As threats evolve and technology advances, there’s always an opportunity to strengthen your organisation’s security posture, streamline workflows, and maintain compliance with global industry standards. Many of these measures may already be in place, but it’s always beneficial to review, refine, and optimise them. Use this as a checklist to confirm what’s already covered and … Read more
Security experts have warned that a cybercriminal group has been running a malicious and inventive phishing campaign since August 2024 to break into organizations across Europe, North America, Africa, and the Middle East. The Russian group, known as Storm-2372, has targeted government and non-governmental organisations (NGOs), as well as firms working in IT, defence, telecoms, … Read more
Microsoft revealed an ongoing spear-phishing campaign that abuses the legitimate device code authentication flow to gain access to Microsoft 365 accounts.Device code authentication is used to access Microsoft 365 services from “input-constrained devices” such as printers, smart TVs, game consoles and other internet-of-things (IoT) devices that do not have a web browser.Microsoft said in a … Read more
Feb 13, 2025Ravie LakshmananMalware / Cyber Espionage Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it … Read more
Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. All supported Windows operating systems will receive an update this month for a buffer overflow vulnerability that carries the catchy name CVE-2025-21418. This patch should be a … Read more
