Author: HackWatchit

RansomHub emerges as a major ransomware threat in 2024, targeting 600 organizations after ALPHV and LockBit disruptions. Group-IB reveals its rapid rise in cybercrime. Group-IB’s latest research, shared exclusively with Hackread.com, highlights the sudden rise of ransomware-as-a-service operations, with one group being very active in this domain, identified as RansomHub. Emerging in early 2024, RansomHub quickly established itself as a major player, capitalizing on the disruption of other prominent groups like ALPHV and LockBit. Group-IB’s investigation reveals that RansomHub strategically advertises its partnership program on underground forums like the RAMP forum, actively recruiting affiliates from disbanded ransomware operations, which helps…

For less than the cost of a latte and in under 10 minutes, scammers today can create shockingly convincing deepfake videos of anyone: your mom, your boss, or even your child. Imagine receiving a video call from your mom asking to borrow money for an emergency, or getting a voicemail from your boss requesting urgent access to company accounts. These scenarios might seem straightforward, but in 2025, they represent a growing threat: deepfake scams that can be created for just $5 in under 10 minutes. According to McAfee’s latest “State of the Scamiverse” report, deepfake scams have become an everyday…

The US Federal Bureau of Investigation (FBI) has just published an official public service announcement headlined with with a very specific warning: Cybercriminals Targeting Victims through Mobile Beta-Testing Applications. The Feds didn’t go as far as naming any specific vendors or services here, but one of the main reasons that crooks go down the “beta-testing” route is to lure users of Apple iPhones into installing software that didn’t come from the App Store. (We’re guessing that explicitly naming Apple would not only be a bit unfair, but might also give a false sense of security to anyone who doesn’t have…

Having served on the MITRE.org CVE (OVAL) advisory board, I have spent years analyzing vulnerabilities and how they impact global cybersecurity. The challenge has always been prioritization—how do we determine which threats are most critical before they are exploited? Traditional vulnerability scoring systems, while useful, often fail to provide the necessary context for real-world threat mitigation. That’s why I’m so impressed with the Exploit Prediction Scoring System (EPSS), an initiative by FIRST.org designed to bring predictive analytics into vulnerability management. Many thanks go to CISO Bob Steron of Interactions for pointing out EPSS to me and our readers. The Evolution…

Introduction Data science is undoubtedly one of the most fascinating fields today. Following significant breakthroughs in machine learning about a decade ago, data science has surged in popularity within the tech community. Each year, we witness increasingly powerful tools that once seemed unimaginable. Innovations such as the Transformer architecture, ChatGPT, the Retrieval-Augmented Generation (RAG) framework, and state-of-the-art Computer Vision models — including GANs — have had a profound impact on our world. However, with the abundance of tools and the ongoing hype surrounding AI, it can be overwhelming — especially for beginners — to determine which skills to prioritize when aiming for a career in data science. Moreover, this field is…

You know that “Hi, how are you?” text from a stranger? It’s one of the top scams worldwide—right along with those fake delivery notices that try to reel you in a scam site with a fishy link. Now you have extra protection against them and all other kinds of scams with our new McAfee Scam Detector. The time’s right for it too. Those scam stats above came from our latest research, which also uncovered just how often people get hit with scams and how costly they can be. 59% of Americans said they or someone they know has fallen for…

This year’s S4x25 in Tampa was not just another industry event—it was a turning point for the industrial cybersecurity community. Over the course of three intense days (plus a pre-event day at BSidesICS), I had the privilege of engaging in 33 meetings and attending 12 dedicated sessions. The collective message was clear: our industry is transitioning from simply achieving visibility to implementing actionable, risk-mitigating security measures. A New Venue, A New Perspective Tampa’s sprawling, six-floor venue set the stage for an experience that was as challenging as it was inspiring. While the unconventional layout initially tested our navigational skills, it…

Lawmakers continue to probe whether Elon Musk and his DOGE team are breaching security and privacy protocols meant to protect sensitive federal data. In a Feb. 6 letter to six agency inspectors general, Democrats on the House Committee on Oversight and Government Reform point to multiple media reports about Musk and his team from the newly renamed U.S. DOGE Service accessing Treasury payment data, Social Security Administration information and other sensitive data across federal networks. “These reports raise serious questions about the security protocols in place to safeguard sensitive government information and the potential for unauthorized access and misuse by…

This webcast was originally published on November 8, 2024. In this video, Hayden Covington discusses the detection engineering process and how to apply the scientific method to improve the quality of detections. The discussion includes the steps involved in creating a high-quality detection, such as research, query building, backtesting, and continuous improvement. Hayden emphasizes the importance of structured processes, documentation, and the role of passion and enthusiasm in cybersecurity work. Detection engineering involves applying the scientific method to enhance the quality and consistency of detections. The process of creating a high-quality detection includes steps such as defining a detection story,…