Category: www.infosecurity-magazine.com

Jen Easterly and Ciaran Martin called for a universal, vendor-neutral cyber threat actor naming system This article has been indexed from www.infosecurity-magazine.com Read the original article: Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names

Read more →

This is the first forensic evidence that journalists’ devices have been infected with Paragon’s Graphite spyware This article has been indexed from www.infosecurity-magazine.com Read the original article: European Journalists Targeted by Paragon Spyware, Citizen Lab Confirms

Read more →

A CISA advisory urged all software vendors and downstream customers to check if they are impacted by unpatched versions of the SimpleHelp RMM tool This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Gang Exploits SimpleHelp RMM…

Read more →

Researchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple email This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft 365 Copilot: New Zero-Click AI Vulnerability Allows…

Read more →

The cybersecurity provider also implemented recent fixes in Chromium that affected its Prisma Access Browser This article has been indexed from www.infosecurity-magazine.com Read the original article: Palo Alto Networks Patches Series of Vulnerabilities

Read more →

The new NIST guidance sets out 19 example implementations of zero trust using commercial, off-the-shelf technologies This article has been indexed from www.infosecurity-magazine.com Read the original article: NIST Publishes New Zero Trust Implementation Guidance

Read more →

Europol warns of “vicious circle” of data breaches and cybercrime This article has been indexed from www.infosecurity-magazine.com Read the original article: Europol Says Criminal Demand for Data is “Skyrocketing”

Read more →

Erie Insurance reveals suspected network breach and ongoing outage This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Alert as Erie Insurance Reveals Cyber “Event”

Read more →

The legislation aims to expand the federal government’s role in helping healthcare providers protect and respond to cyber-attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Congress Introduces Bill to Strengthen Healthcare Cybersecurity

Read more →

Interpol-coordinated Operation Secure led to 32 arrests, including the suspected ringleader of a cybercriminal organization This article has been indexed from www.infosecurity-magazine.com Read the original article: 20,000 Asian IPs and Domains Dismantled in Infostealer Crackdown

Read more →

An ISC2 study found that 90% of security hiring managers would consider entry-level candidates with only previous IT work experience This article has been indexed from www.infosecurity-magazine.com Read the original article: Hands-On Skills Now Key to Landing Your First Cyber…

Read more →

The products affected by the issues are part of the Salesforce OmniStudio suite, including FlexCards and Data Mappers This article has been indexed from www.infosecurity-magazine.com Read the original article: Researcher Finds Five Zero-Days and 20+ Misconfigurations in Salesforce Cloud

Read more →

Malwarebytes claims 44% of mobile users are exposed to scams every day This article has been indexed from www.infosecurity-magazine.com Read the original article: Half of Mobile Users Now Face Daily Scams

Read more →

Microsoft has patched two zero days this month, one of which is being exploited in the wild This article has been indexed from www.infosecurity-magazine.com Read the original article: Two Microsoft Zero-Days for Admins to Fix in June Patch Tuesday

Read more →

Microsoft has patched two zero days this month, one of which is being exploited in the wild This article has been indexed from www.infosecurity-magazine.com Read the original article: Two Microsoft Zero Days for Admins to Fix in June Patch Tuesday

Read more →

Android Enterprise has introduced features for mobile security, device management and user productivity in its latest update This article has been indexed from www.infosecurity-magazine.com Read the original article: Android Enterprise Rolls Out Security and Productivity Updates

Read more →

A ransomware attack on Mastery Schools, Philadelphia, has compromised personal information of 37,031 individuals, exposing sensitive data This article has been indexed from www.infosecurity-magazine.com Read the original article: Mastery Schools Notifies 37,031 of Major Data Breach

Read more →

The financial sector was the industry most targeted by distributed denial-of-service (DDoS) attacks in 2024, with a peak in October This article has been indexed from www.infosecurity-magazine.com Read the original article: DDoS Attacks on Financial Sector Surge in Scale and…

Read more →

SentinelOne revealed details of two new intrusion attempts by China-nexus actors This article has been indexed from www.infosecurity-magazine.com Read the original article: SentinelOne Warns Cybersecurity Vendors of Chinese Attacks

Read more →

UNFI says it is investigating unauthorized network activity, and that some operations are affected This article has been indexed from www.infosecurity-magazine.com Read the original article: Wholesale Food Giant UNFI Admits Security Breach

