Friday, September 26, 2025

Flight Delays Across Europe Due To Cyber Attacks

 

Most of us don’t think much about cybersecurity—until it affects us directly. But the reality is: threats exist whether we’re aware of them or not.


Recently, cyberattacks caused flight delays in airport terminals across Europe. Imagine arriving at the airport, ready for your holiday, only to learn your flight is delayed or even cancelled for hours. Frustrating, right?


https://bit.ly/4pH2hjL


Headlines:

"Several of the largest airports in Europe, including London Heathrow, have been trying to restore normal operations over the past few days after an attack on Friday disrupted automatic check-in and boarding software.


The problem stemmed from Collins Aerospace, a software provider that works with several airlines across the world."


"Airports in Brussels, Dublin and Berlin have also experienced delays. While kiosks and bag-drop machines have been offline, airline staff have instead relied on manual processing."


"A spokesperson for Brussels airport said Collins Aerospace had not yet confirmed the system was secure again. On Monday, 40 of its 277 departing flights and 23 of its 277 arriving services were cancelled."

Monday, September 1, 2025

China's Salt Typhoon Cyberspies Continue Their Years-long Hacking Campaign

 

Be highly alert of the China-based APT threat actors, like Salt Typhoon (and of the others too).

If you use the following products then DO patch them immediately:

Ivanti Connect Secure and Ivanti Policy Secure: CVE-2024-21887 & CVE-2023-46805.

Palo Alto Networks PAN-OS GlobalProtect: CVE-2024-3400

Cisco Internetworking Operating System (IOS) XE: CVE-2023-20273 & CVE-2023-20198

Cisco IOS and IOS XE: CVE-2023-20198 & CVE-2018-0171


https://bit.ly/4n3jIZA


"...Brett Leatherman (FBI Assistant Director) told media outlets that Salt Typhoon targeted more than 600 organizations across 80 countries."


"The international coalition also called out three China-based entities affiliated with Salt Typhoon – Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology, and Sichuan Zhixin Ruijie Network Technology – that it accused of providing cyber products and services to China's Ministry of State Security and People's Liberation Army."


"In addition to the four US agencies (FBI, CISA, National Security Agency, and Department of Defense Cyber Crime Center), the UK's National Cyber Security Centre plus government agencies in Australia, Canada, New Zealand, the Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland, and Spain also co-issued the security alert."


"'In addition to targeting telecommunications, reported targeting of hospitality and transportation by this actor could be used to closely surveil individuals,' he said. 'Information from these sectors can be used to develop a full picture of who someone is talking to, where they are, and where they are going.'"




Tuesday, July 1, 2025

Cyber Criminals Target African Financial Institutions Using Open Source Tools

 

Palo Alto Networks Unit 42 has uncovered a sophisticated threat campaign, CL-CRI-1014, that’s been quietly targeting financial institutions across Africa since mid-2023. What’s striking about this campaign is not just the tooling, but the strategy.

Instead of using custom malware, the attackers rely on publicly available and open-source tools — commonly used by IT admins and red team members. They then go a step further: forging digital file signatures to make malicious payloads look like legitimate software from trusted vendors.

This allows them to:

  • Bypass basic endpoint defenses

  • Maintain long-term access without triggering alerts

  • Blend in with legitimate traffic and processes

This is yet another sign that attackers are moving away from complex malware and toward abusing what’s already in the environment. And with trust in file signatures being exploited, traditional security signals are no longer enough.

Lessons Learned:

  1. Trust can be weaponized – even signed and open-source tools can be abused.

  2. Initial access isn’t always loud – attackers may dwell silently before selling access.

  3. Detection must go deeper – beyond file signatures, focus on behavior and persistence.

  4. Open-source ≠ risk-free – validate and monitor every tool in your environment.

  5. Assume visibility gaps exist –  Prioritize collecting security data from devices and network traffic.


Monday, June 16, 2025

Interpol Targets Infostealers

Contrary to popular belief, the cyber world isn’t always a place where the bad guys win. When nations work together, even the most elusive cybercriminals can be brought to justice. The fight against cybercrime is not a one-country job—it requires global coordination, shared intelligence, and strong commitment from all sides.

Interpol’s recent “Operation Secure” is a prime example of how international cooperation can lead to real, measurable results. This operation, which ran from January to April 2025, focused on cracking down on infostealer malware operations across Asia. As a result, authorities arrested 32 individuals in different countries, seized 41 servers, and took down around 20,000 malicious IP addresses and domains.

I was most impressed by how many countries joined forces—26 in total took part in this operation. As digital threats continue to grow in complexity and scale, we need more of these joint operations. It’s a reminder that by standing together, sharing resources, and acting decisively, we can disrupt the criminal networks that thrive in the shadows of the internet.


https://bit.ly/4kNU5va




Friday, May 23, 2025

Deepfaking of Some Senior US Government Officials


Do you think AI-powered smishing and vishing are far off? Then do think again. (Smishing uses text messages to trick users; vishing relies on voice calls to do the same.)


Today, these social engineering attacking tactics might seem low-level, but the developments in AI-technology is rapidly changing that. With tools that can generate natural-sounding texts and mimic real voices, attacks are getting more sophisticated and convincing. What’s now a minor risk could soon escalate into a widespread and highly effective threat.


The FBI has warned that fraudsters are impersonating "senior US officials" using deepfakes as part of a major fraud campaign.


According to the agency, the campaign has been running since April and most of the messages target former and current US government officials. The attackers are after login details for official accounts, which they then use to compromise other government systems and try to harvest financial account information.


https://bit.ly/4ks5Jff


Headlines:

"'AI-generated content has advanced to the point that it is often difficult to identify,' the FBI advised. 'When in doubt about the authenticity of someone wishing to communicate with you, contact your relevant security officials or the FBI for help.'"


"Attackers have used this approach for over five years. The technology needed to run such attacks is so commonplace and cheap that it's an easy attack vector. Deepfake videos have been around for a similar period, although they were initially much harder and more expensive to do convincingly."