Home » Science & Tech » Cyber Security
Category:

Cyber Security

Stay protected in the digital age with our Cyber Security category. Discover the latest news, trends, and expert tips on safeguarding your online presence. From data breaches to security best practices, we provide valuable insights to help you defend against cyber threats and ensure your digital safety.

Armis Cybersecurity Firm Valued at $6.1 Billion
Cyber Security

Armis Cybersecurity Firm Valued at $6.1 Billion

by waseem
written by waseem

The Armis cybersecurity firm has achieved a new milestone, reaching a valuation of $6.1 billion after securing $435 million in a new funding round. This marks more than a 45% increase in value within just one year.

Surge in Global Cybersecurity Demand

As cyberattacks continue to rise, the demand for cybersecurity firms like Armis is higher than ever. Corporations and governments are investing heavily in digital protection tools to defend critical infrastructure.

Extra Virgin Olive Oil
Sponsored: Extra Virgin Olive Oil

In 2025 alone, billions have been lost globally due to major data breaches and ransomware attacks. Lawmakers worldwide are now calling for improved cyber-resilience and stronger digital defenses at corporate levels.

Armis Funding Round Led by Goldman Sachs

The latest investment round was led by the alternative investments division of Goldman Sachs, with continued participation from CapitalG. The Armis cybersecurity firm plans to use the funds to implement its three-year strategic plan.

According to the company, the primary goal is to achieve $1 billion in annual recurring revenue and prepare for an upcoming initial public offering (IPO).

Armis: Protecting the Digital World

Founded in 2016, Armis specializes in real-time security for connected devices. Its technology helps prevent data breaches and protects sensitive networks from cyber threats.

The Armis cybersecurity firm currently serves more than 40% of Fortune 100 companies, including leaders in healthcare, finance, and critical infrastructure sectors.

Future Growth and Expansion

With cybersecurity threats evolving rapidly, Armis continues to develop advanced solutions for IoT, cloud systems, and enterprise networks. Its latest valuation reflects growing investor confidence in the company’s global potential.

Industry experts believe the Armis cybersecurity firm is on track to become one of the top global players in digital security, paving the way for a strong IPO in the coming years.

Read More: Cyber Security News

0 comments
0 FacebookTwitterPinterestEmail
WhatsApp Scam Protection
Cyber Security

WhatsApp Scam Protection: New Features Boost User Safety & Privacy

by Ali Haider
written by Ali Haider

WhatsApp Steps Up Scam Protection

WhatsApp is enhancing its defense against online fraud. They launched brand-new WhatsApp Scam Protection features. These tools are designed to keep user chats safer. The platform already removes millions of scam accounts. WhatsApp is now increasing safety in all conversations.

Extra Virgin Olive Oil
Sponsored: Extra Virgin Olive Oil

Smarter Safety Features for Group Chats

Users can be added to unknown groups. This often happens by someone they do not know. WhatsApp will now provide a safety overview. This overview appears before you join the chat. Until you decide to stay, notifications are muted. This prevents unwanted messages.

Group Chat Safety Overview Details

The new safety screen displays key information. It shows who added you to the group. It also lists if others are already in your contacts. Key details about the group are visible too. This helps users decide if they should leave or stay.

Alerts Introduced for Private Chats

Scammers start contact outside WhatsApp often. They then move victims to the platform. WhatsApp is testing a feature to fight this. It warns you when messaging an unknown sender. The app provides extra context about them. This makes suspicious behavior easier to spot.

Meta and OpenAI Fight Scam Networks

WhatsApp is part of a global crackdown. Meta and OpenAI shut down a scam hub. This organized operation was in Cambodia. Criminals used AI tools like ChatGPT. They created fake cryptocurrency messages. They also promoted pyramid schemes. Victims were tricked into joining Telegram groups.

New Protection Against Screen Sharing Scams

WhatsApp has added another defense. A new warning appears before screen sharing. This happens if the contact is unknown. The app offers a quick option to cancel. This prevents scammers from accessing sensitive data. It stops them from accessing banking apps.

Essential WhatsApp Scam Protection Advice

WhatsApp advises users to remain vigilant. Following simple steps keeps you safe.

