Category: http://www.infosecurity-magazine.com/rss/news/76/application-security/

Surveillance Commissioner Blasts Cops for Data Retention

Fraser Sampson says UK police have three million photos of innocent people This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Surveillance Commissioner Blasts Cops for Data Retention

HackerOne Exceeds $300m in Bug Bounty Payments

Thirty hackers have earned over one million dollars each This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: HackerOne Exceeds $300m in Bug Bounty Payments

Boeing Investigates LockBit Ransomware Breach Claims

Group alleges it stole large volume of sensitive data This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Boeing Investigates LockBit Ransomware Breach Claims

MGM Resorts Reveals Over $100M in Costs After Ransomware Attack

In an SEC 8-K filing published last Thursday, the company cited operational disruptions This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: MGM Resorts Reveals Over $100M in Costs After Ransomware Attack

Google Bug Bounty Program Expands to Chrome V8, Google Cloud

Google has launched capture the flag (CTF) competitions focused on Chrome’s V8 JavaScript engine and Google Cloud’s kernel-based virtual machine (KVM) This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Google Bug Bounty Program Expands to Chrome V8,…

Google Bug Bounty Program Expands to Chrome V8, Google Cloud

Google has launched capture the flag (CTF) competitions focused on Chrome’s V8 JavaScript engine and Google Cloud’s kernel-based virtual machine (KVM) This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Google Bug Bounty Program Expands to Chrome V8,…

Social Dominates as Victims Take $2.7bn Fraud Hit

Social media is number one channel for fraud, says FTC This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Social Dominates as Victims Take $2.7bn Fraud Hit

AWS to Mandate Multi-Factor Authentication from 2024

Move is designed to mitigate risk of account takeover This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: AWS to Mandate Multi-Factor Authentication from 2024

CISA and NSA Publish Top 10 Misconfigurations

Data was compiled from real-world read and blue team engagements This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: CISA and NSA Publish Top 10 Misconfigurations

Qakbot Gang Still Active Despite FBI Takedown

Cisco Talos found new evidence that Qakbot-affiliated actors were still distributing ransomware despite the August FBI takedown of the threat group This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Qakbot Gang Still Active Despite FBI Takedown

Critical Glibc Bug Puts Linux Distributions at Risk

Qualys identified and exploited the vulnerability in Fedora 37/38, Ubuntu 22.04/23.04, Debian 12/13 This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Critical Glibc Bug Puts Linux Distributions at Risk

Record Numbers of Ransomware Victims Named on Leak Sites

A new Secureworks report finds that 2023 is on course to be the biggest year on record for victim naming on ‘name and shame’ sites This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Record Numbers of Ransomware…

GoldDigger Android Trojan Drains Victim Bank Accounts

Researchers warn of phishing links leading to spoofed Google Play pages This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: GoldDigger Android Trojan Drains Victim Bank Accounts

LightSpy iPhone Spyware Linked to Chinese APT41 Group

ThreatFabric found evidence that LighSpy is linked to Android spyware DragonEgg, attributed to the Chinese-sponsored group This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: LightSpy iPhone Spyware Linked to Chinese APT41 Group

EvilProxy Phishing Attack Strikes Indeed, Targets Executives

Menlo Labs brought this discovery to light in an advisory published on Tuesday This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: EvilProxy Phishing Attack Strikes Indeed, Targets Executives

Malware-Infected Devices Sold Through Major Retailers

The BADBOX scheme deploys the Triada malware on various devices like smartphones and tablets This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Malware-Infected Devices Sold Through Major Retailers

Police Issue “Quishing” Email Warning

Organizations urged to update staff awareness programs This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Police Issue “Quishing” Email Warning

Red Cross Issues Wartime Hacktivist Rules

Non-profit warns of blurring between military and civilian attacks This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Red Cross Issues Wartime Hacktivist Rules

NSA Establishes AI Security Center

NSA Director Gen. Nakasone made the announcement during a discussion in Washington last Thursday This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: NSA Establishes AI Security Center

EU Cyber Resilience Act Could be Exploited for Surveillance, Experts Warn

The open letter, signed by 50 leading cybersecurity figures, urges the EU to reconsider its proposals around vulnerability disclosure requirements This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: EU Cyber Resilience Act Could be Exploited for Surveillance,…

FortiGuard Uncovers Deceptive Install Scripts in npm Packages

Fortinet said these packages can be categorized into nine sets based on their code and functions This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: FortiGuard Uncovers Deceptive Install Scripts in npm Packages

Upstream Supply Chain Attacks Triple in a Year

Sonatype detects over 245,000 malicious packages This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Upstream Supply Chain Attacks Triple in a Year

Half of Cybersecurity Professionals Report Increase in Cyber-Attacks

New research by ISACA has found that the cybersecurity skills gap is contributing to businesses’ cybersecurity preparedness This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Half of Cybersecurity Professionals Report Increase in Cyber-Attacks

FBI Warns of Dual Ransomware Attacks and Data Destruction Trends

Hackers are deploying different ransomware variants, including AvosLocker and Hive, among others This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: FBI Warns of Dual Ransomware Attacks and Data Destruction Trends

