cybersecurity Archives - MASSIVE News

Your smart home can be easily hacked. New safety standards will help, but stay vigilant

wiredgorilla — Mon, 23 Mar 2026 01:26:11 +0000

On a quiet suburban street, a modern Australian home wakes before its owners do.

The lights turn on automatically, the thermostat adjusts to a comfortable temperature, and the coffee machine begins brewing. A doorbell camera watches the front yard, a baby monitor streams live footage to a parent’s phone, and a smart speaker waits for its next command.

This is the promise of the smart home: convenience, efficiency and peace of mind.

But behind this smooth experience is a hidden risk: every connected device can also be a way for cyber attackers to get in.

The Australian government has responded by introducing minimum security standards for smart devices to better protect households in this increasingly connected world.

These standards recently took effect. So what’s in them? And are they sufficient to keep people safe?

Starting with manufacturers

From my experience working in cybersecurity, I’ve seen that security risks start from manufacturers themselves.

Many smart devices are not designed with security as a priority. Manufacturers often focus on keeping costs low, releasing products quickly, and making them easy to use. Security is treated as an afterthought.

For example, many devices arrive with weak default passwords such as “admin” or “1234”, which users rarely change. This creates an easy opportunity for attackers to gain access.

The Mirai botnet attack in 2016 clearly demonstrated the risks. In this case, hundreds of thousands of insecure devices such as doorbell cameras were hijacked to launch massive “distributed denial-of-service” (DDoS) attacks. This is a type of cyber attack where many computers or devices are used together to overwhelm a website, server, or network with traffic, so it becomes slow or completely unavailable to legitimate users.

More recent research has shown smart home devices can be exploited not only to disrupt systems but also to spy on households. In some cases, strangers have accessed baby monitors, and poorly secured cameras have exposed private footage online.

Another major issue is the lack of regular software updates.

Many low-cost or older devices don’t receive ongoing security patches, which means known software vulnerabilities remain open indefinitely. Attackers actively scan the internet for such devices, exploiting weaknesses at a large scale. Cloud-connected and AI-enabled systems amplify risks.

The consequences of these weaknesses go beyond individual households. Compromised devices can be used as part of larger cyber attacks, forming botnets that target critical infrastructure or businesses.

In effect, an insecure smart lightbulb or camera can become a building block in global cyber crime operations.

What are the new standards?

In response to these growing threats, the Australian government has begun introducing mandatory minimum security standards for connected devices.

These standards took effect earlier this month. They aim to establish a baseline level of protection across all products entering the market.

While the details of these standards may evolve, the key ideas are clear.

First, devices must not use universal default passwords. Each device should either require users to create a unique password during setup or be shipped with a unique credential.

Second, manufacturers must provide a clear vulnerability disclosure policy, allowing security researchers to report issues responsibly.

Third, there must be transparency around how long a device will receive security updates, so consumers can make informed decisions.

These changes shift some responsibility from users to manufacturers. Instead of expecting consumers to fix security problems themselves, devices must be designed to be safer from the start.

In practice, this means fewer vulnerabilities and greater accountability across the industry.

Regulation alone isn’t enough

However, regulation alone is not enough. Household behaviour still plays a critical role in maintaining security. Fortunately, some of the most effective steps are simple.

Changing default passwords to strong, unique ones is one of the most important steps. A strong password should be long, complex and not reused across multiple devices or accounts.

Enabling multi-factor authentication wherever possible adds a second layer of defence, making it significantly harder for attackers to gain access.

Regularly updating device firmware, also known as “software for hardware”, is equally important. Firmware updates often include patches for newly discovered vulnerabilities, and delaying them leaves devices exposed.

Users should also consider their home network design. Placing smart devices on a separate network, such as a guest wifi, can help isolate them from more sensitive information on personal or work devices.

Finally, choosing reputable manufacturers matters. Companies with a strong track record of providing ongoing security updates and transparent policies are generally safer choices than unknown or low-cost alternatives.

Smart homes are becoming an integral part of everyday life, and their benefits continue to grow. But as intelligence and automation expand, convenience must not come at the expense of security and trust.

