Aggregator

Cybersecurity and Infrastructure Security Agency (CISA) has added a cross-site scripting (XSS) vulnerability affecting MDaemon Email Server to its Known Exploited Vulnerabilities (KEV) Catalog on May 19, 2025. This critical addition, identified as CVE-2024-11182, highlights a security flaw that allows attackers to inject malicious JavaScript code via crafted HTML emails. Federal agencies now have until […]

The post CISA Includes MDaemon Email Server XSS Flaw in KEV Catalog appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft is introducing artificial intelligence capabilities directly into Windows 11’s File Explorer, allowing users to manipulate files without opening dedicated applications.  Announced in Windows 11 Insider Preview Build 26200.5603 (KB5058488) released to the Dev Channel on May 19, 2025, this integration represents a significant advancement in Microsoft’s AI strategy for its flagship operating system. AI […]

The post Microsoft to Integrate AI With Windows 11 File Explorer appeared first on Cyber Security News.

Cynet announced a major update to CyAI, its proprietary AI engine that powers advanced threat detection across the Cynet platform. By reducing false positives by 90%, CyAI advances Cynet’s mission to maximize purpose-built protection for managed service providers and small-to-medium businesses, backed by 24/7 SOC support. Leveraging machine learning models trained on millions of samples, CyAI continuously analyzes every executable file across all endpoints to detect known and zero-day threats before damage can be done. … More →

The post Cynet boosts AI-powered threat detection accuracy appeared first on Help Net Security.

While analyzing malware samples uploaded to ANY.RUN’s Interactive Sandbox, one particular case marked as “phishing” and “Telegram” drew the attention of our security analysts.  Although this analysis session wasn’t attributed to any known malware family or threat actor group, the analysis revealed that Telegram bots were being used for data exfiltration. This led us to […]

The post How Adversary Telegram Bots Help to Reveal Threats: Case Study  appeared first on ANY.RUN's Cybersecurity Blog.

Russian organizations have become prime targets of a sophisticated malware campaign deploying the Pure malware family, first identified in mid-2022. Distributed via a Malware-as-a-Service (MaaS) model, Pure malware allows cybercriminals to purchase and deploy it with ease. While the campaign began in March 2023, the first third of 2025 witnessed a staggering fourfold increase in […]

The post Hackers Use Weaponized RAR Archives to Deliver Pure Malware in Targeted Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

​

The post The Sting of Fake Kling: Facebook Malvertising Lures Victims to Fake AI Generation Website appeared first on Check Point Research.

To meet today’s complex security requirements, organizations need solutions that are not only secure, but also practical and scalable. The Swissbit iShield Key 2 offers a compelling answer by combining two critical security functions – digital authentication and physical access control – into a single, streamlined device. One key, double protection The Swissbit iShield Key 2 uniquely combines phishing-resistant digital authentication with physical access control. It enables enterprises and public authorities to secure operating systems, … More →

The post Product showcase: Secure digital and physical access with the Swissbit iShield Key 2 appeared first on Help Net Security.

State and local governments must grapple with resource constraints even as they face increased demand for cybersecurity vigilance to protect critical infrastructure and essential services. Here’s how exposure management can help.

State and local governments play a crucial role in the daily lives of communities, including managing the critical infrastructure we rely on every day, such as water systems, transportation networks, power grids, and emergency services. These institutions are on the front lines of delivering and safeguarding these essential services. A successful cyber attack on even a small municipality can disrupt daily operations, compromise sensitive data and threaten public safety.

As digital threats grow more advanced and persistent, protecting state and local systems is no longer just a technical issue, it is a fundamental part of securing the nation’s most vital functions. To address this growing challenge, state and local governments need comprehensive statewide cybersecurity strategies aligned with recognized cybersecurity best practices and standards, sustainable funding and coordinated support to defend against ever evolving threats.

As frontline operators of critical infrastructure, state and local governments face an increasingly complex and evolving cyber threat landscape. For example, in 2023, Volt Typhoon, a state-sponsored threat actor backed by the People’s Republic of China (PRC), launched a prolonged cyber attack against the Littleton Electric Light and Water Departments (LELWD) in Massachusetts. This marked the first known strike on a U.S. power utility by the group. The group targeted the utility’s operational technology (OT) infrastructure in an attempt to exfiltrate sensitive data. While LELWD was able to detect and contain the breach, the incident underscored the increasing sophistication of nation-state cyber threats and the serious risks they pose to essential services. This attack was not an isolated incident but part of a broader pattern of cyber espionage and disruption orchestrated by Volt Typhoon, which continues to target U.S. critical infrastructure.

Additionally, in July 2024, the City of Columbus, Ohio, experienced a significant ransomware attack attributed to the Rhysida group, a foreign threat actor. This breach compromised the personal and financial data of 500,000 residents, including Social Security numbers, bank account details, and other sensitive information. The incident disrupted city services and prompted the city to offer two years of free credit monitoring to affected individuals.

In February 2023, the City of Oakland, California, suffered a ransomware attack by the Play group, which disrupted essential city services and exposed sensitive personnel records, including those of police officers and firefighters. The breach prompted a state of emergency and raised serious concerns about the city's cybersecurity preparedness.

“This increase in activity from advanced persistent threat (APT) actors targeting U.S. critical infrastructure highlights the need for increased vigilance from state and local governments. Since U.S. critical infrastructure is owned and operated by both public sector and private sector organizations, the threat is a concern for government agencies as well as corporate enterprises.”

