The post AI for Tier 1 SOC: NIST-Aligned Incident Response appeared first on AI Security Automation.

The post AI for Tier 1 SOC: NIST-Aligned Incident Response appeared first on Security Boulevard.

Government contractor fraud is at the heart of a new indictment returned by a federal grand jury in Washington, D.C. against a former senior manager in Virginia. Prosecutors say Danielle Hillmer, 53, of Chantilly, misled federal agencies for more than a year about the security of a cloud platform used by the U.S. Army and other government customers. The indictment, announced yesterday, charges Hillmer with major government contractor fraud, wire fraud, and obstruction of federal audits. According to prosecutors, she concealed serious weaknesses in the system while presenting it as fully compliant with strict federal cybersecurity standards.

Government Contractor Fraud: Alleged Scheme to Mislead Agencies

According to court documents, Hillmer’s actions spanned from March 2020 through November 2021. During this period, she allegedly obstructed auditors and misrepresented the platform’s compliance with the Federal Risk and Authorization Management Program (FedRAMP) and the Department of Defense’s Risk Management Framework. The indictment claims that while the platform was marketed as a secure environment for federal agencies, it lacked critical safeguards such as access controls, logging, and monitoring. Despite repeated warnings, Hillmer allegedly insisted the system met the FedRAMP High baseline and DoD Impact Levels 4 and 5, both of which are required for handling sensitive government data.

Obstruction of Audits

Federal prosecutors allege Hillmer went further by attempting to obstruct third-party assessors during audits in 2020 and 2021. She is accused of concealing deficiencies and instructing others to hide the true state of the system during testing and demonstrations. The indictment also states that Hillmer misled the U.S. Army to secure sponsorship for a Department of Defense provisional authorization. She allegedly submitted, and directed others to submit, authorization materials containing false information to assessors, authorizing officials, and government customers. These misrepresentations, prosecutors say, allowed the contractor to obtain and maintain government contracts under false pretenses.

Charges and Potential Penalties

Hillmer faces two counts of wire fraud, one count of major government fraud, and two counts of obstruction of a federal audit. If convicted, she could face:

• Up to 20 years in prison for each wire fraud count
• Up to 10 years in prison for major government fraud
• Up to 5 years in prison for each obstruction count

A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors. The indictment was announced by Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division and Deputy Inspector General Robert C. Erickson of the U.S. General Services Administration Office of Inspector General (GSA-OIG). The case is being investigated by the GSA-OIG, the Defense Criminal Investigative Service, the Naval Criminal Investigative Service, and the Department of the Army Criminal Investigation Division. Trial Attorneys Lauren Archer and Paul Hayden of the Criminal Division’s Fraud Section are prosecuting the case.

Broader Implications of Government Contractor Fraud

The indictment highlights ongoing concerns about the integrity of cloud platforms used by federal agencies. Programs like FedRAMP and the DoD’s Risk Management Framework are designed to ensure that systems handling sensitive government data meet rigorous security standards. Allegations that a contractor misrepresented compliance raise questions about oversight and the risks posed to national security when platforms fall short of requirements. Federal officials emphasized that the government contractor fraud case highlights the importance of transparency and accountability in government contracting, particularly in areas involving cybersecurity. Note: It is important to note that an indictment is merely an allegation. Hillmer, like all defendants, is presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Morpheus automates Tier 1 and Tier 2 SOC work across Microsoft Sentinel, Defender, and Entra ID. Scale your MSSP, maintain SLA compliance and service quality.

The post Morpheus on Microsoft: AI SOC Platform for MSSPs Managing Sentinel, Defender, Entra, and More appeared first on D3 Security.

The post Morpheus on Microsoft: AI SOC Platform for MSSPs Managing Sentinel, Defender, Entra, and More appeared first on Security Boulevard.