With stronger standards, better-designed devices and more informed users, it is possible to enjoy the benefits of smart homes without exposing ourselves to unnecessary cyber risks.

The post Your smart home can be easily hacked. New safety standards will help, but stay vigilant appeared first on MASSIVE News.

Tycoon2FA Phishing-as-a-Service Platform Persists Following Takedown

wiredgorilla — Sat, 21 Mar 2026 18:00:07 +0000

On March 4, 2026, Europol announced the technical disruption of Tycoon2FA, a subscription-based phishing-as-a-service (PhaaS) platform that enabled cybercriminals to bypass multifactor authentication (MFA) and compromise email accounts. Law enforcement authorities from six countries worked with industry partners to seize 330 domains that formed the platform’s core infrastructure.

Infrastructure takedowns are a challenging and important aspect of adversary disruption and a centerpiece of law enforcement and private sector cooperation in cybersecurity. In situations where direct physical enforcement actions such as arrests are infeasible, disrupting bad actors’ operational means can often be the most efficacious and direct way to impose costs on criminals who otherwise act with relative impunity. Nonetheless, law enforcement bodies and their industry partners often go into these technically complicated efforts knowing full well that adversaries are resilient and will likely ultimately overcome or circumvent technical disruptions and reemerge as threats once again.

CrowdStrike applauds Europol and its partners in their disruption efforts against Tycoon2FA. CrowdStrike has often joined law enforcement partners in conducting similar disruption efforts and will continue to do so in the future. As a part of this collaborative spirit, CrowdStrike also stands ready to help provide visibility into the efficacy of disruption operations and help provide “long-tail support” to its customers and the public when criminals attempt to reconstitute their infrastructure in the wake of disruptions.

Since the date of the Tycoon2FA takedown, the CrowdStrike Falcon® Complete Next-Gen MDR team and CrowdStrike Counter Adversary Operations team observed a short-term decrease in the volume of Tycoon2FA campaign activity; however, the volume of cloud compromises has since increased to levels previously observed by Falcon Complete. This resumed campaign volume — and the continuation of previously observed Tycoon2FA tactics, techniques, and procedures (TTPs) — suggests the actors responsible for the PhaaS are likely to remain active in the threat landscape in the short to medium term and warrant continued vigilance by defenders.

Tycoon2FA is a clear example of how today’s adversaries operate; they are highly adaptive, technically capable, and persistent in pursuing their objectives. Even as the threat landscape shifts, actors behind platforms like these continue to evolve their TTPs and find ways to maintain pressure on defenders. Staying ahead of that persistence requires continuous visibility across the full attack surface, the ability to correlate signals across domains in real time, and the expertise to act on them decisively. The AI-native CrowdStrike Falcon® platform and the expert defenders in Counter Adversary Operations and Falcon Complete give organizations the speed and depth of coverage needed to detect, disrupt, and respond before adversaries achieve their objectives.

Impact of Disruption

Tycoon2FA began its operations in 2023 and provided a subscription-based toolkit that intercepted live authentication sessions using adversary-in-the-middle (AITM) techniques. In mid-2025, the platform was responsible for 62% of all phishing attempts blocked by Microsoft; Tycoon2FA purportedly generated more than 30 million malicious emails in a single month. Given this prominence, the attempt at disrupting the tool was notable as an effort by law enforcement to disrupt a key component of the PhaaS ecosystem.

The March 4th Tycoon2FA disruption was the result of coordinated action between Europol’s European Cybercrime Centre (EC3) and law enforcement authorities in Latvia, Lithuania, Portugal, Poland, Spain, and the United Kingdom, alongside industry partners. The coordinated effort targeted 330 domains comprising the platform’s infrastructure. Additional actions against the individuals related to the PhaaS operation have not yet been reported.

This Tycoon2FA takedown follows law enforcement’s September 2025 targeting of RaccoonO365, which operated as Tycoon2FA’s primary competitor and also enabled threat actors (with minimal technical expertise) to conduct sophisticated phishing campaigns.

