Red Teaming | Breaking Cybersecurity News | The Hacker News

We've been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation , predicting that by 2030, 375 million workers would need to find new jobs or risk being displaced by AI and automation. Queue the anxiety.  There have been ongoing whispers about what roles would be impacted, and pentesting has recently come into question. With AI now able to automate tasks such as vulnerability scans and network scans—among other things—and with platforms like PlexTrac adding AI capabilities to cut back on the manual effort, will pentesters be out of a job? Let's start with some optimism. This year, McKinsey retracted its former prediction that 375 million workers would be displaced by AI, lowering the prediction to roughly 92 million workers. The article continued to ease concern stating that although some jobs may become obsolete, it's more likely that jobs will simply unde...

Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs' Red Report 2025 which analyzed over one million malware samples, there's been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a larger and larger role, the latest data suggests that a set of well-known tactics, techniques, and procedures (TTPs) are still dominating the field. The hype around artificial intelligence has certainly been dominating media headlines; yet the real-world data paints a far more nuanced picture of which malware threats are thriving, and why. Here's a glimpse at the most critical findings and trends shaping the year's most deployed adversarial campaigns and what steps cybersecurity teams need to take to respond to them. Why the AI Hype is Falling Short…at Least For Now While headl...

Cyber threats are intensifying, and cybersecurity has become critical to business operations. As security budgets grow, CEOs and boardrooms are demanding concrete evidence that cybersecurity initiatives deliver value beyond regulation compliance. Just like you wouldn't buy a car without knowing it was first put through a crash test, security systems must also be validated to confirm their value. There is an increasing shift towards security validation as it allows cyber practitioners to safely use real exploits in production environments to accurately assess the efficiency of their security systems and identify critical areas of exposure, at scale. We met with Shawn Baird, Associate Director of Offensive Security & Red Teaming at DTCC, to discuss how to effectively communicate the business value of his Security Validation practices and tools to his upper management. Here is a drill down into how Shawn made room for security validation platforms within his already tight budget an...

Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos. The program in question is a payload generation framework called MacroPack , which is used to generate Office documents, Visual Basic scripts, Windows shortcuts, and other formats for penetration testing and social engineering assessments. It was developed by French developer Emeric Nasi. The cybersecurity company said it found artifacts uploaded to VirusTotal from China, Pakistan, Russia, and the U.S. that were all generated by MacroPack and used to deliver various payloads such as Havoc, Brute Ratel , and a new variant of PhantomCore , a remote access trojan (RAT) attributed to a hacktivist group named Head Mare. "A common feature in all the malicious documents we dissected that caught our attention is the existence of four non-malicious VBA subroutines," Talos researcher Vanja Svajcer said . "These subroutines appeared...

Want to know what's the latest and greatest in SecOps for 2024? Gartner's recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year's report: Threat Exposure Management, Exposure Assessment Platforms (EAP), and Adversarial Exposure Validation (AEV). These category definitions are aimed at providing some structure to the evolving landscape of exposure management technologies. Pentera, listed as a sample vendor in the newly defined AEV category, is playing a pivotal role in increasing the adoption of CTEM, with a focus on security validation. Following is our take on the CTEM related product categories and what they mean for enterprise security leaders. The Industry is Maturing CTEM, coined by Gartner in 2022, presents a structural approach for continuously assessing, prioritizing, validating, and remediating expo...

What is Continuous Attack Surface Penetration Testing or CASPT? Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization's digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an evolving attack surface where periodic pentesting is no longer sufficient. Unlike traditional penetration testing, which is often performed annually or semi-annually, CASPT is an ongoing process that integrates directly into the software development lifecycle (SDLC), ensuring that vulnerabilities are discovered and addressed in real-time or near-real-time. CASPT is a proactive security measure designed to stay ahead of potential attackers by continuously evaluating the security posture of an organization. It enables security teams to identify critical entry points that could be exploited b...

The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell. The development marks the first time the adversary has been observed using the red teaming software, the Knownsec 404 Team said in an analysis published last week. The activity cluster, also called APT-C-09, Dropping Elephant, Operation Hangover, Quilted Tiger, and Zinc Emerson, is a state-sponsored actor likely of Indian origin. Known for conducting spear-phishing and watering hole attacks against China and Pakistan, the hacking crew is believed to be active since at least 2009, according to data shared by Chinese cybersecurity firm QiAnXin. Last July, Knownsec 404 disclosed details of an espionage campaign aimed at universities and research organizations in China that leveraged a .NET-based implant codenamed EyeShell to fetch and execute commands from an attacker-controlled ...

A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the Cobalt Strike tool.  The crackdown targeted older, unlicensed versions of the Cobalt Strike red teaming framework between June 24 and 28, according to Europol. Of the 690 IP addresses that were flagged to online service providers in 27 countries as associated with criminal activity, 590 are no longer accessible. The joint operation, which commenced in 2021, was led by the U.K. National Crime Agency (NCA) and involved authorities from Australia, Canada, Germany, the Netherlands, Poland, and the U.S. Officials from Bulgaria, Estonia, Finland, Lithuania, Japan, and South Korea provided additional support. Cobalt Strike is a popular adversary simulation and penetration testing tool developed by Fortra (formerly Help Systems), offering IT security experts a way to identify weaknesses in secur...

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Mana...

Microsoft has released an open access automation framework called  PyRIT  (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI) systems. The red teaming tool is designed to "enable every organization across the globe to innovate responsibly with the latest artificial intelligence advances," Ram Shankar Siva Kumar, AI red team lead at Microsoft,  said . The company said PyRIT could be used to assess the robustness of large language model (LLM) endpoints against different harm categories such as fabrication (e.g., hallucination), misuse (e.g., bias), and prohibited content (e.g., harassment). It can also be used to identify security harms ranging from malware generation to jailbreaking, as well as privacy harms like identity theft. PyRIT comes with five interfaces: target, datasets, scoring engine, the ability to support multiple attack strategies, and incorporating a memory component that can either take ...