Threat Actor Dark Storm has emerged as one of the most active pro-Russian hacktivist groups this year, escalating disruptive cyberattacks against several government agencies across Europe and Russia.   Known primarily for aggressive Distributed Denial-of-Service (DDoS) operations, the group is widening its targets, deepening alliances, and promoting DDoS-as-a-Service offerings to other threat actors across the underground ecosystem. 

Who Is Dark Storm? A Pro-Russian Collective Expanding Its Reach 

The threat actor Dark Storm, also known as Dark Storm Team, TeamDarkStorm, and MRHELL112, has built a reputation for hitting critical infrastructure, particularly airports and transportation networks. While DDoS has remained its signature method, the group has recently broadened its campaigns to include political, opportunistic, and retaliatory attacks.  Dark Storm is part of the pro-Russian alliance Matryoshka 424, connecting it to other hacktivist clusters that coordinate messaging, tools, and attack timing.   The group’s alignment with wider pro-Russian cyber movements has amplified its operational impact, especially during geopolitical flashpoints. 

Growing Web of Alliances Boosts Their Disruptive Capabilities 

The threat actor’s tactic frequently overlaps with those of linked groups such as OverFlame, Server Killers, Z-Pentest, and Team BD Cyber Ninja, all of which share DDoS infrastructure and ideological motivations. 

• OverFlame focuses on attacks connected to Ukraine and its allies. 

• Server Killers routinely targets entities perceived as opposing Russian interests. 

• Z-Pentest, a newer group, has been seen exploiting unauthorized access to ICS panels and performing website defacements. 

These joined alliances provide Dark Storm with broader botnet access, shared reconnaissance intelligence, and a coordinated amplification strategy, leading to larger and more sustained disruptions. 

How Dark Storm Executes Its Attacks

1. Exploiting Public-Facing Applications

Dark Storm’s operations often begin with exploiting weaknesses in internet-facing applications, including misconfigured servers, outdated services, and vulnerable web components. By leveraging Initial Access techniques such as exploiting public-facing apps (T1190), the group aims to identify high-value entry points.  This includes: 

• Web servers and cloud-hosted applications 

• Administrative interfaces 

• Exposed databases or misconfigured network devices 

The group has also been observed gathering victim identity information (T1589) and host configuration data (T1592) through reconnaissance activities, using scanning and metadata harvesting to tailor their next move. 2. Coordinated DDoS and Endpoint Denial-of-Service Attacks The core of Dark Storm’s activity lies in complicated Network Denial-of-Service (T1498) and Endpoint Denial-of-Service (T1499) campaigns.  These attacks typically rely on: 

• Voluminous traffic generation using botnets 

• IP spoofing to hide origin 

• Reflective amplification techniques 

• Multi-layer targeting of network and application endpoints 

By vast bandwidth, saturating hosting infrastructure, or crashing service layers, Dark Storm aims to cause maximum disruption with minimal operational cost. 3. Escalating Focus on Government Agencies While past activity was largely centered on transportation and logistics, the recent surge of attacks against government agencies in Europe and Russia marks a notable escalation. The group appears to be leveraging political tension, upcoming elections, and diplomatic shifts to justify their campaigns.  These government-focused attacks include: 

• Flooding official portals 

• Disrupting public-facing service websites 

• Interrupting online citizen services 

• Targeting digital communication channels 

Although largely disruptive rather than destructive, these incidents highlight the fragility of national digital services under sustained political hacktivism. 

How Organizations Can Defend Against Dark Storm’s Tactics 

The tactics used by Threat Actor Dark Storm, particularly large-scale DDoS attacks and exploitation of exposed applications, stress on the importance of continuous threat visibility. Organizations dependent on online services remains especially vulnerable during periods of geopolitical tension or heightened hacktivist activity.  Solutions like Cyble’s Cyber Threat Intelligence Platform provide early detection of adversary behavior, monitoring of emerging campaigns, and insights into developing threats that groups like Dark Storm rely on.  With holistic visibility, automation, and advanced analytics, security teams can prioritize high-risk exposures, detect reconnaissance activity sooner, and prepare defenses before attacks escalate. 