Falcon Complete observed numerous Tycoon2FA incidents in 2024, 2025, and 2026, with TTPs that include:

Using phishing emails to direct victims to Tycoon2FA CAPTCHA pages
Stealing victims’ session cookies upon CAPTCHA validation
Extracting victims’ email addresses via a JavaScript (JS) file
Populating fake Microsoft 365 or Google login pages, which are hosted on a Tycoon2FA domain
Proxying victims’ credentials to a legitimate Microsoft 365 cloud account via an obfuscated JS file
Authenticating to the victim’s cloud environment using the stolen cookies and credentials

Tycoon2FA Resurgence

Falcon Complete observed a short-term decrease in the volume of Tycoon2FA campaign activity following the takedown, with daily volumes on March 4 and March 5, 2026, reducing to 25% of pre-disruption levels. However, this volume subsequently returned to pre-disruption levels, with daily levels of cloud compromise active remediations returning to early 2026 levels. Additionally, Tycoon2FA’s TTPs have not changed following the takedown, indicating that the service’s operations may persist beyond this disruption.

Falcon Complete has continued to observe a diversity of phishing techniques associated with discrete phishing actors following the date of law enforcement disruption subsequent to March 3, 2026. These include business email compromise (BEC) phishing targeting personal and enterprise users, email thread hijacking, cloud account takeover, and the compromise of SharePoint and cloud environments for the dissemination of malicious URLs that redirect to the Tycoon2FA phish kit. Post-disruption campaigns have leveraged:

Malicious URLs
URL shortener services
Links to legitimate presentation software that include malicious redirects to Tycoon2FA infrastructure
Threat actor-registered infrastructure impersonating construction entities
Compromised SharePoint infrastructure from known contacts that retrieves XLSX and PDF files, including malicious redirect URLs to Tycoon2FA infrastructure

In one instance, Falcon Complete observed an active email campaign that attempted to utilize a version of the Tycoon2FA phish kit leveraging Cloudflare r2[.]dev and workers[.]dev infrastructure associated with public reporting on the Salty2FA phish kit. These campaigns were unsuccessful as they retrieved Cloudflare suspected phishing page HTML responses consistent with the claims of takedown. This may possibly indicate continued efforts by industry partners like Cloudflare post-disruption to impact the operation of the Tycoon2FA service.

Following initial cloud compromise Falcon Complete continues to see pre-BEC activity including the creation of suspicious inbox rules and the creation of folders to conceal the transmission of BEC or financial fraud emails from compromised Microsoft Exchange environments.

Between 4 March 2026 and 6 March 2026, Falcon Complete responded to at least 30 suspected Tycoon2FA-enabled phishing incidents comprising at least 12 decoy and credential-capture pages. Tycoon2FA operators typically leverage generative AI to quickly create convincing decoy webpages hosted at a combination of threat actor-controlled domains, which are returned if users fail geofencing profiling measures. Customers of the Tycoon2FA phish kit leverage compromised legitimate domains and abused legitimate hosting services to achieve redirection to Tycoon2FA phishing infrastructure. Some of the domains hosting Tycoon2FA pages have been active since 2025, likely indicating that they have not been subject to the 2026 law enforcement operation. Domains hosting Tycoon2FA pages in March 2026 include:

Table 1. Tycoon2FA phishing domains
Phishing Domain	Parent Domain Control	Parent Domain Registered	Phishing Domain First Observed
`811inboard[.]aeroprimelink[.]za[.]com`	Threat actor	August 10, 2025	March 6, 2026
`annotation[.]hanoufra[.]ltd`	Threat actor	February 9, 2026	March 4, 2026
`awssecrets[.]saidiosea[.]dev`	Threat actor	January 17, 2026	March 4, 2026
`electron[.]c8zoeh[.]com`	Threat actor	December 18, 2025	March 4, 2026
`hub[.]thadrodrai[.]business`	Threat actor	February 9, 2026	March 5, 2026
`omegaenergy[.]com[.]np`	Threat actor	June 12, 2025	March 5, 2026
`pass[.]aeroprimelink[.]za[.]com`	Third party; compromised domain	Prior to September 2012	March 6, 2026
`pub-9ee1bf400ea645748830bc408aa2b88a[.]r2[.]dev`	Cloudflare; shared developer infrastructure Inactive at the time of delivery, indicating successful takedown	N/A	March 5, 2026
`traelyst[.]dk`	Third party; compromised domain	November 20, 2024	March 6, 2026
`twig[.]lifeworkinc[.]com`	Threat actor	June 20, 2025	March 6, 2026

The post Tycoon2FA Phishing-as-a-Service Platform Persists Following Takedown appeared first on MASSIVE News.