AI-Generated Phishing Emails Almost Impossible to Detect, Report Finds

Email security provider Egress found that AI detectors were unable to identify if a phishing email came from an AI chatbot This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: AI-Generated Phishing Emails Almost Impossible to Detect, Report…

BunnyLoader Malware Targets Browsers and Cryptocurrency

Coded in C/C++, the tool is a fileless loader that conducts malicious activities in memory This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: BunnyLoader Malware Targets Browsers and Cryptocurrency

Nearly 100,000 Industrial Control Systems Exposed to the Internet

A new report from Bitsight has highlighted how thousands of physical critical infrastructure organizations are vulnerable to cyber-attacks This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Nearly 100,000 Industrial Control Systems Exposed to the Internet

Cybersecurity Awareness Month Celebrates 20 Years

This year’s cybersecurity awareness month theme is Secure Our World This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Cybersecurity Awareness Month Celebrates 20 Years

Royal Family Website Downed by DDoS Attack

Russian Killnet group suspected This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Royal Family Website Downed by DDoS Attack

Data Theft Overtakes Ransomware as Top Concern for IT Decision Makers

A recent survey conducted by Integrity 360 shows that data theft has overtaken ransomware as a top concern for some IT decision makers This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Data Theft Overtakes Ransomware as Top…

Russian Company Offers $20m For Non-NATO Mobile Exploits

Operation Zero will pay $20m for exploits like RCE, LPE and SBX, integral to a full-chain attack This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Russian Company Offers $20m For Non-NATO Mobile Exploits

Russian Company Offers $20M For Non-NATO Mobile Exploits

Operation Zero will pay $20m for exploits like RCE, LPE and SBX, integral to a full-chain attack This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Russian Company Offers $20M For Non-NATO Mobile Exploits

Microsoft’s Bing AI Faces Malware Threat From Deceptive Ads

Malwarebytes said the goal of these tactics is to lure victims into downloading malicious software This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Microsoft’s Bing AI Faces Malware Threat From Deceptive Ads

Phishing, Smishing Surge Targets US Postal Service

The surge in these attacks has prompted DomainTools to delve into their origins and implications This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Phishing, Smishing Surge Targets US Postal Service

MOVEit Developer Patches Critical File Transfer Bugs

CVSS 10.0 flaw was found in the WS_FTP Server software This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: MOVEit Developer Patches Critical File Transfer Bugs

Budworm APT Evolves Toolset, Targets Telecoms and Government

Symantec explained that the attack leveraged a new variant of Budworm’s SysUpdate backdoor This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Budworm APT Evolves Toolset, Targets Telecoms and Government

Booking.com Customers Targeted in Major Phishing Campaign

Perception Point research highlights the extensive reach of this issue, affecting hotels and resorts on a global scale This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Booking.com Customers Targeted in Major Phishing Campaign

Android Banking Trojan Zanubis Evolves to Target Peruvian Users

The Trojan utilizes the Obfuscapk obfuscator for Android APK files, Kaspersky explained This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Android Banking Trojan Zanubis Evolves to Target Peruvian Users

US and Japan Warn of Chinese Router Attacks

BlackTech group blamed for cyber-espionage operation This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: US and Japan Warn of Chinese Router Attacks

Simple Membership Plugin Flaws Expose WordPress Sites

Patchstack uncovered an unauthenticated role privilege escalation flaw and an account takeover vulnerability This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Simple Membership Plugin Flaws Expose WordPress Sites

Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims

According to Resecurity, Ransomed.vc is demanding a ransom of over $1m from NTT Docomo This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims

BEC Attacks Increase By 279% in Healthcare

Abnormal Security also found a 167% increase in advanced email attacks This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: BEC Attacks Increase By 279% in Healthcare

Leading CISO Creates Model for Ransomware Payment Decisions

Lorraine Dryland, CISO at First Sentier Investors, discusses how to help executives make fast and informed decisions when presented with a ransomware demand This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Leading CISO Creates Model for Ransomware…

Cyber-Attacks on Ukraine Surge 123%, But Success Rates Plummet

Russia-backed cyber-attacks in Ukraine jumped 123% in the first half of 2023 – but were less critical than in 2022 This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Cyber-Attacks on Ukraine Surge 123%, But Success Rates Plummet

Regulator Warns Breaches Can Cost Lives

ICO says handling of domestic abuse victims’ data must improve This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Regulator Warns Breaches Can Cost Lives

NCSC Launches Cyber Incident Exercise Scheme

UK security agency opens scheme to certify assured providers This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: NCSC Launches Cyber Incident Exercise Scheme

More than 30 US Banks Targeted in New Xenomorph Malware Campaign

ThreatFabric explained the malware relies on deceptive phishing webpages posing as a Chrome update This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: More than 30 US Banks Targeted in New Xenomorph Malware Campaign

