Detecting fraudulent North Korean hires: A CISO playbook
Has a North Korean threat actor applied for a position at your organization, or even been hired? We’re sharing a toolkit to help you detect and avoid that risk.
Similar Posts
Eurofiber admits crooks swiped data from French unit after cyberattack
Bys sConnor Jones reports: French telco Eurofiber says cybercriminals swiped company data during an attack last week that also affected some internal systems. The B2B wholesale telco confirmed that only its French business was affected by the November 13 attack, including its cloud division and regional brands Eurafibre, FullSave, Netiwan, and Avelia. In a disclosure published on Sunday,……
TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies
Bys sCybersecurity researchers have discovered a cybercrime campaign that’s using malvertising tricks to direct victims to fraudulent sites to deliver a new information stealer called TamperedChef. “The objective is to lure victims into downloading and installing a trojanized PDF editor, which includes an information-stealing malware dubbed TamperedChef,” Truesec researchers Mattias Wåhlén, Nicklas
Attackers Don’t Just Send Phishing Emails. They Weaponize Your SOC’s Workload
Bys sThe most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach. For years, the cybersecurity industry has focused on the front door of phishing…
Game of clones: Sophos and The MITRE ATT&CK Enterprise 2025 Evaluations
Bys sWinter is coming – so it must be time for Sophos X-Ops’ report on this year’s MITRE ATT&CK Enterprise Evaluations Categories: Threat Research Tags: ATT&CK, Emulation, Featured, MITRE, MUSTANG PANDA, scattered spider, Sophos X-Ops
Highlands Oncology Group notifies 113,575 people after ransomware attack by Medusa
Bys sOn August 1, Highlands Oncology Group in Arkansas notified the Maine Attorney General’s Office of a ransomware attack it discovered on June 2, when certain files and systems were inaccessible. Investigation into the incident revealed that there had been unauthorized access at times between January 21, 2025, and June 2, 2025. On June 19, the…
FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services
Bys sVarious industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT. “The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network (CDN) myqcloud and the Youdao Cloud Notes service as part of their attack infrastructure,” Kaspersky ICS CERT said…