Stay ahead of threat actor groups like Dark Storm. 

Explore deeper threat insights with Cyble’s Cyber Threat Intelligence Platform- Get Your FREE Demo Now 

As Black Friday sale scams continue to rise, shoppers across Europe and the US are being urged to stay vigilant this festive season. With promotions kicking off earlier than ever, some starting as early as October 30 in Romania, cybercriminals have had an extended window to target bargain hunters, exploiting their search for deals with fraudulent schemes. Black Friday 2025, this year, scammers have been impersonating top brands such as Amazon, MediaMarkt, TEMU, IKEA, Kaufland, Grohe, Oral-B, Binance, Louis Vuitton, Jack Daniel’s, Reese’s, and United Healthcare. Among them, Amazon remains the most frequently abused brand, appearing in phishing messages, fake coupon offers, and mobile scams promising massive discounts.

Amid these ongoing threats, many shoppers are also expressing frustration with deceptive pricing tactics seen during the Black Friday period. One Reddit user described the experience as increasingly misleading:

“I'm officially over the Black Friday hype. It used to feel like a sale, now it feels like a prank.

I was tracking a coffee machine at $129. When the ‘Black Friday early deal’ showed up, it became ‘$159 now $139 LIMITED TIME.’ I saw $129 two weeks ago. The kids’ tablet went from $79 to $89 with a Holiday Deal tag — paying extra for a yellow label.

I've been doing Black Friday hunting for 10+ years and it's only gotten worse. Fake doorbusters, fake urgency, fake ‘original’ prices. Feels like they're A/B testing how cooked our brains are as long as the button screams ‘53% OFF.’

Now I only buy when needed and let a Chrome extension track my Amazon orders. It clawed back $72 last month from so-called ‘preview pricing’ after prices dropped again.”

This sentiment reflects a growing concern: while scam campaigns imitate trusted brands, the pressure-driven marketing tactics surrounding Black Friday can also make consumers more vulnerable to fraud.

Moreover, a recent campaign even spoofed United Healthcare, offering a fake “Black Friday Smile Upgrade” with Oral-B dental kits, aiming to collect sensitive personal data. According to data from the City of London Police, shoppers lost around £11.8 million to online shopping fraud during last year’s festive season, from 1 November 2024 to 31 January 2025. Fraudsters often pressure victims with claims that deals are limited or products are scarce, forcing hurried decisions that can result in stolen funds or sensitive information.

A Month-Long Shopping Season Means More Risk

With strong discounts across electronics, toys, apparel, and home goods, consumers are drawn to higher-ticket items. This year, electronics saw discounts up to 30.1%, toys 28%, apparel 23.2%, and furniture 19%, while televisions, appliances, and sporting goods hit record lows in price, prompting significant e-commerce growth. Adobe reported that for every 1% decrease in price, demand increased by 1.029% compared to the previous year, driving an additional $2.25 billion in online spending, a part of the overall $241.4 billion spent online. The combination of high consumer demand and deep discounts makes the Black Friday shopping period especially attractive to cybercriminals, as the increased volume of online transactions offers more opportunities for scams.

How to Protect Yourself from Black Friday Sale Scams

Ahead of Black Friday on November 28, shoppers are being encouraged to follow advice from the Stop! Think Fraud campaign, run by the Home Office and the National Cyber Security Centre (NCSC). Key precautions include:

• Check the shop is legitimate: Always verify reviews on trusted websites before making a purchase.
• Secure your accounts: Enable two-step verification (2SV) for important accounts to add an extra layer of security.
• Pay securely: Use credit cards or verified payment services like PayPal, Apple Pay, or Google Pay. Avoid storing card details on websites and never pay by direct bank transfer.
• Beware of delivery scams: Avoid clicking links in unexpected messages or calls and confirm any delivery claims with the organization directly.

