Clik here to view.
Bug Bounty Programs – a Public Good that is a Necessity for Corporates, SMEs,...
As the cyber threat landscape continues to evolve and threat actors increasingly target vulnerable external-facing assets, bug bounties present organizations with an opportunity to proactively...
View ArticleClik here to view.
Cyber Literacy in Hong Kong – a Public Good to Bridge the Talent Gap and...
As the global cyber threat landscape continues to evolve, defenders will continue to play catch-up by finding ways to prevent, detect, respond and recover from cyber-attacks. However, we need to...
View ArticleClik here to view.
MOVEit Cl0p, You’re Not the Only One
In Q3 2023, PwC’s Dark Lab responded to two incidents derived from exploitation of the zero-day vulnerability in Progress’ MOVEit File Transfer solution. Whilst exploitation of the zero-day is widely...
View ArticleClik here to view.
Watch Out for the Adversary-in-the-Middle: WhatsApp QR Code Hijacking Targets...
PwC’s Dark Lab investigates the local WhatsApp account hijacking attacks, uncovering multiple campaigns targeting Hong Kong and Macau consumers. Over the last few months, the community has seen a...
View ArticleClik here to view.
Watch Out for the Adversary-in-the-Middle: Multi-Stage AiTM Phishing and...
PwC’s Dark Lab recently responded to a Business Email Compromise incident, leading to the discovery of an opportunistic multi-stage Adversary-in-the-Middle campaign. Business Email Compromise (BEC)...
View ArticleClik here to view.
The 2024 Cyber Threat Landscape
2023 saw threat actors relentlessly innovating and specialising to remain sophisticated in speed and scale, through the use of automation intelligence, targeting against supply chains and managed...
View ArticleClik here to view.
Tracking the proxy: a canary-based approach to locate users from...
As we step through a busy season of ransomware, financial scams involving deepfake, and sophisticated phishing campaigns, we continue to witness campaigns targeting enterprise users with...
View ArticleClik here to view.
Petty Thefts in Cybersecurity
The term “data breach” has been engrained into the memories of board level executives to security engineers in the last few years. Typically referring to confidential or sensitive information being...
View ArticleClik here to view.
Forecasting the Cyber Threat Landscape: What to Expect in 2025
2024 marked a pivotal shift in the cyber threat landscape, with threat actors increasingly experimental, yet intentional in their approaches to cyberattacks. Leveraging new and emerging technologies...
View ArticleClik here to view.
Ransomware’s Uneven Playing Field: Re-Thinking Protection and Detection from...
Recently, Dark Lab attended a conference to present the lessons learnt from ransomware incidents impacting small and medium enterprises (“SMEs”), and how these lessons learnt can help us find...
View Article