A first-person journey from undetected fraud to defending trust—how life events, neurodiversity, and hard-won insight shaped a former fraudster into a fraud fighter.
The post Hacker Conversations: Alex Hall, One-time Fraudster appeared first on SecurityWeek.
SecurityWeek – Read More
The weak RC4 for administrative authentication has been a hacker holy grail for decades.
Security Latest – Read More
The malware hijacks purchase commissions, tracks users, removes security headers, injects hidden iframes, and bypasses CAPTCHA.
The post GhostPoster Firefox Extensions Hide Malware in Icons appeared first on SecurityWeek.
SecurityWeek – Read More
Our experts from the Global Research and Analysis Team (GReAT) have investigated a new wave of targeted emails from the ForumTroll APT group. Whereas previously their malicious emails were sent to public addresses of organizations, this time the attackers have targeted specific individuals — scientists from Russian universities and other organizations specializing in political science, international relations, and global economics. The purpose of the campaign was to infect victims’ computers with malware to gain remote access thereto.
The attackers sent the emails from the address support@e-library{.}wiki, which imitates the address of the scientific electronic library eLibrary (its real domain is elibrary.ru). The emails contained personalized links to a report on the plagiarism check of some material, which, according to the attackers’ plan, was supposed to be of interest to scientists.
In reality, the link downloaded an archive from the same e-library{.}wiki domain. Inside was a malicious .lnk file and a .Thumbs directory with some images that were apparently needed to bypass security technologies. The victim’s full name was used in the filenames of the archive and the malicious link-file.
In case the victim had doubts about the legitimacy of the email and visited the e-library{.}wiki page, they were shown a slightly outdated copy of the real website.
If the scientist who received the email clicked on the file with the .lnk extension, a malicious PowerShell script was executed on their computer, triggering a chain of infection. As a result, the attackers installed a commercial framework Tuoni for red teams on the attacked machine, providing the attackers with remote access and other opportunities for further compromising the system. In addition, the malware used COM Hijacking to achieve persistency, and downloaded and displayed a decoy PDF file, the name of which also included the victim’s full name. The file itself, however, was not personalized — it was a rather vague report in the format of one of the Russian plagiarism detection systems.
Interestingly, if the victim tried to open the malicious link from a device running on a system that didn’t support PowerShell, they were prompted to try again from a Windows computer. A more detailed technical analysis of the attack, along with indicators of compromise, can be found in a post on the Securelist website.
The malware used in this attack is successfully detected and blocked by Kaspersky’s security products. We recommend installing a reliable security solution not only on all devices used by employees to access the internet, but also on the organization’s mail gateway, which can stop most threats delivered via email before they reach an employee’s device.
Kaspersky official blog – Read More
Welcome back to Humans of Talos. This month, Amy chats with Senior Cyber Threat Analyst Lexi DiScola from the Strategic Analysis team. Lexi’s journey into cybersecurity is anything but traditional — she brings a background in political science and French to her work tracking global cyber threats and collaborating with colleagues across continents.
Tune in as Lexi opens up about finding her place in cybersecurity, the unique strengths that come from a non-technical path, and the joys (and challenges) of balancing complex intel analysis with a towering stack of books to be read (TBR) at home.
Amy Ciminnisi: Can you introduce yourself? What do you do here at Talos? What team do you work on, and what does your day-to-day look like?
Lexi DiScola: Sure. I’m on the strategic analysis team here at Talos. I joined about three years ago. What my team does is a whole bunch of things, really, but we focus on tracking and analyzing major trends in the cyber threat landscape. We maintain intelligence sharing relationships with a bunch of private sector and government partners. We conduct regular threat hunting activity in our telemetry and support the Talos Incident Response team. My favorite part is producing written analytical products — logs, intelligence bulletins, threat assessment reports, and our annual Year in Review report, which we just started working on. We’ve kicked into high gear, prepping for the year in review, taking all the data we’ve accumulated and seeing what we can pull out of it. It sounds like a headache to some people, but for us, it’s fun, so we’re looking forward to it.
AC: What made you want to join Talos, and when did you join?
LD: I joined about three years ago this fall. I worked in cyber threat intelligence in a government position before. Because of that experience, I was always aware of Talos’s reputation in this space. When I was looking to shift to the private sector from the government, I knew I’d be working with some of the best of the best here. I knew I wouldn’t be stagnant if I came here. That was my focus in a new position — I always want to be learning and working toward something.
AC: What are your favorite resources for staying up to date with current trends in cybersecurity?
LD: There are multiple sources I look at. OSINT, or open-source intelligence, is a huge tool, especially when focusing on specific countries or nation-state actors. Looking at their local reporting and translating it is super helpful, and looking at competitors’ or cybersecurity researchers’ reporting is also useful. But I really rely on the people I work with. Talos has so many talented people who are always willing to help. At first, I was hesitant to ask questions, but as I got to know people better, I stopped feeling embarrassed. It’s a two-way street. You might feel awkward asking for help, but down the road, they may ask you for help with something you’re an expert in. Asking people and not being afraid or embarrassed has served me well.