Individuals are also urged to report suspicious emails, texts, or fake websites to the NCSC, which collaborates with partners to investigate and remove malicious content. For businesses and security-conscious shoppers, leveraging tools like Cyble’s Cyber Threat Intelligence Platform can help monitor brand impersonation, detect scams, and protect sensitive data in real-time during Black Friday sale scams. With the rise of cyber threats during high-demand shopping periods, proactive intelligence is key to staying safe. Stay alert this Black Friday, your bargains are only valuable if your personal data stays safe. Learn more about how Cyble can protect you and your business here.

The GRC platform market is witnessing strong growth as organizations across the globe focus on strengthening governance, mitigating risks, and meeting evolving compliance demands. According to recent estimates, the market was valued at USD 49.2 billion in 2024 and is projected to reach USD 127.7 billion by 2033, growing at a CAGR of 11.18% between 2025 and 2033.

This GRC platform market growth reflects the increasing need to protect sensitive data, manage cyber risks, and streamline regulatory compliance processes.

Rising Need for Governance, Risk, and Compliance Solutions

As cyberthreats continue to rise, enterprises are turning to GRC platforms to gain centralized visibility into their risk posture. These solutions help organizations identify, assess, and respond to potential risks, ensuring stronger governance and reduced operational disruption.

The market’s momentum is also fueled by heightened regulatory scrutiny and the introduction of new compliance frameworks worldwide. Businesses are under pressure to maintain transparency, accuracy, and accountability in their governance and reporting processes — areas where a GRC platform adds significant value.

By integrating governance, risk, and compliance management into one system, companies can make informed decisions, reduce human error, and ensure consistent adherence to evolving regulations.

 GRC Platform Market Insights and Key Segments

The GRC platform market is segmented based on deployment model, solution, component, end-user, and industry vertical.

• Deployment Model: The on-premises deployment model dominates the market due to enhanced security and customization options. It is preferred by organizations handling sensitive data or operating under strict regulatory environments.

• Solution Type: Compliance management holds the largest market share as businesses prioritize automation of documentation, tracking, and reporting to stay audit-ready.

• Component: Software solutions lead the market by offering analytics, policy management, and workflow automation to streamline risk processes.

• End User: Medium enterprises represent the largest segment, focusing on scalable solutions that balance security and efficiency.

• Industry Vertical: The BFSI sector remains a key adopter due to its complex regulatory landscape and high data security requirements.

Key Drivers of the GRC Platform Market

Several factors contribute to the rapid expansion of the GRC platform market:

1. Escalating Cyber Risks: As cyber incidents become more frequent and sophisticated, organizations seek to integrate cybersecurity measures within GRC frameworks. These integrations improve detection, response, and recovery capabilities.

2. Evolving Compliance Standards: Increasing regulatory pressure drives adoption of GRC solutions to ensure businesses stay aligned with global standards like GDPR, HIPAA, and ISO 27001.

3. Automation and Efficiency: Advanced GRC software reduces manual reporting and enhances accuracy, enabling faster audit responses and improved decision-making.

4. Operational Resilience: A robust GRC system ensures business continuity by minimizing vulnerabilities and improving crisis management strategies.

Regional Outlook and Future Trends

North America currently leads the GRC platform market, supported by mature digital infrastructure and strong regulatory frameworks. Meanwhile, the Asia-Pacific region is emerging as a key growth area, driven by increased cloud adoption and a rising focus on data privacy.

In the coming years, integration with AI, analytics, and threat intelligence tools will transform how organizations approach governance and risk. The market is expected to evolve toward more predictive and adaptive compliance solutions.

Leveraging Threat Intelligence for Stronger Risk Governance

As organizations expand their digital ecosystems, threat intelligence has become a vital part of effective risk management. Platforms like Cyble help enterprises identify, monitor, and mitigate emerging cyber risks before they escalate. Integrating such intelligence-driven insights into a GRC platform strengthens visibility and helps build a proactive security posture.

For security leaders aiming to align governance with real-time intelligence, exploring a quick free demo of integrated risk and compliance tools can offer valuable perspective on enhancing organizational resilience.