CrowdStrike Innovates to Modernize National Security and Protect Critical Systems

wiredgorilla — Thu, 19 Mar 2026 17:00:08 +0000

At Fal.Con Gov 2026, CrowdStrike is introducing new innovations to accelerate modernization and strengthen cyber defense of government systems, while helping agencies meet some of the most rigorous compliance standards within a FedRAMP-authorized environment.

Cybersecurity is national security. Ransomware threatens public safety and continuity of operations. Supply chain compromise multiplies impact. Nation-state actors target critical infrastructure for strategic disruption. Modern adversaries propelled by AI are moving with unprecedented speed and stealth, overwhelming human teams and exploiting gaps created by tool sprawl and fragmented visibility.

Agencies face a historic dual mandate: Modernize security operations while preserving compliance, continuity, and public trust. But legacy architectures and acquisition models create modernization friction by locking budgets into inflexible licensing, forcing manual compliance work, and limiting adaptability as AI, IoT, and cloud technologies expand the attack surface. The consequences are higher risk and reduced readiness and resilience when every second counts.

CrowdStrike was built to help government agencies meet this moment. The CrowdStrike Falcon® platform delivers a unified, AI-native foundation to reduce complexity, cut noise, and enable action at the speed of the adversary. Below we highlight what’s new and what’s coming later this year.

What’s New in GovCloud

Modernized Mission Security with Falcon Flex

Today’s adversaries move faster than procurement cycles. As mission demands evolve, legacy acquisition models and point-product architectures create unnecessary friction.

To help agencies respond at the speed of modern adversaries, CrowdStrike Falcon® Flex is now operationally supported for U.S. federal, state, and local government agencies. Falcon Flex shifts agencies from product-by-product buying to a flexible, commitment-based model aligned to long-term platform outcomes, helping accelerate consolidation, simplify operations, and adopt new capabilities without delays.

With Falcon Flex, agencies can:

Reduce procurement friction by accessing the broader Falcon platform through a single, commitment-based model aligned to U.S. government acquisition frameworks.
Adopt new Falcon platform capabilities when needed without adding tools, contracts, or administrative overhead.
Evolve security operations as mission priorities change, shifting commitment across the Falcon platform to stay aligned with active operational requirements.
Maximize the value of the CrowdStrike partnership by applying committed investment where it delivers the greatest mission impact over time.

The result: faster platform adoption, stronger cross-domain integration, and security operations aligned to real-world mission demands.

Agentic Investigations and Natural Language Interactivity

Modern investigations demand speed, scale, and consistency — but manual workflows, swivel-chair tooling, and knowledge gaps keep security teams reactive. CrowdStrike® Charlotte AI™, CrowdStrike’s agentic security analyst, is a force multiplier for security teams, helping agencies streamline operations, automate time-intensive work, and scale expertise at machine speed.

Building on our first wave of FedRAMP-authorized Charlotte AI capabilities, we’re introducing two more Charlotte AI capabilities into GovCloud later this year:

Natural language conversations: Analysts will be able to interact with the Falcon platform in plain language to quickly surface the right context, retrieve intelligence, and direct the appropriate workflows to accelerate decision-making and reduce time-intensive, manual work.
Response Agent: Analysts will be able to significantly accelerate response using Charlotte AI’s Response Agent, which auto-generates and answers guiding questions during investigations. The Response Agent is trained on the frontline decisions and operational playbooks of the elite CrowdStrike Falcon® Complete managed detection and response (MDR) analyst team.

The post CrowdStrike Innovates to Modernize National Security and Protect Critical Systems appeared first on MASSIVE News.