News

Who: Businesses handling cardholder data, service providers, and any entity connected to payment systems.

What: PCI DSS 4.0 requires all organizations processing payments to implement DMARC by March 31, 2025, to combat email fraud, domain spoofing, and phishing. Non-compliance could lead to fines between $5,000 and $100,000.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that helps prevent email fraud, phishing, and domain spoofing. It works by allowing domain owners to specify how unauthenticated emails should be handled—whether they should be delivered, quarantined, or rejected.

How DMARC Works:

1. Authentication – DMARC builds on SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to verify that emails are sent from legitimate sources.

2. Policy Enforcement – Organizations can set policies to reject or quarantine emails that fail authentication, reducing the risk of phishing attacks.

3. Reporting & Visibility – DMARC generates reports that provide insights into who is sending emails on behalf of a domain and identifies potential abuse.

   
   

Why It Matters:

• Prevents Brand Impersonation – Stops cybercriminals from using your domain to send fake emails.

• Reduces Phishing Attacks – Protects customers and employees from email-based threats.

• Improves Email Deliverability – Ensures legitimate emails reach inboxes instead of being marked as spam.

• Enhances Compliance – Meets security requirements like PCI DSS 4.0 and aligns with email security best practices.

Read the full article HERE

Cybercriminals are increasingly targeting the software supply chain, infiltrating open-source ecosystems to spread malware. In 2024, over 512,847 malicious packages were detected—a 156% rise from the previous year. A major attack on the Python Package Index (PyPI) disguised malware as AI chatbot tools, compromising thousands of applications before security researchers intervened.

To combat these threats, organizations must adopt Product Security Testing (PST) to assess software and hardware risks before deployment. PST goes beyond vulnerability scanning, focusing on how a product behaves in a specific environment and identifying necessary mitigations. Prioritizing high-risk applications ensures critical assets remain protected.

The SANS SEC568 course trains security professionals in black-box testing, allowing them to evaluate third-party software effectively. PST is valuable for security teams, auditors, penetration testers, developers, and SOC analysts, helping organizations make informed decisions, improve security posture, and respond proactively to supply chain threats.

Read the full article HERE

Who:Cybersecurity firm Salt Labs, researchers, and an undisclosed online travel service integrated with commercial airlines.

What:A vulnerability in the OAuth authentication process exposed millions of users to account hijacking. Attackers could exploit the flaw to access users' accounts, impersonate them, and perform actions like booking hotels or car rentals with the victim’s airline loyalty points.

How:The flaw was triggered by a specially crafted link that, when clicked, redirected the user to a manipulated authentication response. This allowed attackers to steal session tokens and hijack accounts. The attack was difficult to detect as it involved manipulating a URL parameter rather than the domain itself. The vulnerability affected services allowing hotel bookings to be added to airline itineraries.

Read the full article HERE

Who:

• Threat actors linked to Black Basta ransomware and potentially FIN7/Sangria Tempest.

• Groups tracked as STAC5143 and STAC5777 identified by Sophos.

What:

• Attackers use email bombing followed by posing as IT support in Microsoft Teams calls.

• Victims are tricked into granting remote access via Microsoft Teams or installing malware.

• Malware used includes:

  • Java archive (JAR) files and Python scripts (RPivot backdoor).

  • Malicious DLLs (e.g., nethost.dll, winhttp.dll) sideloaded through legitimate software.

• Techniques include keylogging, credential harvesting, and network reconnaissance.

• Final stage likely involves data theft and ransomware deployment.

Impact:

• Compromises systems via remote control, enabling data theft and lateral network movement.

• Black Basta ransomware deployment observed, signaling potential for severe organizational disruptions.

• Uses default Microsoft Teams settings and Quick Assist for hands-on control.

• Victims' sensitive documents and credentials targeted for exploitation.

Mitigation:

• Block external domains from initiating messages and calls in Microsoft Teams.

• Disable Microsoft Quick Assist on critical systems.

• Monitor and restrict access to external file-sharing services like SharePoint and Azure Blob Storage.

Read the full article HERE

Who:Key SaaS threat actors dominating the 2025 landscape:

• ShinyHunters: Exploited SaaS misconfigurations to breach 165+ organizations, including Snowflake, Ticketmaster, and Authy.

• ALPHV (BlackCat): Extorted $22M and faked an FBI takedown; infamous for targeting healthcare and finance sectors.

• RansomHub: Emerging ransomware actor; breached Frontier Communications and impacted over 100M individuals via SaaS vulnerabilities.

• LockBit: Consistently targeting fintech companies like Evolve Bank & Trust, despite global law enforcement actions.

• Midnight Blizzard (APT29): State-sponsored espionage group focusing on stealthy infiltration of critical systems, e.g., TeamViewer.

What:

• SaaS-focused attacks surged in 2024, with password attacks rising by 75% and phishing up 58%, causing $3.5B in losses.

• Common tactics: exploiting misconfigurations, weak authentication, and third-party vulnerabilities.

• Emerging players: Hellcat (rapid rise) and Scattered Spider (potential comeback).

Impact:

• Misconfigurations remain a primary vulnerability for SaaS, leading to unauthorized access and data breaches.

• Credential theft and API manipulation bypass traditional defenses, causing significant financial and reputational damage.

• Supply chain risks and shadow IT create hidden vulnerabilities that demand continuous monitoring and proactive mitigation.

Key Takeaways for Security Teams:

• Conduct regular SaaS configuration audits and enforce MFA.

• Leverage identity threat detection and anomaly monitoring tools.

• Implement continuous risk assessments and automated remediation to mitigate evolving threats.

Read the full article HERE