  • Pause before replying to unknown numbers.
  • Double-check the urgency of all messages.
  • Verify the sender’s identity immediately.
  • Never share your verification code or PIN.

With these new WhatsApp Scam Protection features, the app is building a much safer digital space for over two billion users worldwide.

0 comments
0 FacebookTwitterPinterestEmail
Black Basta ransomware Microsoft Teams
Cyber Security

Black Basta Ransomware Exploits Microsoft Teams for Advanced Attacks

by Ali Haider
written by Ali Haider

Black Basta Ransomware Uses Microsoft Teams to Deploy Zbot Malware

The Black Basta ransomware group has advanced its tactics, leveraging Microsoft Teams to execute targeted cyberattacks. These attackers employ social engineering techniques to deliver malware such as Zbot, DarkGate, and custom payloads, increasing their effectiveness in targeting Windows users.

How the Attack Works

The campaign begins with threat actors using Microsoft Teams to contact targets. They pose as IT personnel and exploit phishing tactics to convince users to install remote management tools such as QuickAssist, TeamViewer, or AnyDesk. Once the victim grants access, attackers initiate malware downloads to compromise the user’s credentials and infiltrate organizational assets.

Key tactics include:

  • Social Engineering: Threat actors use authentic-looking display names on Teams to gain the target’s trust.
  • Remote Management Tools: Attackers install software to establish a foothold in the target’s system.
  • Credential Harvesting: Using customized DLL payloads to steal login information and VPN configurations.
  • Payload Delivery: The attackers deploy advanced malware like Zbot, which uses RSA encryption for secure command-and-control communications, and DarkGate, a multifunctional toolkit for data theft and privilege escalation.

Notable Techniques

  • Reverse Shells: Operators utilize Windows’ OpenSSH client to execute commands remotely.
  • QR Codes: In some cases, attackers distribute QR codes, likely to bypass multi-factor authentication (MFA).
  • Cobalt Strike Beacons: For further penetration, the group uses PowerShell commands and loaders for Cobalt Strike and other malicious payloads.

Recommendations for Protection

  1. Restrict External Communications: Limit external users’ ability to contact employees via Microsoft Teams.
  2. Standardize Remote Management Tools: Regulate the use of authorized tools to minimize risks.
  3. User Training: Educate employees to recognize phishing attempts and social engineering techniques.
  4. Secure VPN Access: Strengthen VPN configurations and enforce MFA to protect organizational networks.

The sophistication of Black Basta’s methods underscores the need for robust cybersecurity measures. By exploiting trusted platforms like Microsoft Teams, the group increases its chances of success, emphasizing the importance of proactive threat detection and response.

0 comments
0 FacebookTwitterPinterestEmail
BlueAlpha APT Cloudflare Tunnels
Cyber Security

Russian BlueAlpha APT Abuses Cloudflare Tunnels To Deliver Custom Malware

by Ali Haider
written by Ali Haider

The state-sponsored cyber threat group BlueAlpha, linked to Russia’s Federal Security Service (FSB), has been actively targeting organizations with advanced cyber tactics since 2014. Recently, BlueAlpha has adopted a novel strategy by leveraging Cloudflare Tunnels to stage and deliver its GammaDrop malware, enhancing its ability to evade detection.

BlueAlpha employs spear phishing campaigns to distribute malicious HTML smuggling files embedded with JavaScript. These files execute custom malware variants GammaDrop and GammaLoad, enabling data exfiltration, credential theft, and persistent network access. The group’s updated approach involves:

  • HTML Smuggling: Embedding JavaScript into HTML attachments to bypass traditional email security systems.
  • Cloudflare Tunnels: Using the TryCloudflare tool to create subdomains for staging GammaDrop. This tactic hides malicious infrastructure behind Cloudflare’s network, complicating traditional detection.
  • DNS Fast-Fluxing: Changing DNS records rapidly for its command-and-control (C2) servers, making it harder to trace.

The malware suite utilized by BlueAlpha includes:

  • GammaDrop: A dropper ensuring the delivery and persistence of GammaLoad.
  • GammaLoad: A custom VBScript capable of beaconing to C2 servers, deploying additional malware, and stealing sensitive data.

