The Phishing for the News podcast is based on the SecureResearch Daily Intelligence Report. Here is a summary of what we covered in our report:

• INTERPOL conducted a global operation called HAECHI-V, resulting in the arrest of 5,500 individuals connected to financial cybercrimes and the seizure of over $400 million in assets. The operation targeted various cybercrimes, including ransomware, phishing, business email compromise, and online scams.
• CISA issued warnings about multiple vulnerabilities in industrial control systems (ICS). The vulnerabilities could lead to unauthorized access, service disruption, and system compromise. CISA advises organizations to review and apply provided mitigation strategies, keep ICS components updated with the latest security patches, and heighten monitoring of ICS and OT networks.
• CISA added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. The agency also released eight advisories addressing vulnerabilities in ICS and OT environments, emphasizing the importance of securing critical infrastructure.
• CISA and international partners released joint guidance on a PRC-affiliated threat actor compromising the networks of global telecommunications providers. The threat actor aimed to conduct espionage, particularly targeting individuals in government or political activities. The guidance emphasizes the need for network defenders and critical infrastructure organizations to prioritize patching vulnerable devices and services.
• The Australian Signals Directorate (ASD) released a guide for enhancing visibility and fortifying communication network infrastructures. The guide helps network engineers and cybersecurity defenders defend against evolving cyber threats.
• Stoli Group filed for bankruptcy in the U.S. following a ransomware attack and the seizure of Russian assets. The incident highlights the devastating impact of cyberattacks on businesses, and experts recommend robust cybersecurity measures, including incident response planning, employee training, and enhanced data protection.
• The UK's National Crime Agency (NCA) disrupted two Russian money laundering networks used by ransomware groups. This action demonstrates the growing efforts to tackle the financial infrastructure that supports ransomware operations.
• NIST updated its cybersecurity framework, including new guidelines for password security. These changes encourage organizations to adopt more secure password practices to better protect against evolving threats.
• Google and Apple are taking steps to shorten the lifespans of digital certificates to enhance security. Shorter lifespans limit the potential impact of compromised certificates and encourage more frequent updates, making it harder for attackers to exploit them.

For more information in the SecureResearch Daily Cyber Intelligence Brief, email info@secureresearch.com