 — Mark Weatherford, former Deputy Undersecretary for Cybersecurity, U.S. Department of Homeland Security

These incidents are part of a broader and accelerating pattern of cyberattacks targeting municipal governments, highlighting the urgent need for enhanced cybersecurity measures at the local level. 

“This increase in activity from advanced persistent threat (APT) actors targeting U.S. critical infrastructure highlights the need for increased vigilance from state and local governments,” wrote Mark Weatherford, former Deputy Undersecretary for Cybersecurity, U.S. Department of Homeland Security, in a guest blog post for Tenable in November 2024. “Since U.S. critical infrastructure is owned and operated by both public sector and private sector organizations, the threat is a concern for government agencies as well as corporate enterprises.”

In March, the Office of the Director of National Intelligence (ODNI) released its Annual Threat Assessment of the U.S. Intelligence Community, referencing Volt Typhoon and other nation-state cyber threats against critical infrastructure, reinforcing the need for heightened vigilance at the state and local levels.

On March 19, 2025, President Trump released Executive Order (EO) 14239: Achieving Efficiency Through State and Local Preparedness. The goal of the EO is to improve national disaster preparedness and resilience by empowering state and local governments to take a leading role in securing critical infrastructure, including from cyber attacks, while also streamlining and modernizing federal policies to support them more effectively.

The order also emphasizes a shift from a broad "all-hazards" approach to a risk-informed strategy, encouraging smarter investments in infrastructure and calls for the creation of a National Resilience Strategy and a National Risk Register.

While we await guidance and implementation details for Executive Order 14239 on how state and local governments should take a more active role in cyber attack preparedness, there are proactive steps that can be taken now. These include conducting regular risk assessments, adopting basic cyber hygiene practices and implementing a proactive exposure management strategy. By taking action now, even amid uncertainty, state and local entities can begin building the foundation for a more resilient and secure infrastructure.

Despite being on the front lines of managing critical infrastructure, many state and local governments face significant challenges, including limited resources and legacy infrastructure, making it difficult to detect and respond to cyber threats.

As state and local governments take on more responsibility for national disaster preparedness and resilience, including protection against cyber attacks, support from programs like the State and Local Cybersecurity Grant Program (SLCGP) are more vital than ever. SLCGP provides funding to help state, local, tribal and territorial governments develop and implement effective cybersecurity strategies. By funding key initiatives such as mutli-factor authentication, vulnerability management and threat prioritization, SLCGP plays a vital role in strengthening the cybersecurity posture of these governments.

In my testimony before the House Homeland Security Committee’s Cybersecurity and Infrastructure Protection Subcommittee in April, I emphasized the need to continue the SLCGP program and the importance of adopting an exposure management strategy to tackle these threats. During the April 1 hearing, “Cybersecurity is Local, Too: Assessing the State and Local Cybersecurity Grant Program,” I provided analysis on threats facing state and local governments, the impact of SLCGP, improvements that could be made to the program, and how a risk-informed approach is needed to protect state infrastructure, including critical infrastructure, from cyber attacks.

Exposure management is aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 and supports a more strategic risk-informed approach to cybersecurity, continuously assessing the accessibility, exploitability and criticality of all digital assets, including the operational technology used in critical infrastructure. By implementing an exposure management strategy, state and local governments will be better equipped to secure their environments in the face of constant cyber threats and campaigns from nation-state attackers. This proactive approach helps state and local governments improve operational efficiency, reduce costs, protect against emerging threats and ensure that critical systems and services remain secure and uninterrupted.

An exposure management strategy relies on a technology platform that enables the discovery and aggregation of asset data across your entire external and internal attack surface. Seemingly elusive assets in cloud, IT, operational technology (OT), internet of things (IoT), identities and applications will show up in a holistic view of the attack surface. An exposure management platform will detect the three preventable forms of risk attackers use to gain initial access and move laterally: vulnerabilities, misconfigurations and excessive privileges. The platform will aggregate findings by asset then normalize them to calculate an overall risk score that enables security teams to quickly identify the assets that pose the greatest potential risk to your organization. An exposure management platform shares the detailed asset, identity and risk relationship information it discovers and maintains in its asset inventory. You’ll be able to see high-risk assets and, more importantly, you’ll be able to see all related attack paths that lead to that asset.

State and local governments are under pressure to improve efficiency, reduce costs and do more with less, while securing essential systems against cyber attacks. Tenable One enables you to take a proactive, risk-informed approach, prioritizing the most critical cyber risks to avoid costly incidents and keep services running. Here are three ways the Tenable One Exposure Management Platform can help.

1. Protect critical infrastructure. Tenable One provides complete visibility into both your IT and OT environments so your agency can protect essential systems like water, energy, and transportation. From real-time threat detection to prioritized remediation, Tenable helps your security team quickly identify and respond to risks before they disrupt public services or compromise safety.
2. Increase efficiency and effectiveness. Tenable One helps your team work smarter by unifying visibility across your entire environment, including cloud, on-prem, identity and OT/IoT systems, eliminating silos and reducing manual effort. With automated asset discovery, risk-based prioritization and machine learning-driven insights, your team can cut through the noise, focus on what matters most and proactively reduce the attack surface.
3. Reduce costs. With Tenable One, you can consolidate security tools into a single platform, cutting down on unnecessary spending and complexity. By proactively identifying and closing high-risk exposures, you can mitigate the financial and operational consequences of data breaches, system outages and compliance violations.

For more information on how Tenable One can help state and local governments:

• Review Securing critical infrastructure: Enhancing cyber resilience with a risk-based approach for state and local governments

Watch our on-demand webinar How State and Local Governments Can Boost Cyber Resilience with Exposure Management