In order to provide you the best services, DrGlenn regularly posts articles and new security concerns. Check back often!

ISACA has launched the Certified Information Systems Auditor (CISA) Associate designation, enabling CISA exam passers without the required experience to kickstart their careers in IT audit. The new CISA Associate will help students and graduates make their first step into the IT audit profession. One of the biggest challenges for those looking to pursue a career in cybersecurity is a lack of experience but by passing the CISA exam, candidates can demonstrate their knowledge and desire to pursue a career in IT audit. Academic students who have fewer than five years of experience in IT auditing can pursue this designation when registering for the CISA exam. According to a recent ISACA survey, 92% of independent hiring managers agree that a CISA exam passer demonstrates significant...

This week, we’re updating Sophos Central firewall management with a couple of important updates, including a new account health check feature and enhanced scalability and performance for partners managing large groups of customers. The new account health check capability provides a framework that will be expanded over time to perform a variety of helpful assessments across your entire estate. We’re kicking off this new account health check capability with a firewall backup assessment. Firewall Backup Health Check This new assessment will review your firewalls under management for backup status and will: Identify all firewalls in your estate that are not on a backup schedule Automatically add a backup schedule for those firewalls not already on a schedule This ensures all your...

Cracking the code of a successful cybersecurity career starts here. Hear from ESET's Robert Lipovsky as he reveals how to break into and thrive in this fast-paced field. 04 Jul 2025 What does it take to break into cybersecurity? Is there any best path? Do you need to be a coding prodigy? What college degree do you need? Indeed, do you need any? If these are some of the questions swirling in your mind, you’re in the right place. Hear from ESET Principal Threat Intelligence Researcher Robert Lipovsky as he breaks down the skills and personality traits that all aspiring cybersecurity professionals should have in order to succeed in this ever-evolving industry. Of course, this is far from the first time we've looked at how to get started in cybersecurity. In fact, our previous...

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech companies — including Facebook, Github, PayPal and Twitter/X. On May 29, the U.S. Department of the Treasury announced economic sanctions against Funnull Technology Inc., a Philippines-based company alleged to provide infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering.” In January 2025, KrebsOnSecurity detailed how Funnull was designed as a content delivery network that catered to foreign cybercriminals seeking to route their...

There’s no official word on what the problem is, but Ingram Micro’s website has been down since Thursday morning. They claim to be “currently experiencing technical difficulties…” Are you thinking what I’m thinking? I really hope I’m wrong, but it’s not at all unusual for a cyber attack to be timed to coincide with a long holiday weekend in the United States… Ingram Micro might not be talking, but there’s plenty of speculation and bandying about of the term “ransomware” over on Reddit. Sign up to our free newsletter.Security news, advice, and tips. Found this article interesting? Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post. Source...

A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context ads on a user's screen and hide their icons from the device home screen launcher, making it harder for victims to remove them, per the company's Satori Threat Intelligence and Research Team. The apps have Source link

A Continued Cycle South Africa has had a slow approach to compliance with the government regulations and laws set in place. This problem has been exposed at every turn as South Africa has continued to show its vulnerabilities, and cyber criminals see them and abuse them. The institution of much of the newer legislation has given a signal that South Africa is taking cybersecurity more seriously, but compliance has been a hit or miss game. As more companies become educated on the laws and regulations regarding cybersecurity, they are adding additional staff and hiring cybersecurity specialists to assist in combatting threat actors in the cyber world. New software has been developed to automate some of the previous methods of analysis and to institute fast action responses. The...

Enterprise code signing plays a key part in software development and deployment. It guarantees customers that the code comes from a trusted entity and has not changed hands or has not been accessed without permission. As attacks become ever so complex, it’s vital for enterprises to enhance the security of their code signing. Through strong practices, enterprises are able to secure software, uphold trust levels, and minimize risk from compromised applications. This piece describes the top seven methods to secure your organization’s code signing process, emphasizing digital signatures, key management, and ensuring code integrity. The methods complement each other utilizing best practices to form an integrated security framework. 1. Implement Robust Key Management Practices Key...

