a huge spike of exploit detections against the manufacturing industry, with a distributed spread between California, Florida, Ohio, and Missouri. United States manufacturing threat family detections by month. United States manufacturing family threat detections pie chart.

Manufacturing 77

Manufacturing Scams Phishing Malware 77

Krebs on Security

DECEMBER 27, 2019

-based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries , including state and local governments, financial services, healthcare, manufacturing, media, retail and software. A now-deleted Tweet from Synoptek on Dec.

Ransomware 241

Ransomware Financial Services Media Phishing 241

SC Magazine

JANUARY 26, 2021

companies as a primary target of a new phishing scheme. Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders. The company could not be certain, however, if the V4 phishing kit was involved.

Phishing 118

Phishing Passwords Security Awareness Social Engineering 118

Cisco Security

MARCH 23, 2021

For example, those in the financial services industry may see more activity around information stealers; others in manufacturing may be more likely to encounter ransomware. So, without further ado, and in no particular order, here are the industry trends: Technology. Manufacturing. This is what we’re going to cover in part two.

DNS 143

DNS Financial Services Manufacturing Healthcare 143

Security Boulevard

APRIL 20, 2022

Download your free copy of the 2022 ThreatLabz Phishing Report, and check out our infographic. For decades, phishing has been a complex and time-consuming challenge for every security team. Avoiding the latest breed of phishing attacks requires heightened awareness from users, additional context, and a zero trust approach.

Phishing 114

Phishing Architecture Retail Risk 114