Mitigation Strategies:

  1. Deploy tools to detect and block HTML smuggling activities, flagging suspicious JavaScript events like “onerror.”
  2. Establish application control rules to block the execution of malicious .lnk files and untrusted executables, such as mshta.exe.
  3. Monitor and restrict unauthorized DNS-over-HTTPS (DoH) traffic, especially queries targeting trycloudflare.com subdomains.

Organizations must invest in advanced detection and response capabilities to counteract sophisticated threats posed by BlueAlpha and similar state-sponsored groups. The group’s persistent use of obfuscation tactics and infrastructure hiding underscores the importance of continuous monitoring and proactive cybersecurity measures.

0 comments
0 FacebookTwitterPinterestEmail
China-Based Cyber Attack
Cyber Security

China-Based Hackers Target U.S. Organization in Sophisticated Cyber Attack

by Ali Haider
written by Ali Haider

U.S. Organization in China Hit by Advanced Cyber Attack

A U.S. organization with extensive operations in China recently became the victim of a highly advanced cyber attack, reportedly orchestrated by China-based hackers. This breach lasted for four months, from April to August 2024, and was primarily focused on intelligence gathering.

Details of the Cyber Attack

The attackers infiltrated multiple computers, including critical Exchange Servers, signaling an emphasis on email harvesting. The breach involved various advanced techniques:

  1. DLL-Sideloading: Legitimate applications such as GoogleToolbarNotifier.exe and iTunesHelper.exe were exploited to load malicious DLLs.
  2. Impacket Framework: This open-source Python tool was used to manipulate network protocols.
  3. File Transfer Tools: FileZilla and PSCP were likely employed for data exfiltration.
  4. Living Off the Land Techniques: Tools like WMI, PsExec, and PowerShell enabled lateral movement and command execution within the network.

Technical Insights

Security experts at Symantec confirmed that at least five machines were compromised. The hackers focused on credential dumping, network reconnaissance, and email data extraction.

Key indicators suggest a China-based origin:

  • The use of DLL-sideloading, a common tactic among Chinese hacking groups.
  • Links to the Daggerfly group, previously associated with attacks on the same organization.
  • Evidence of the file textinputhost.dat, tied to the Chinese espionage group Crimson Palace.

Implications

This incident underlines the persistent threats U.S. organizations face when operating in China. The attack’s scale and sophistication highlight the importance of robust cybersecurity measures.

0 comments
0 FacebookTwitterPinterestEmail
Pegasus Spyware Infections
Cyber Security

Pegasus Spyware Found on New Devices: Widespread Threat Confirmed

by Ali Haider
written by Ali Haider

New Pegasus Spyware Infections Detected by iVerify

Recent findings from cybersecurity firm iVerify have uncovered alarming details about Pegasus spyware, developed by the Israeli NSO Group, affecting mobile devices worldwide. Known as “Rainbow Ronin” by iVerify, Pegasus has long been associated with high-profile targets such as journalists and government officials. However, the latest discoveries reveal infections among ordinary professionals and civilians, raising concerns about its extensive reach.

Key Findings:

  • Scan Results: Out of 2,500 self-scanned devices, seven showed Pegasus infections, translating to a high infection rate of 2.5 devices per 1,000 scans.
  • Timeline: Infections date back to 2021 and span multiple iOS versions.
  • Cross-Platform Impact: Pegasus exploits vulnerabilities in both iOS and Android using advanced zero-click attacks.

iVerify’s Mobile Threat Hunting feature detected these instances, challenging traditional assumptions about mobile security. “If you scan for it, you will find it,” remarked an iVerify spokesperson. Their research also revealed five unique malware types, emphasizing the evolving nature of these threats.

How Pegasus Operates:

  • Provides complete device control to attackers.
  • Employs sophisticated techniques, including zero-click attacks, that don’t require user interaction.
  • Targets system vulnerabilities to breach mobile security protocols.

Implications for Mobile Security:

The findings expose a critical gap in current security measures. While traditionally thought to target high-risk groups, the infection rate suggests that no device is entirely safe. iVerify’s work underscores the need for proactive and user-accessible security solutions, equipping users with advanced threat detection tools.

As Pegasus continues to evolve, iVerify plans to release a detailed technical analysis, aiming to revolutionize mobile security practices and protect users from increasingly sophisticated threats.

0 comments
0 FacebookTwitterPinterestEmail