Want to see more? Watch the full interview, and don’t forget to subscribe to our YouTube channel for future episodes of Humans of Talos.
Cisco Talos Blog – Read More
Lenovo makes great laptops, but with an extensive catalog of products, it’s hard to find the right device. Here are the best Lenovo laptops I’ve tested.
Latest news – Read More
The startup takes an agentic approach to preventing vulnerability exploitation by uncovering exposure across assets.
The post Dux Emerges From Stealth Mode With $9 Million in Funding appeared first on SecurityWeek.
SecurityWeek – Read More
A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
WeLiveSecurity – Read More
Rapid digitization, uneven cybersecurity know-how, and growing cybercriminal syndicates in the region have challenged law enforcement and prosecutors.
darkreading – Read More
When CISOs ask for budget, they are rarely competing against “no security.” They are competing against growth initiatives, product launches, and cost optimization.
Technical jargon and security metrics often fall flat here. To win the conversation, threat intelligence cannot be framed as more data for analysts. It must be positioned as a business enabler that reduces measurable risk, protects revenue, and accelerates decision-making.
Here are the board-ready cases that connect threat intelligence investments directly to business objectives.
Boards understand one number very well: the cost of a breach. What they often underestimate is how much of that cost comes from late detection.
Reactive security means discovering threats after damage has already begun. By then, costs multiply across downtime, incident response, legal exposure, regulatory fines, and reputational damage.
Threat intelligence changes the equation.
ANY.RUN’s Threat Intelligence Feeds deliver high-fidelity indicators sourced from interactive sandbox analyses of live malware samples and targeted attacks. This expands threat coverage, reduces the likelihood of successful breaches, and directly lowers potential financial impact — turning threat intelligence into a clear ROI driver.
TI Feeds: features and data sources
Threat Intelligence Lookup is another decision-enabling service from ANY.RUN. It is an on-demand searchable database that provides instant access to detailed threat reports, behavioral insights, direct links to sandbox sessions, and contextual connections between IOCs and active campaigns, enabling rapid enrichment during investigations. Instead of asking “What could happen?”, security leaders can answer “What is actively targeting organizations like ours right now?”
See what malware is threatening the organizations from your country and industry right now
Board-level takeaway:
Early detection driven by real-world threat intelligence materially lowers breach impact and recovery costs.
Message pattern: “Investing in threat intelligence reduces our average incident response cost by 60-70% by enabling early detection and prevention. For every major incident we prevent, we save the organization between $1-4 million in direct costs, not including reputational damage and customer trust.”
Board members understand downtime in dollars per minute. For e-commerce platforms, financial services, manufacturing operations, or SaaS providers, every minute of disruption translates directly to lost revenue, damaged customer relationships, and competitive disadvantage. Ransomware attacks alone now cost businesses an average of 25 days of downtime — a strike that many organizations cannot absorb.
Threat intelligence supports resilience by helping organizations:
TI shortens mean time to detect (MTTD) and mean time to respond (MTTR) by providing actionable context during incidents. SOC teams correlate alerts against real-time feeds, quickly identifying and containing threats before they spread.
Threat intelligence supports quick informed decisions impacting KPIs
With ANY.RUN’s feeds, powered by community submissions from thousands of organizations, teams gain immediate access to indicators tied to active global campaigns. This accelerates incident response, limits disruption, and keeps critical systems online preserving revenue and operational momentum.
Board-level takeaway:
Threat intelligence reduces the likelihood that cyber incidents escalate into operational outages or prolonged downtime.
Message pattern: “Our revenue-critical operations represent $X million in daily transactions. Threat intelligence gives us advance warning of attacks targeting our industry, allowing us to prevent disruptions before they impact operations. The cost of this service is equivalent to less than one hour of system downtime.”
Most organizations have already invested heavily in security infrastructure: firewalls, SIEM platforms, EDR solutions, and of course SOC teams. However, tools are only as effective as the intelligence that drives them. Without current threat data, your security stack operates reactively, generating alerts based on generic signatures and outdated indicators.
Threat Intelligence Feeds dramatically amplify the effectiveness of your security investments. Context-rich current threat data transforms them from reactive alert generators into proactive defense mechanisms.
ANY.RUN’s Threat Intelligence Feeds integrate seamlessly with major security platforms through APIs and standard formats like STIX. Your existing tools immediately gain access to millions of current indicators and threat context without requiring additional headcount or infrastructure. Your SOC analysts can make faster, more accurate decisions because they have the context they need at their fingertips.
ANY.RUN integration options
Board-level takeaway:
Threat intelligence ensures security investments are aligned with real, current threats to the business, not theoretical risks.
Message pattern: “We’ve invested $X million in security infrastructure. Threat intelligence feeds cost a fraction of that while potentially doubling the effectiveness of every security tool we’ve already purchased.”