Read more →

New PathWiper malware targeted Ukrainian critical infrastructure, using legitimate tools for cyber-attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: New Wiper Malware Targets Ukrainian Infrastructure

Read more →

Vulnerability in PayU CommercePro plugin allows account hijacking on thousands of WordPress sites This article has been indexed from www.infosecurity-magazine.com Read the original article: PayU Plugin Flaw Allows Account Takeover on 5000 WordPress Sites

Read more →

A new Trump Executive Order limits the use of cybersecurity-related sanctions only against foreign malicious actors This article has been indexed from www.infosecurity-magazine.com Read the original article: Trump Administration Revises Cybersecurity Rules, Replaces Biden and Obama Orders

Read more →

The Justice Department has filed a civil forfeiture complaint alleging North Korean IT workers amassed $7m+ This article has been indexed from www.infosecurity-magazine.com Read the original article: US Tries to Claw Back $7m Taken by North Korean IT Workers

Read more →

The FBI says mainly Chinese-made IoT devices pose a threat from Badbox 2.0 malware This article has been indexed from www.infosecurity-magazine.com Read the original article: FBI Warns Smart Home Users of Badbox 2.0 Botnet Threat

Read more →

The ransomware group combines IT vendor impersonation and phishing frameworks like Evilginx to breach its targets This article has been indexed from www.infosecurity-magazine.com Read the original article: Scattered Spider Uses Tech Vendor Impersonation and Phishing Kits to Target Helpdesks

Read more →

Experts at Infosecurity Europe 2025 highlighted a range of major industry trends, from advanced social engineering techniques to vulnerability exploits This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Top Six Cyber Trends CISOs Need to Know

Read more →

2017 ransomware attack on shipping company A P Moller Maersk marked a turning point for the cybersecurity industry, according to its former CISO Adam Banks This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Cybersecurity Lessons From…

Read more →

Engagement with ransomware actors doesn’t necessarily mean payment; it’s about getting the best outcomes, a leading negotiator had argued This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Ransomware Victims Urged to Engage to Take Back Control

Read more →

During Infosecurity Europe 2025, Nick Woodcraft, from the UK Government, shared his experience in implementing measures to protect domains within the .gov.uk DNS namespace This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: DNS Hijacking, A Major…

Read more →

A panel of CISOs at Infosecurity Europe urged their peers to use risk management and clear communication to tame a chaotic cyber landscape This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Know Your Audience to Make…

Read more →

Sophisticated nation-state and cybercriminal groups are using insiders to infect targets via hardware devices, despite a lack of reporting of this threat This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Threat Actors Weaponizing Hardware Devices to…

Read more →

Malicious actors are making more use of AI in attacks, even as governments look to boost AI investments This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Defenders and Attackers are Locked in an AI Arms Race

Read more →

At Infosecurity Europe 2025, Axonius’ Jon Ridyard proposed seven best practices to build mature vulnerability management processes This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Seven Steps to Building a Mature Vulnerability Management Program

Read more →

Endpoint and network security is still essential, even as malicious actors turn to supply chains, identities and AI This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Securing Endpoints is Still Vital Amid Changing Threats

Read more →

Moving to cloud-native architecture and modern platforms is allowing enterprises to automate operations and improve security This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025 Cloud-Native Technology Prompts New Security Approaches

Read more →

Experts argue the case for “communities of support” to boost SMB cyber-resilience This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Cybersecurity Support Networks Too Fragmented for SMBs, Say Experts

Read more →

Experts argue that CISOs should avoid product duplication and simplify their language to ensure budget is spent wisely This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Simplicity Should Guide Cybersecurity Purchasing Decisions

Read more →

Agentic AI systems could threaten security and data privacy, unless organizations test each model and component This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Concern Grows Over Agentic AI Security Risks

Read more →

The attacks on UK retailers are “a wake-up call” for the industry, said River Island’s Information Security Officer This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: UK Retail Hack Was ‘Subtle, Not Complex,’ Says River Island…

Read more →

A phishing campaign spoofing Booking.com has been observed targeting hospitality sector, using ClickFix to install malware This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Campaign Uses Fake Booking.com Emails to Deliver Malware