Hawaiian Airlines has been hit by a cybersecurity incident, impacting some of its IT systems. The US airline disclosed the “cybersecurity event” in two updates posted on its website on June 26. The company said it has taken steps to safeguard operations and that flights are operating safely and as scheduled. “As we navigate the ongoing event, we remain in contact with the appropriate experts and federal authorities. We will provide updates as more information is available,” a statement at 16.00 PST on June 26 read. An earlier statement, at 10.45 PST, stated that the airline is working toward an “orderly restoration,” suggesting that systems had been taken offline. No information has so far been given on the nature of the event, or whether any customer data has potentially been...

The sixth annual Sophos State of Ransomware report provides fresh insights into the factors that led organizations to fall victim to ransomware and the human and business impacts of an attack. Based on insights from a vendor-agnostic survey of 3,400 IT and cybersecurity leaders across 17 countries whose organizations were hit by ransomware in the last year, the report combines year-on-year insights with brand new areas of study, including why ransom payments rarely match the initial demand, and the downstream impact of ransomware incidents on in-house teams. Download the report to get the full findings and read on for a taste of some of the topics covered. Why organizations fall victim to ransomware It is rarely a single issue that leaves organizations exposed to ransomware;...

Je nachdem, womit er verbunden ist, kann ein MCP-Server „ein riesiger, massiver Angriffsvektor“ sein, betont der Sicherheits-Experte. Wenn er beispielsweise zur Analyse von Protokolldaten mit einer SIEM-Plattform (Security Information and Event Monitoring) verbunden ist, könnte ein Angreifer auf diesen Server zugreifen, um Daten zu sammeln. „Wo man den MCP-Server aufstellt, ist eine wichtige Frage“, die CSOs beantworten müssen, erklärte er. „Ich denke, wie bei allen neuen Protokollen ist es noch zu früh, um es in Produktion zu nehmen“, fügte Meghu hinzu. „Ich glaube, es gibt bessere Möglichkeiten, das zu erreichen, die wir noch nicht gefunden haben.“ In diesem Zusammenhang wirft der Spezialist folgende Fragen ein: „Warum konnten wir nicht auf bekannten Protokollen wie JSON oder...

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known. Image: Infoblox. In November 2024, researchers at the security firm Qurium published an investigation into “Doppelganger,” a disinformation network that promotes pro-Russian narratives and infiltrates Europe’s media landscape by pushing fake news through a network of cloned websites. Doppelganger campaigns use specialized links that bounce the visitor’s...

A GCHQ intern forgets the golden rule of spy school — don’t take the secrets home with you — and finds himself swapping Cheltenham for a cell. Meanwhile, an Australian hacker flies too close to the sun, hacks his way into a US indictment, and somehow walks free… only to get booted back Down Under. Plus: flow states, Bob Mortimer, and the joys of pretending to carry an owl around on a cushion. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault. Warning: This podcast may contain nuts, adult themes, and rude language. Hosts: Graham Cluley:  @grahamcluley.com  @[email protected] Carole Theriault:  @caroletheriault Episode links: Sponsored by: Vanta – Expand the scope of your...

Jun 17, 2025Ravie LakshmananVulnerability / LLM Security Cybersecurity researchers have disclosed a now-patched security flaw in LangChain's LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts. The vulnerability, which carries a CVSS score of 8.8 out of a maximum of 10.0, has been codenamed AgentSmith by Noma Security. LangSmith is an observability and evaluation platform that allows users to develop, test, and monitor large language model (LLM) applications, including those built using LangChain. The service also offers what's called a LangChain Hub, which acts as a repository for all publicly listed prompts, agents, and models. "This newly identified vulnerability exploited unsuspecting users who adopt an agent containing a...