Cybersecurity budgets are under scrutiny, with boards demanding maximum value from every dollar. Overworked SOC teams drowning in alerts waste resources on false positives and low-priority events. Hiring more analysts is expensive, slow, and increasingly unrealistic. Boards want efficiency, not headcount inflation.
Threat intelligence enriches alerts with context, reduces noise, and allows teams to focus on high-risk threats. Pre-filtered, accurate IOCs improve detection rates while lowering analyst burnout.
ANY.RUN’s feeds are designed for exactly this: clean, enriched indicators ready for automation, with low false-positive rates thanks to sandbox-verified data. The result is higher SOC productivity, better resource utilization, and a stronger return on existing security investments.
By feeding curated, high-confidence intelligence directly into detection and response workflows, ANY.RUN’s Threat Intelligence Feeds:
This allows organizations to scale their security posture without scaling payroll.
Board-level takeaway:
Threat intelligence increases SOC productivity, delivering better protection without proportional increases in staffing costs.
Message pattern: “Our SOC team currently handles X,000 alerts monthly with Y analysts at an annual cost of $Z. Threat intelligence increases our team’s effective capacity by 50-70% without adding headcount, delivering better protection while keeping personnel costs stable.”
Regulatory frameworks like GDPR, NIS2, DORA, and SOC 2 don’t just require security controls. They mandate demonstrable due diligence and continuous improvement. Failure to meet these standards results in crippling fines (up to 4% of global revenue under GDPR), potential business restrictions, and loss of customer trust. More importantly, regulators increasingly expect organizations to demonstrate proactive threat awareness and intelligence-driven security practices.
Threat intelligence feeds provide auditable evidence of continuous monitoring, proactive threat hunting, and intelligence-driven security operations. ANY.RUN’s TI Feeds deliver documented indicators of compromise with rich context, enabling your team to demonstrate to auditors that you’re actively monitoring the threat landscape relevant to your industry and geography.
Board-level takeaway:
Threat intelligence provides auditable evidence of proactive monitoring and rapid response capabilities. Non-compliance triggers fines, audits, and reputational damage.
Message pattern: “Threat intelligence isn’t just about preventing attacks — it’s about showing regulators, auditors, and customers that we take our security obligations seriously. This investment protects us from regulatory fines that could reach tens of millions of dollars and positions us favorably during audits and compliance reviews.”
Threat intelligence gives CISOs a way to translate cyber risk into business terms the board understands. It replaces reactive defenses with foresight, guesswork with evidence, and isolated security efforts with a unified, risk-driven strategy.
ANY.RUN’s Threat Intelligence Feeds are built on visibility into real attacker activity observed daily in live malware executions. This means decisions are based on what adversaries are doing now, not what they did months ago. For CISOs, this enables stronger protection. For boards, it delivers confidence that security investments directly support business objectives.
In budget discussions, threat intelligence should not be positioned as “more data.” It should be positioned as business assurance: fewer costly incidents, more efficient operations, and a clearer understanding of cyber risk across the organization.
When CISOs can demonstrate that intelligence-driven security reduces financial impact, protects revenue streams, and scales without ballooning costs, the budget conversation changes. Threat intelligence becomes a strategic pillar of the organization’s risk management program, not a line item to be negotiated away.
As a leading provider of interactive malware analysis and threat intelligence, ANY.RUN is trusted by over 500,000 analysts across 15,000 organizations worldwide. Its solutions enable teams to investigate threats in real time, trace full execution chains, and surface critical behaviors within seconds.
Safely detonate samples, interact with them as they run, and instantly pivot to network traces, file system changes, registry activity, and memory artifacts in ANY.RUN’s Interactive Sandbox. For threat intelligence insights, integrate TI Lookup and TI Feeds supplying enriched IOCs and automation-ready intelligence. No infrastructure maintenance is required.
Start your 2-week trial of ANY.RUN’s solutions →
Because boards fund outcomes, not tools. Threat intelligence helps CISOs demonstrate how security investments reduce financial risk, prevent costly incidents, and support business continuity.
Traditional monitoring reacts to alerts after suspicious activity occurs. Threat intelligence provides context about active attackers, campaigns, and techniques, enabling earlier detection and proactive defense.
It connects cyber activity to measurable business impact, such as reduced breach costs, lower downtime risk, and improved operational efficiency, which are metrics boards understand.
By delivering high-confidence indicators and attacker context, feeds reduce false positives, speed up investigations, and help analysts prioritize alerts that matter most to the business.
It cannot replace people, but it significantly increases analyst productivity. Many organizations use threat intelligence to scale security operations without proportional headcount growth.
Intelligence based on live, observed attacks reflects current adversary behavior. This ensures defenses are aligned with how threats operate today, not outdated assumptions.
Common metrics include faster detection times, fewer high-impact incidents, reduced investigation effort, and improved alignment between security spend and risk exposure.
The post 5 Ways Threat Intelligence Drives SOC ROI: Board-Ready Cases for CISOs appeared first on ANY.RUN’s Cybersecurity Blog.
ANY.RUN’s Cybersecurity Blog – Read More