A hacking group, named as GamaCopy, has been imitating the tactics of the Russia-linked threat actor Gamaredon to target Russian-speaking victims, according to research by Chinese cybersecurity firm Knownsec.
GamaCopy’s latest campaign employed phishing documents disguised as reports on Russian armed forces’ locations in Ukraine, along with the open-source software UltraVNC for remote access.
However, while GamaCopy mirrors many techniques used by Gamaredon, researchers identified notable differences. For example, GamaCopy primarily uses Russian-language victims, whereas Gamaredon typically targets Ukrainian speakers. Additionally, GamaCopy’s use of UltraVNC represents a unique element in its attack chain.
Since June 2023, GamaCopy has targeted Russia’s defense and critical infrastructure sectors. However, the group is believed to have been active even earlier, i.e. since August 2021. Knownsec’s analysis suggests that GamaCopy’s operations are part of a deliberate false-flag campaign and links the group to another state-sponsored actor known as Core Werewolf, which has similarly targeted Russian defense systems since 2021.
This discovery follows recent reports of other hacker groups, conducting cyber-espionage campaigns against Russian entities, highlighting the increasing complexity and state-backed nature of these threats.
The Trump administration has terminated all members of the Cyber Safety Review Board (CSRB), along with the Cybersecurity and Infrastructure Agency’s Cybersecurity Advisory Committee and other Department of Homeland Security (DHS) advisory panels. This move has halted the investigation into hacking group Salt Typhoon’s cyberattack on US telecommunications firms, raising significant concerns among cybersecurity advocates, according to CyberScoop.
While Acting DHS Secretary Benjamin Huffman suggested that outgoing members could reapply for their positions, the decision has faced criticism from lawmakers and experts. Representative Bennie Thompson (D-Miss.), of the House Homeland Security Committee, warned that this decision could delay the Salt Typhoon probe, which he emphasised must be ‘completed expeditiously.’
Cybersecurity expert Kevin Beaumont argued that dismantling the CSRB could shield Microsoft from accountability over security lapses tied to a separate Chinese hacking incident. Meanwhile, Jake Williams of IANS Research highlighted the broader implications of this decision, stating that removing such panels could undermine US national security.
However, House Homeland Security Chair Mark Green (R-Tenn.) defended the move, stating it offers the Trump administration an opportunity to appoint new members or reevaluate the mission of the CSRB for more effective oversight.
An agreement signed between Iran and Russia last week outlines commitments to enhance military, security, cyber and technological cooperation between the two nations. The comprehensive strategic partnership agreement, signed in Moscow by Russian President Vladimir Putin and Iranian President Masoud Pezeshkian, seeks to deepen bilateral relations and includes specific provisions for cooperation in cybersecurity and internet regulation.
The agreement aims to counter the use of information and communication technologies for criminal activities and includes plans to exchange expertise on managing national internet infrastructure. The text also adds that two countries will ‘promote the establishment of a United Nations-led system for ensuring international information security and the creation of a legally binding regime for the prevention and peaceful resolution of conflicts, based on the principles of sovereign equality and non-interference in the internal affairs of states’.
The agreement emphasises strengthening sovereignty and state-centric approach to international information security and internet governance. Other key commitments on cybersecurity also include:
Expanding joint efforts to combat the criminal misuse of ICTs, exchanging expertise, and promoting sovereignty in the international information domain.
Advocating for the internationalization of internet governance, equal rights for states in managing internet segments, and rejecting limitations on national sovereignty in regulating and securing the internet.
Enhancing sovereignty through regulating global ICT companies, sharing expertise on internet management, developing ICT infrastructure, and advancing digital development.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released detailed guidance aimed at software manufacturers to enhance security across the product lifecycle. This document applies to all software products and services, including on-premises software, cloud services, Software as a Service (SaaS), operational technology (OT), and embedded systems. While non-binding, the guidance encourages manufacturers to adopt secure-by-design principles and reduce risks for their customers by avoiding specific bad practices.
The guidance reflects feedback from 78 public comments and introduces three new bad practices:
Using known insecure or outdated cryptographic functions.
Hardcoded credentials.
Insufficient product support periods.
Updates also include:
Enhanced context on memory safety and multi-factor authentication (MFA), particularly for OT products.
New examples of actions to prevent SQL injection and command injection vulnerabilities.
Clear timelines for addressing Known Exploited Vulnerabilities (KEVs).
Some of the recommendation actions to software manufacturers specifically address the critical infrastructure protection. For instance, Software manufacturers are urged to:
Prevent command injection vulnerabilities: Use library functions, sanitize inputs with restrictive allowlists, and delineate command inputs.
Eliminate default passwords: Implement instance-unique, random passwords; enforce secure credentials during setup; and support phishing-resistant MFA.
Patch Known Exploited Vulnerabilities (KEVs): Issue free patches within 30 days of a KEV’s inclusion in CISA’s catalog and communicate risks to users.
Support Open Source Software(OSS): Contribute responsibly and sustainably to open-source projects relied upon.
By following this guidance, manufacturers signal their commitment to customer security and contribute to a safer software ecosystem.
LinkedIn, owned by Microsoft, faces a class-action lawsuit from its Premium customers who allege that the platform improperly shared their private messages with third parties to train AI models. The lawsuit alleges that LinkedIn introduced a new privacy setting last August that allowed users to control the sharing of their data, yet failed to adequately inform them about the use of their messages for AI training.
Customers claim that a stealthy update to LinkedIn’s privacy policy on 18 September outlined this data usage, while also stating that opting out of data sharing would not prevent past training from being utilised.