Legislation, Regulations, Challenges According to SABRIC (South African Banking Risk Information Centre), South Africa now rates as the third highest number of victims of cyber crime in the world. This equates to a loss of nearing R2.2 billion per year to attacks via cyber crime. Due to the larger percentage of corporate headquarters in SA, specifically retail and banking, SA is more attractive to cyber criminals than all other areas of Africa. While there has been a focus on regulations and legislation to combat this problem, it has turned out that it’s a lot more complex than just having laws in place. Addressing the legislation and regulations to reduce cyber attacks is a first line defense. The Cybercrimes and Cybersecurity Bill adopted by The National Assembly was a first...

In the world of cybersecurity, “zero-day” used to mean panic. Today, it still does—for those unprepared. But what if you could act in real time, even before the exploit is known?  At CryptoBind, we’re redefining how organizations prepare for and respond to zero-day vulnerabilities. Our AI-powered threat detection engine doesn’t wait for threat signatures. It anticipates behavior, detects anomalies, and automates the response—before your business is breached.  The Problem: Zero-Day Attacks Move Fast. Humans Can’t.  Zero-day vulnerabilities are flaws in software that attackers exploit before developers have a chance to fix them. These threats move at machine speed, often bypassing traditional security tools and static detection mechanisms. By the time you’re alerted, it’s already...

US legislators have introduced a new Healthcare Cybersecurity Bill to Congress, which is designed to expand the federal government’s role in preventing and responding to data breaches of Americans’ medical data. Congressman Jason Crow (D-CO) introduced the bi-partisan legislation on June 10 as part of efforts to tackle surging healthcare data breaches in the US. In January 2025, it was reported that 190 million US citizens’ personal and medical data records were impacted by the Change Healthcare ransomware attack in 2024 alone. The Change Healthcare incident also resulted in significant disruption to patient care. The Healthcare Cybersecurity Bill would specifically require the Cybersecurity and Infrastructure Security Agency (CISA) and the US Department of Health and Human...

At Sophos X-Ops, we often get queries from our customers asking if they’re protected against certain malware variants. At first glance, a recent question seemed no different. A customer wanted to know if we had protections for ‘Sakura RAT,’ an open-source malware project hosted on GitHub, because of media claims that it had “sophisticated anti-detection capabilities.” When we looked into Sakura RAT, we quickly realized two things. First, the RAT itself was likely of little threat to our customer. Second, while the repository did indeed contain malicious code, that code was intended to target people who compiled the RAT, with infostealers and other RATs. In other words, Sakura RAT was backdoored. Given our previous explorations of the niche world of threat actors targeting each...

In 2024, ESET researchers discovered several malicious tools in the systems used by Kurdish and Iraqi government officials. The APT group behind the attacks is BladedFeline, an Iranian threat actor that has been active since at least 2017, when it compromised officials within the Kurdistan Regional Government (KRG). This group develops malware for maintaining and expanding access within organizations in Iraq and the KRG. While this is our first blogpost covering BladedFeline, we discovered the group in 2023, after it targeted Kurdish diplomatic officials with the Shahmaran backdoor, and previously reported on its activities in ESET APT Activity reports Q4 2023-Q1 2024 and Q2 2024-Q3 2024. The array of tools utilized in the recent campaign shows that since deploying Shahmaran,...

In addition, the administration’s budget expects CISA’s other spending outlays to drop by $535 million, or 20%. On the other hand, according to the budget, the much smaller Cyber Director’s budget should decrease by 10%, while personnel levels will stay level at 85 full-time equivalent employees. In addition to their own budget cuts, both officials will have to grapple with the fallout from reduced cyber functions across the entire federal government, from the NSA to the FBI. The FBI has recently been forced to divert resources from cybersecurity to handling immigration and border control issues. “This administration has decided to disinvest in cybersecurity and to do so in a way that is particularly damaging to the workforce,” Michael Daniel, president and CEO of the Cyber Threat...