Read more →

Sophos has uncovered a scheme planting malicious code in 130+ GitHub repositories, targeting hackers and gamers This article has been indexed from www.infosecurity-magazine.com Read the original article: Widespread Campaign Targets Cybercriminals and Gamers

Read more →

Stolen devices are a bigger cause of data loss than stolen credentials or ransomware, according to a new Blancco study This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Device Theft Causes More Data Loss Than Ransomware

Read more →

Startups at Infosecurity Europe focus on attack surface management and improving security data, even as some new vendors avoid AI-led marketing This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Startups Focus on Visibility and Governance, not…

Read more →

Rapid7 found that 56% of all compromises in Q1 2025 resulted from the theft of valid account credentials with no MFA in place This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Majority of Compromises Caused by…

Read more →

Resellers and channel partners can add value, fill gaps in security teams and offer expertise in niche markets This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Channel Bridges Security Skills Gap

Read more →

Effective cybersecurity played a key role Ukraine drone attack on Russian strategic bombers, a leading government security expert has claimed This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Good Cybersecurity Enabled Ukraine’s Surprise Attack on Russia,…

Read more →

CISA is facing $495m budget cut, losing 1000 employees and reducing staff to 2324 This article has been indexed from www.infosecurity-magazine.com Read the original article: Trump Budget Plan to Cut Nearly 1000 Jobs at Cyber Agency CISA

Read more →

CISOs should demand more of their vendors and use regulation as an ally to persuade board members to accelerate the transition to post-quantum safety This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Demand More of Your…

Read more →

Malware campaign used fake DocuSign pages to deploy NetSupport RAT through clipboard manipulation This article has been indexed from www.infosecurity-magazine.com Read the original article: Fake Docusign Pages Deliver Multi-Stage NetSupport RAT Malware

Read more →

Abnormal AI found that engagement rates with VEC attacks globally is “worrisomely high”, overtaking BEC in the EMEA region This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: VEC Attacks Alarmingly Effective at Driving Engagement

Read more →

Risk Ledger found that 90% of UK professionals view supply chain cyber incidents as a top concern for 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Half of Firms Suffer Two Supply Chain Incidents in…

Read more →

Two local information disclosure flaws in Linux crash-reporting tools have been identified exposing system data to attackers This article has been indexed from www.infosecurity-magazine.com Read the original article: New Linux Vulnerabilities Expose Password Hashes via Core Dumps

Read more →

A new malware campaign targeting Windows and Linux systems has been identified, deploying tools for evasion and credential theft This article has been indexed from www.infosecurity-magazine.com Read the original article: Sophisticated Malware Campaign Targets Windows and Linux Systems

Read more →

Wiz finds new threat group running cryptojacking campaign via exploited and misconfigured DevOps assets This article has been indexed from www.infosecurity-magazine.com Read the original article: Cryptojacking Campaign Targets DevOps Servers Including Nomad

Read more →

Semperis will host an immersive ransomware simulation focused on water utilities during Infosecurity Europe 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Ransomware Drill to Spotlight Water Utility Cyber Risks in ‘Operation 999’

Read more →

A report on the dark web marketplace Russian Market showed Acreed has emerged as the leading infostealer This article has been indexed from www.infosecurity-magazine.com Read the original article: Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown

Read more →

Dutch, US and Finnish investigators have taken cybercrime service AVCheck offline This article has been indexed from www.infosecurity-magazine.com Read the original article: Dutch Police Lead Shut Down of Counter AV Service AVCheck

Read more →

Australian firms with an annual turnover of AUS $3m are now required to report any payments to ransomware groups to authorities This article has been indexed from www.infosecurity-magazine.com Read the original article: Mandatory Ransomware Payment Disclosure Begins in Australia

Read more →

Five major banking associations in the US claim the new SEC cyber incident disclosure rule puts a strain on their resources This article has been indexed from www.infosecurity-magazine.com Read the original article: US Banks Urge SEC to Repeal Cyber Disclosure…

Read more →

The FBI provided details of Funnull’s malicious activities, selling infrastructure to criminal groups to facilitate cryptocurrency fraud in the US This article has been indexed from www.infosecurity-magazine.com Read the original article: FBI Flags Philippines Tech Company Behind Crypto Scam Infrastructure

Read more →

The UK MoD has unveiled a new Cyber and Electromagnetic Command, which will focus on offensive cyber operations and “electromagnetic warfare” capabilities This article has been indexed from www.infosecurity-magazine.com Read the original article: UK MoD Launches New Cyber Warfare Command