The plaintiffs, representing millions of Premium users, seek damages for breaches of contract and violations of California’s unfair competition laws. In addition, they demand compensation of $1,000 for each individual affected by alleged violations of the federal Stored Communications Act. The lawsuit highlights concerns over the potential misuse of customer data, asserting that LinkedIn deliberately obscured its practices to evade scrutiny regarding user privacy.
LinkedIn has denied the allegations, stating that the claims lack merit. The legal action arose just hours after President Donald Trump announced a significant AI investment initiative, backed by Microsoft and other major companies. In San Jose, California, the case has been filed as De La Torre v. LinkedIn Corp in the federal district court.
With privacy becoming an increasingly crucial issue, the implications of this lawsuit could resonate throughout the tech industry. Customers are scrutinising platforms’ commitments to safeguarding personal information, especially in the context of rapidly evolving AI technologies.
CTM360, a Bahrain-based cybersecurity platform, has partnered with the ISACA Singapore Chapter to enhance Singapore’s cybersecurity landscape. By signing a Memorandum of Understanding (MoU) during the first members’ event of 2025, this collaboration aims to elevate cybersecurity through capacity development, professional development, and fostering a culture of knowledge exchange.
The partnership focuses on hosting joint events, training programs, and workshops designed to advance cybersecurity expertise, support certification advancements, and develop innovative strategies to address evolving cyber threats. By combining their expertise, both organisations are working to enhance cybersecurity ecosystem in Singapore and equip professionals with the tools required to tackle modern challenges, ensuring cybersecurity remains a priority across industries.
The collaboration reflects a shared commitment to creating meaningful opportunities for professional growth and strengthening the cybersecurity community. It underscores the importance of equipping professionals with the necessary knowledge and tools to thrive in a rapidly evolving digital landscape.
The partnership also aims to drive impactful initiatives, promoting a safer and more resilient digital environment through collective responsibility and a focus on addressing current and future cyber threats.
China’s foreign ministry stated on Monday that companies should make independent decisions regarding their business operations and agreements. The remarks came in response to United States President-elect Donald Trump’s proposal requiring 50% US ownership of TikTok.
The proposed ownership demand has reignited tensions over the popular social media app, owned by Chinese company ByteDance, as US officials continue to express concerns over national security and data privacy. Chinese officials have consistently emphasised the importance of allowing businesses to operate without undue government interference.
TikTok, which boasts millions of users worldwide, has faced scrutiny in several countries over its links to China. The foreign ministry’s statement highlights Beijing’s stance that such matters should remain in the hands of corporations rather than being dictated by political decisions.
Former Meta Platforms COO Sheryl Sandberg has been sanctioned by a Delaware Chancery Court judge for deleting emails linked to the Cambridge Analytica privacy scandal, despite orders to preserve them. Judge Travis Laster determined that Sandberg used a personal email account under a pseudonym to erase messages potentially relevant to a shareholder lawsuit. The sanctions are likely to complicate her defence in the trial set for April, and she has been ordered to cover shareholders’ expenses related to the motion.
The lawsuit, filed in 2018, accuses Facebook’s leadership of harming investors by violating a 2012 Federal Trade Commission consent order to protect user data. Shareholders also allege the company paid a $5 billion fine in 2019 to shield founder Mark Zuckerberg from personal liability. Zuckerberg is expected to face a second deposition before the non-jury trial begins. Sandberg has argued that her email deletions did not affect critical evidence, claiming that relevant messages were often copied to others.
Judge Laster criticised the deletions, stating they likely erased the most sensitive communications. The court also considered similar allegations against Jeffrey Zients, a former Meta board member, but deemed his deleted emails less significant as he joined after the Cambridge Analytica scandal emerged. The case has been described by Laster as involving “wrongdoing on a truly colossal scale,” with significant implications for accountability in corporate governance.
Jobseekers are being targeted by a sophisticated scam that disguises malware as interview invitations. Masquerading as legitimate offers, these fraudulent emails claim to originate from reputable companies like CrowdStrike, a cybersecurity firm. However, the links they contain redirect victims to malicious websites, leading to the download of cryptomining software.
The malware, once installed, hijacks a computer’s CPU and GPU to mine cryptocurrency. This process severely degrades system performance, causing unresponsiveness, overheating, and increased energy consumption. The software also runs covertly, making it challenging to detect until significant harm is done.
CrowdStrike has acknowledged the scam, urging jobseekers to verify recruitment emails and avoid downloading files from unknown sources. Experts advise using robust antivirus software and remaining vigilant against unsolicited links or downloads during the job application process.
As cybercriminals continually innovate, individuals must exercise caution online. Even scams aimed at exploiting system resources can pave the way for far more invasive attacks, including financial theft and personal data breaches.
A new report from the European Court of Auditors (ECA) highlights progress in tackling unjustified geo-blocking in the EU but calls for stronger enforcement and expanded regulations. Geo-blocking, which restricts online access to goods and services based on nationality or location, was targeted by a 2018 regulation aimed at ensuring fairer treatment in the EU Single Market. However, the ECA found that inconsistent enforcement has left many consumers unprotected.
The report reveals significant disparities in penalties for non-compliance, ranging from minor fines of €26 in some countries to €5 million or even criminal liability in others. These gaps, combined with limited awareness among consumers and traders about available support, have undermined the regulation’s effectiveness. Key exemptions for sectors like audiovisual services—such as streaming platforms and TV distribution—are also causing frustration, with calls to broaden the regulation’s scope during its 2025 review.
Ildikó Gáll-Pelcz, the ECA member responsible for the audit, warned that geo-blocking continues to restrict consumer choices and fuel dissatisfaction. In response, the European Commission has welcomed the findings, signalling potential reforms, including stricter enforcement mechanisms and exploring ways to address challenges tied to copyright practices. The Commission has committed to factoring the report into its upcoming evaluation of the regulation.