ZenRAT Malware Uncovered in Bitwarden Impersonation

Discovered by Proofpoint, ZenRAT is a modular remote access trojan targeting Windows users This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: ZenRAT Malware Uncovered in Bitwarden Impersonation

ShadowSyndicate Investigation Reveals RaaS Ties

The investigation was conducted by Group-IB, Bridewell and threat researcher Michael Koczwara This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: ShadowSyndicate Investigation Reveals RaaS Ties

Half of Cyber-Attacks Go Unreported

Almost half of organizations have failed to report cyber-attacks to the appropriate authorities in 2023 This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Half of Cyber-Attacks Go Unreported

Pension Firms Report 4000% Surge in Breaches

Financial services targeted remorselessly over past year This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Pension Firms Report 4000% Surge in Breaches

CISA Publishes Hardware Bill of Materials Framework

Agency says it will help firms better manage supply chain risk This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: CISA Publishes Hardware Bill of Materials Framework

Sophisticated APT Clusters Target Southeast Asia

Unit 42 uncovered three separate threat actor clusters: Stately Taurus, Alloy Taurus and Gelsemium This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Sophisticated APT Clusters Target Southeast Asia

China-Linked EvilBamboo Targets Mobiles

This extensive operation is directed at Tibetan, Uyghur and Taiwanese individuals and organizations This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: China-Linked EvilBamboo Targets Mobiles

Voting Equipment Giants Team Up For Security

The move aims to combat the rampant spread of misinformation among American voters This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Voting Equipment Giants Team Up For Security

Web3 Platform Mixin Network Hit by $200m Crypto Hack

The decentralized finance network has suspended deposits and withdrawals after what could be one of the biggest cyber-attacks on cryptocurrency projects This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Web3 Platform Mixin Network Hit by $200m Crypto…

Almost 900 US Schools Breached Via MOVEit

National Student Clearinghouse reveals more details of incident This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Almost 900 US Schools Breached Via MOVEit

BEC Scammer Pleads Guilty to Part in $6m Scheme

Nigerian was extradited to the US from Canada This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: BEC Scammer Pleads Guilty to Part in $6m Scheme

Almost US 900 Schools Breached Via MOVEit

National Student Clearinghouse reveals more details of incident This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Almost US 900 Schools Breached Via MOVEit

CISA and NFL Collaborate to Secure Super Bowl LVIII

Tabletop exercise assessed the cybersecurity response capabilities, plans and procedures for the event This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: CISA and NFL Collaborate to Secure Super Bowl LVIII

Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023

Kaspersky said these services range from $20 per day to $10,000 a month This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023

Elusive Sandman APT Targets Telecom Giants With LuaJIT Toolkit

SentinelLabs said the group’s tactics focus on stealthy lateral movements and minimal interactions This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Elusive Sandman APT Targets Telecom Giants With LuaJIT Toolkit

#mWISE: Why Zero Days Are Set for Highest Year on Record

Experts at the mWISE conference discussed who is behind the surge in zero-day exploits This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: #mWISE: Why Zero Days Are Set for Highest Year on Record

UK Security Agency Publishes New Crypto Designs

NCSC hopes research will inform future standards This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: UK Security Agency Publishes New Crypto Designs

Apple Patches Three Actively Exploited Zero-Days

Bugs were found by Citizen Lab and Google This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Apple Patches Three Actively Exploited Zero-Days

UK-US Confirm Agreement for Personal Data Transfers

The agreement, which represents an extension to the EU-US Data Privacy Framework, will enable the free flow of personal data between the UK and US This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: UK-US Confirm Agreement for…

New Ransomware Victims Surge by 47% with Gangs Targeting Small Businesses

The Trend Micro report observed that small organizations are being increasingly targeted by ransomware gangs, including LockBit and BlackCat This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: New Ransomware Victims Surge by 47% with Gangs Targeting Small…

Bot Attack Costs Double to $86m Annually

Netacea warns of growing threat from malicious automation This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Bot Attack Costs Double to $86m Annually

Scams Now Make Up 75% of Cyber-Threats

Norton report warns generative AI is making an impact This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Scams Now Make Up 75% of Cyber-Threats

US Government in Snatch Ransomware Warning

Experts believe attacks have ramped up recently This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: US Government in Snatch Ransomware Warning

#mWISE: US to Implement Game-Changing Cyber Mandates on Medical Devices

A new legal requirement for medical devices in the US will introduce the first-ever SBOM mandate for the consumer market This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: #mWISE: US to Implement Game-Changing Cyber Mandates on Medical…

International Criminal Court Reveals Security Breach

ICC says it’s putting additional protections in place This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: International Criminal Court Reveals Security Breach

Brits Lose $9.3bn to Scams in a Year

One in 10 have suffered from fraud in past 12 months This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Brits Lose $9.3bn to Scams in a Year

#mWISE: Chinese Cyber Power Bigger Than the Rest of the World Combined

China is rising as a cyber superpower, sponsoring not just ever more highly sophisticated espionage campaigns, but also venturing into cybercrime and disinformation This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: #mWISE: Chinese Cyber Power Bigger Than…