Clik here to view.
Forecasting the Cyber Threat Landscape: What to Expect in 2023
In a blink of an eye, 2023 is upon us. As we bid farewell to another record-breaking year of increased disclosed vulnerabilities, ransomware incidents, phishing scams, data breaches, and crypto...
View ArticleClik here to view.
Secure Your Holidays: The Case of Qakbot and Black Basta
On the eve of Christmas, a suspected Black Basta affiliate conducted a ‘quick and dirty’ attack on a global client, lending insight into the opportunistic targeting of victims during holiday downtime...
View ArticleClik here to view.
Bug Bounty Programs – a Public Good that is a Necessity for Corporates, SMEs,...
As the cyber threat landscape continues to evolve and threat actors increasingly target vulnerable external-facing assets, bug bounties present organizations with an opportunity to proactively...
View ArticleClik here to view.
Cyber Literacy in Hong Kong – a Public Good to Bridge the Talent Gap and...
As the global cyber threat landscape continues to evolve, defenders will continue to play catch-up by finding ways to prevent, detect, respond and recover from cyber-attacks. However, we need to...
View ArticleClik here to view.
MOVEit Cl0p, You’re Not the Only One
In Q3 2023, PwC’s Dark Lab responded to two incidents derived from exploitation of the zero-day vulnerability in Progress’ MOVEit File Transfer solution. Whilst exploitation of the zero-day is widely...
View ArticleClik here to view.
Watch Out for the Adversary-in-the-Middle: WhatsApp QR Code Hijacking Targets...
PwC’s Dark Lab investigates the local WhatsApp account hijacking attacks, uncovering multiple campaigns targeting Hong Kong and Macau consumers. Over the last few months, the community has seen a...
View ArticleClik here to view.
Watch Out for the Adversary-in-the-Middle: Multi-Stage AiTM Phishing and...
PwC’s Dark Lab recently responded to a Business Email Compromise incident, leading to the discovery of an opportunistic multi-stage Adversary-in-the-Middle campaign. Business Email Compromise (BEC)...
View ArticleClik here to view.
The 2024 Cyber Threat Landscape
2023 saw threat actors relentlessly innovating and specialising to remain sophisticated in speed and scale, through the use of automation intelligence, targeting against supply chains and managed...
View ArticleClik here to view.
Tracking the proxy: a canary-based approach to locate users from...
As we step through a busy season of ransomware, financial scams involving deepfake, and sophisticated phishing campaigns, we continue to witness campaigns targeting enterprise users with...
View ArticleClik here to view.
Petty Thefts in Cybersecurity
The term “data breach” has been engrained into the memories of board level executives to security engineers in the last few years. Typically referring to confidential or sensitive information being...
View Article