Read more →

Security teams should use vulnerability context alongside KEV lists to prioritize patching, OX argued This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Urged to Enrich KEV Catalog with More Contextual Data

Read more →

The firm’s remote monitoring management tool, ScreenConnect, has reportedly been patched This article has been indexed from www.infosecurity-magazine.com Read the original article: ConnectWise Confirms Hack, “Very Small Number” of Customers Affected

Read more →

Fullscreen Browser-in-the-Middle attacks are making it harder for users to detect malicious websites This article has been indexed from www.infosecurity-magazine.com Read the original article: New Browser Exploit Technique Undermines Phishing Detection

Read more →

Fortinet has identified a new Windows RAT operating stealthily on compromised systems with advanced evasion techniques This article has been indexed from www.infosecurity-magazine.com Read the original article: Malware Analysis Reveals Sophisticated RAT With Corrupted Headers

Read more →

A threat actor has used ASUS routers’ legitimate features to create persistent backdoors that survive firmware updates and reboots This article has been indexed from www.infosecurity-magazine.com Read the original article: Thousands of ASUS Routers Hijacked in Stealthy Backdoor Campaign

Read more →

A new EY report found that cybersecurity teams are a major vehicle for business growth, and CISOs should push for a seat at the top table This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybersecurity Teams Generate…

Read more →

EasyDMARC found that just 7.7% of the world’s top 1.8 million email domains have implemented the most stringent DMARC policy This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Over 90% of Top Email Domains Vulnerable to…

Read more →

Two NHS England trusts could see highly sensitive patient records exposed This article has been indexed from www.infosecurity-magazine.com Read the original article: Ivanti Vulnerability Exploit Could Expose UK NHS Data

Read more →

A spoofed Bitdefender site has been used in a malicious campaign distributing VenomRAT and other malware, according to DomainTools This article has been indexed from www.infosecurity-magazine.com Read the original article: Fake Bitdefender Site Spreads Trio of Malware Tools

Read more →

This is the first time Czech authorities have officially called out a nation-state over a cyber-attack This article has been indexed from www.infosecurity-magazine.com Read the original article: Czech Republic Accuses China of Government Hack

Read more →

A flaw in OneDrive File Picker has exposed millions to data overreach through excessive OAuth permissions This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft OneDrive Flaw Exposes Users to Data Overreach Risks

Read more →

Adidas revealed that customer contact information, including names, emails and phone numbers were accessed by an unauthorized party This article has been indexed from www.infosecurity-magazine.com Read the original article: Adidas Customer Data Stolen in Third-Party Attack

Read more →

A Vietnam-nexus hacking group distributes infostealers and backdoors via social media ads promoting fake AI generator websites This article has been indexed from www.infosecurity-magazine.com Read the original article: Vietnam-Nexus Hackers Distribute Malware Via Fake AI Video Generator Websites

Read more →

A newly-discovered Russian group, Void Blizzard, has successfully compromised organizations in critical industries, Microsoft warned This article has been indexed from www.infosecurity-magazine.com Read the original article: New Russian State Hacking Group Hits Europe and North America

Read more →

A targeted cyber-attack on an MSP exploited flaws in remote management tools, resulting in ransomware deployment and data theft This article has been indexed from www.infosecurity-magazine.com Read the original article: DragonForce Ransomware Leveraged in MSP Attack Using RMM Tool

Read more →

A novel attack exploited machine learning models on PyPI, using zipped Pickle files to deliver infostealer malware This article has been indexed from www.infosecurity-magazine.com Read the original article: Malicious Machine Learning Model Attack Discovered on PyPI

Read more →

Former UK government minister Rory Stewart and NCSC Director of Operations Paul Chichester will explore the growing link between geopolitics and cybersecurity This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Rory Stewart and Paul Chichester to…

Read more →

The audit of the NVD will be conducted by the US Department of Commerce’s Office of Inspector General This article has been indexed from www.infosecurity-magazine.com Read the original article: US Government Launches Audit of NIST’s National Vulnerability Database

Read more →

Cisco Talos reported that a Chinese group has deployed web shells and malware in local government networks post-exploitation This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese Hackers Exploit Cityworks Flaw to Target US Local Governments

