featured Archives - Velox Systems

Unveiling the Stealth: How Threat Actors Harness Microsoft Graph API for Malicious Intent

In a digital landscape where innovation meets nefarious intent, threat actors have honed their craft, wielding tools like the Microsoft Graph API as a double-edged sword. This sophisticated tactic, highlighted by the Symantec Threat Hunter Team, a division of Broadcom, sheds light on a concerning trend: the exploitation of seemingly benign technologies for malicious ends. […]

Unveiling Social Engineering: Defending Against Digital Deception

In the realm of cybersecurity, alongside the familiar threats of malware and data breaches, lies a cunning adversary: social engineering. This tactic manipulates human psychology to extract sensitive information or gain unauthorized access. Let’s explore what social engineering entails, its common tactics, and how to shield against its deceptive allure. What is Social Engineering? Social […]

CISA Issues Alert: Active Exploitation of Microsoft SharePoint Vulnerability by Hackers

In the dynamic realm of cybersecurity, constant vigilance is essential to mitigate emerging threats. Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) catalog to include a critical security flaw affecting Microsoft SharePoint Server, designated as CVE-2023-24955 with a CVSS score of 7.2, allowing authenticated attackers with Site Owner […]

Cybercriminals Utilizing Well-Known Document Publishing Platforms for Phishing Schemes

Within the rapidly shifting landscape of cyber threats, adversaries are now leveraging Digital Document Publishing (DDP) sites such as FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for phishing, credential harvesting, and session token theft, exploiting the platforms’ favorable reputation, evasion of web filter blocklists, and users’ false sense of security. Craig Jackson from Cisco Talos […]

Ande Loader Malware Sets its Sights on North American Manufacturing Sector

In the ever-evolving landscape of cybersecurity threats, the emergence of Blind Eagle, a financially motivated threat actor utilizing loader malware Ande Loader, highlights the sophistication and adaptability of malicious entities. Targeting Spanish-speaking users in the manufacturing industry across North America via phishing emails laden with RAR and BZ2 archives, Blind Eagle orchestrates a complex infection […]

Microsoft’s Midnight Blizzard Breach: Unraveling the Unprecedented Cybersecurity Threat

In a startling disclosure on Friday, Microsoft unveiled a cyber-security nightmare: the Kremlin-backed threat actor Midnight Blizzard, also known as APT29 or Cozy Bear, successfully breached some of the tech giant’s critical source code repositories and internal systems. This revelation, stemming from a hack in November 2023 that surfaced in January 2024, not only underscores […]

BlackCat Ransomware Group Pulls Off Exit Scam Following a $22 Million Ransom Windfall

In a startling turn of events on March 6, 2024, the notorious BlackCat ransomware threat actors executed an exit scam, shutting down their darknet website and leaving the cybersecurity community in disarray. Security researcher Fabian Wosar revealed the group’s deceptive move, pointing out irregularities in a law enforcement seizure banner. Denying any involvement, the U.K.’s […]

Securing the Digital Frontier: Unraveling the Role of Artificial Intelligence in Cybersecurity

In an era where the digital landscape is constantly under siege by sophisticated cyber threats, the marriage of artificial intelligence (AI) and cybersecurity emerges as a beacon of hope. As cybercriminals employ increasingly advanced techniques, the role of AI in fortifying our defenses becomes not just a technological advancement but a necessity. In this blog, […]

Demystifying Zero Trust: A Paradigm Shift in Cybersecurity

Understanding Zero Trust Gone are the days when perimeter-based security alone could safeguard an organization’s assets. Zero Trust operates on the principle that trust should not be assumed based solely on a user’s location within or outside the network perimeter. Instead, every user, device, and application must be continuously authenticated and authorized, regardless of their […]

The Unseen Guardians: Understanding the Crucial Link Between Physical Security and Cybersecurity

Introduction: In the rapidly evolving landscape of cybersecurity, where digital threats loom large, it’s easy to overlook the importance of physical security. The reality is that physical security plays a pivotal role in safeguarding sensitive information and digital assets. In this blog post, we will explore the often underestimated connection between physical security and cybersecurity […]