FISA

  BOSTON, MA — April 29, 2025 — Rapid7, Inc. (NASDAQ: RPD), a leader in extended risk and threat detection, today announced a series of powerful enhancements to its Command Platform. With unified threat-informed remediation, Rapid7 now offers security teams platform-level remediation capabilities across exposure management and threat detection and response, resulting in greater visibility, alignment, collaboration, and security outcomes. In addition, Rapid7 stands behind these security outcomes with financial coverage through Breach Protection Warranty , giving customers confidence that they’re not only protected from threats – but also providing peace of mind should a breach occur. Security teams face an increasingly expanding attack surface, made more complex by a fragmented approach to security tools and continued distribution of ownership and responsibility of IT operations and security. To take command of their attack surface, automated remediation across an organ...

    I n October 2024, Intesa Sanpaolo — Italy’s largest bank — faced a serious data  breach that shook the Italian financial sector and raised alarms across Europe. How a Trusted Employee Compromised Thousands. An internal employee was found to have unauthorized access to the accounts of about 3,500 clients, including high-profile figures such as Prime Minister Giorgia Meloni and former Prime Minister Mario Draghi  between February 2022 and April 2024. A Hack or an Inside Job? The system was not hacked, i n the case of Intesa Sanpaolo, there was no classic external cyberattack as we often see with ransomware or malware breaches. Instead, this was an internal abuse: an employee with legitimate access to the bank’s systems used that access improperly to view data unrelated to his job responsibilities. The IT infrastructure was neither destroyed nor infected, and no external penetration occurred. The breach came from inside — using valid credentials but with malicious i...

  Cybersecurity company Guardz is warning Microsoft 365 users about a new phishing scam backed by social engineering tactics making the rounds. This isn’t an average scam as attackers trick people into calling fake support numbers using Microsoft 365 infrastructure, putting their login details and accounts at risk. How the Attack Works Unlike typical phishing attempts using typosquatted domains, fake or misspelled email addresses, this campaign operates from within Microsoft’s cloud services. This makes the phishing attempts look convincing, easily bypassing email authentication checks like SPF, DKIM, and DMARC . The attack also utilizes legitimate Microsoft domains ( onmicrosoft.com )and manipulates tenant settings. The scammers also set up multiple Microsoft 365 organization tenants , either by creating new ones or compromising existing accounts. Each tenant has a specific role within the attack framework, allowing the threat actors to operate with anonymity. One of these fake o...

  Extended Detection and Response (XDR) has emerged as a transformative  security technology  that unifies visibility across multiple security layers. When applied to penetration testing methodologies, XDR offers unprecedented capabilities for identifying vulnerabilities that might otherwise remain hidden. This article explores how security professionals can leverage XDR capabilities during penetration testing to enhance vulnerability discovery, validate security controls, and strengthen overall security posture. Understanding XDR Technology In Security Frameworks Extended Detection and Response represents a significant evolution in security technology, designed to overcome the limitations of siloed security tools. XDR collects threat data from previously separated security components across an organization’s entire technology stack, including endpoints, networks, cloud workloads, and email systems. This comprehensive approach enables security teams to rapidly detect and ...

Cybersecurity experts have uncovered a unique malware campaign designed to exploit Docker environments for cryptocurrency gains. Unlike traditional cryptojacking operations that use tools like XMRig to mine crypto directly, this campaign takes a more subtle approach. The malware, analyzed by Darktrace and Cado Security, interacts with a decentralized Web3 platform called Teneo . This service rewards users with Teneo Points —convertible to $TENEO tokens —for running a Community Node that collects public social media data. These nodes extract content from platforms like Facebook, Reddit, TikTok, and X (formerly Twitter). Investigators found the malware in a Docker container image named "kazutod/tene:ten" , hosted on Docker Hub. Despite being uploaded only two months ago, the image had already seen over 300 downloads before it was taken down. Inside, it contained a highly obfuscated Python script that had to be unpacked through more than 60 decoding stages before executing its m...

In a calculated cyber offensive dubbed "Operation SyncHole," the Lazarus Group—​a North Korean state-sponsored threat actor—​has compromised at least six South Korean organizations across sectors including software, IT, finance, semiconductors, and telecommunications .​ Operation SyncHole activity timeline Attack Vector and Exploitation The campaign initiated with watering hole attacks, wherein Lazarus compromised legitimate South Korean online media sites frequented by targeted organizations. Visitors to these sites were profiled via server-side scripts; those matching specific criteria were redirected to attacker-controlled domains. These domains served malicious scripts exploiting a vulnerability in Cross EX—a widely used South Korean software facilitating secure online transactions—to deploy the ThreatNeedle malware.​ The Attack Flow Malware Deployment and Lateral Movement Upon successful exploitation, the attackers executed the legitimate SyncHost.exe process, injecting ...

Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024. While using malware-laced apps to steal financial information is not a new phenomenon, the new findings from Russian antivirus vendor Doctor Web point to significant escalation where threat actors are directly targeting the supply chain of various Chinese manufacturers to preload brand new devices with malicious apps. "Fraudulent applications were detected directly in the software pre-installed on the phone," the company said. "In this case, the malicious code was added to the WhatsApp messenger." A majority of the compromised devices are said to be low-end phones that mimic well-known premium models from Samsung and Huawei with names like S23 Ultra, S24 Ultra, Note 13 Pro, and P70 Ultra. At least four of the affected models ...