Read more →

A joint advisory from the US, UK, Australia and others highlights the importance of SIEM/SOAR platforms and overcoming implementation challenges This article has been indexed from www.infosecurity-magazine.com Read the original article: Governments Urge Organizations to Prioritize SIEM/SOAR Adoption

Read more →

The US National Institute of Standards and Technology (NIST) published a white paper introducing a new metric called Likely Exploited Vulnerabilities (LEV) This article has been indexed from www.infosecurity-magazine.com Read the original article: NIST Introduces New Metric to Measure Likelihood…

Read more →

A new Europol-led operation has dismantled infrastructure for key initial access malware used to launch ransomware attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Law Enforcement Busts Initial Access Malware Used to Launch Ransomware

Read more →

Operation Raptor also resulted in the seizure of $184m and a record amount of illegal drugs, firearms and drug trafficking proceeds This article has been indexed from www.infosecurity-magazine.com Read the original article: Global Dark Web Sting Sees 270 Arrested

Read more →

Sophos has observed DragonForce attacking rival ransomware operators including RansomHub as it seeks to expand its reach in the cybercrime marketplace This article has been indexed from www.infosecurity-magazine.com Read the original article: DragonForce Engages in “Turf War” for Ransomware Dominance

Read more →

Malware campaign exploiting TikTok’s popularity has been observed using social engineering to spread Vidar and StealC This article has been indexed from www.infosecurity-magazine.com Read the original article: AI-Generated TikTok Videos Used to Distribute Infostealer Malware

Read more →

Kettering Health is facing significant disruptions from a cyber-attack that impacted patient care This article has been indexed from www.infosecurity-magazine.com Read the original article: Kettering Health Cyber-Attack Disrupts Services

Read more →

The US cryptocurrency exchange claimed that the breach occurred in December 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Coinbase Breach Affected Almost 70,000 Customers

Read more →

The unpatched vulnerabilities, with a CVSS score of 8.6 to 10.0, can lead to remote code execution via authentication bypass This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Zero-Days Found in Versa Networks SD-WAN/SASE Platform

Read more →

West Lothian Council confirmed that ransomware attackers have stolen personal and sensitive information held on its education network This article has been indexed from www.infosecurity-magazine.com Read the original article: Sensitive Personal Data Stolen in West Lothian Ransomware Attack

Read more →

Law enforcers worldwide have teamed up with Microsoft to disrupt the infrastructure behind Lumma Stealer This article has been indexed from www.infosecurity-magazine.com Read the original article: Global Law Enforcers and Microsoft Seize 2300+ Lumma Stealer Domains

Read more →

NSA, NCSC and allies warn Western tech and logistics firms of Russian APT28 cyber-espionage threat This article has been indexed from www.infosecurity-magazine.com Read the original article: Western Logistics and Tech Firms Targeted by Russia’s APT28

Read more →

UK businesses should start to plan for required changes to their cybersecurity programs ahead of the Cyber Security and Resilience Bill This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: NCC Group Expert Warns UK Firms to…

Read more →

A new malware campaign disguised as Kling AI used fake Facebook ads and counterfeit websites to distribute an infostealer This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybercriminals Mimic Kling AI to Distribute Infostealer Malware

Read more →

Patched privilege escalation flaw in Google Cloud Platform linked to wider cloud security concerns This article has been indexed from www.infosecurity-magazine.com Read the original article: Flaw in Google Cloud Functions Sparks Broader Security Concerns

Read more →

The 19-year-old and his accomplices obtained key data for the extortion scheme in a 2022 breach of a US telco This article has been indexed from www.infosecurity-magazine.com Read the original article: US Teen to Plead Guilty in PowerSchool Extortion Campaign

Read more →

ITRC report finds that 39% of American consumers believe biometric use should be banned This article has been indexed from www.infosecurity-magazine.com Read the original article: Two-Fifths of Americans Want to Ban Biometric Use

Read more →

An M&S trading update estimates the ongoing cyber-incident will cost £300m, largely from lost sales due to the suspension of online orders This article has been indexed from www.infosecurity-magazine.com Read the original article: M&S Braces for £300 Million Cyber-Attack Costs

Read more →

A new NCSC guide offers useful information on how to safely and securely dispose of end-of-life assets This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Helps Firms Securely Dispose of Old IT Assets

Read more →