Category: www.infosecurity-magazine.com

The US warns that the North Korea-linked Kimsuky group is exploiting poorly configured DMARC protocols to spoof legitimate domains in espionage phishing campaigns This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korean Hackers Spoofing Journalist Emails…

Read more →

Amnesty International found in Indonesia a murky ecosystem of surveillance suppliers, brokers and resellers that obscures the sale and transfer of surveillance technology This article has been indexed from www.infosecurity-magazine.com Read the original article: Indonesia is a Spyware Haven, Amnesty…

Read more →

Microsoft illustrated the severity of the issue via a case study involving Xiaomi’s File Manager This article has been indexed from www.infosecurity-magazine.com Read the original article: Android Flaw Affected Apps With 4 Billion Installs

Read more →

Sweden experienced a wave of DDoS attacks as the country was working towards joining NATO, Netscout found This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Target New NATO Member Sweden with Surge of DDoS Attacks

Read more →

Attackers accessed emails, usernames, phone numbers, hashed passwords and authentication information This article has been indexed from www.infosecurity-magazine.com Read the original article: Security Breach Exposes Dropbox Sign Users

Read more →

Dynatrace research claims global CISOs are concerned AI is driving advanced app security threats and poor developer practices This article has been indexed from www.infosecurity-magazine.com Read the original article: Three-Quarters of CISOs Admit App Security Incidents

Read more →

A US court has sentenced a Ukrainian national to 13 years and seven months in prison for his role in over 2500 ransomware attacks using the REvil strain This article has been indexed from www.infosecurity-magazine.com Read the original article: REvil…

Read more →

The US and its allies claim Russian hacktivists are disruptive operations in water, energy, food and agriculture sectors This article has been indexed from www.infosecurity-magazine.com Read the original article: US and UK Warn of Disruptive Russian OT Attacks

Read more →

The data from ReliaQuest also suggests LockBit faced a significant setback due to law enforcement action This article has been indexed from www.infosecurity-magazine.com Read the original article: LockBit, Black Basta, Play Dominate Ransomware in Q1 2024

Read more →

Andrew Witty made the claims in a written testimony submitted before a House subcommittee hearing This article has been indexed from www.infosecurity-magazine.com Read the original article: UnitedHealth CEO Confirms Breach Tied to Stolen Credentials, No MFA

Read more →

Comparitech found that 18% of ransomware incidents in the US led to a lawsuit in 2023, with 59% of completed lawsuits since 2018 proving successful This article has been indexed from www.infosecurity-magazine.com Read the original article: 1 in 5 US…

Read more →

New report from Netwrix reveals unplanned expenses impact half of breached firms, including a surge in lawsuits This article has been indexed from www.infosecurity-magazine.com Read the original article: Lawsuits and Company Devaluations Await For Breached Firms

Read more →

The growth of software supply chain attacks pushed vulnerability exploits to the third most used initial access method, Verizon found This article has been indexed from www.infosecurity-magazine.com Read the original article: DBIR: Vulnerability Exploits Triple as Initial Access Point for…

Read more →

Join Claire Williams at Infosecurity Europe to learn how F1 leadership strategies can inspire cybersecurity leaders This article has been indexed from www.infosecurity-magazine.com Read the original article: Infosecurity Europe Keynote: Building Strong Teams and Driving Change with F1’s Claire Williams

Read more →

The UK’s National Cyber Security Centre claims its AMS model will protect firms from state-backed mobile threats This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms

Read more →

The US Department of Homeland Security has released new guidelines for securing critical infrastructure and CBRN from AI threats This article has been indexed from www.infosecurity-magazine.com Read the original article: US Government Releases New Resources Against AI Threats

Read more →

The first quarter of 2024 saw the most ransomware activity ever recorded, Corvus Insurance found in a new analysis This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Rising Despite Takedowns, Says Corvus Report

Read more →

Central YMCA was fined £7,500 for a data breach exposing HIV information of support program participants, prompting the ICO to call for stronger privacy protections for people with HIV This article has been indexed from www.infosecurity-magazine.com Read the original article:…

Read more →

According to JFrog, approximately 25% of all repositories lack useful functionality and serve as vehicles for spam and malware This article has been indexed from www.infosecurity-magazine.com Read the original article: Millions of Malicious Containers Found on Docker Hub

Read more →

Meta’s moderation failings could allow coordinated disinformation campaigns to thrive in the run-up to the EU election This article has been indexed from www.infosecurity-magazine.com Read the original article: Disinformation: EU Opens Probe Against Facebook and Instagram Ahead of Election

Read more →

Sophos found that the average ransom payment was $2m in 2023, with 63% of ransom demands $1m or more This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransom Payments Surge by 500% to an Average of $2m

Read more →

Some of America’s biggest wireless carriers illegally sold customer location, says FCC This article has been indexed from www.infosecurity-magazine.com Read the original article: FCC Fines Carriers $200m For Selling User Location Data

Read more →

Google blocked millions of policy-violating apps from being listed on Play in 2023 and banned 333,000 bad accounts This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Blocks 2.3 Million Apps From Play Store Listing

Read more →

The top malicious domains attracted over 100,000 hits each, according to Akamai Security This article has been indexed from www.infosecurity-magazine.com Read the original article: Study Reveals Alarming Levels of USPS Phishing Traffic

Read more →

Tanto Security uncovered three vulnerabilities which could allow attackers to execute sandbox escapes and gain root permissions on host machines This article has been indexed from www.infosecurity-magazine.com Read the original article: Judge0 Sandbox Vulnerabilities Expose Systems to Takeover Risk

Read more →

Coffee County has discovered malicious cyber-activity on its IT systems, and it reportedly severed its connection to Georgia’s state voter registration system This article has been indexed from www.infosecurity-magazine.com Read the original article: Voter Registration System Taken Offline in Coffee…

Read more →

European non-profit Noyb has filed a complaint to the Austrian data protection authority (DSB) over OpenAI’s ChatGPT providing false personal information This article has been indexed from www.infosecurity-magazine.com Read the original article: OpenAI’s ChatGPT is Breaking GDPR, Says Noyb

Read more →

IoT manufacturers, retailers and importers must comply with new security legislation, the PSTI act, from today This article has been indexed from www.infosecurity-magazine.com Read the original article: New UK Smart Device Security Law Comes into Force

Read more →

IoT manufacturers, retailers and importers must comply with new security legislation, the PSTI act, from today This article has been indexed from www.infosecurity-magazine.com Read the original article: New UK Smart Device Security Law Comes into Force Today

Read more →

Okta has issued customers with new advice on how to block mounting credential stuffing attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Okta Warns Customers of Credential Stuffing Barrage

Read more →

CISA’s RVWP program sent 1754 ransomware vulnerability notifications to government and critical infrastructure entities in 2023, leading to 852 devices being secured This article has been indexed from www.infosecurity-magazine.com Read the original article: Over 850 Vulnerable Devices Secured Through CISA…

Read more →

The US Federal Trade Commission will send $5.6m worth of refunds to the spied-on customers of the Amazon-owned home camera company This article has been indexed from www.infosecurity-magazine.com Read the original article: Ring to Pay Out $5.6m in Refunds After…

Read more →

The two founders of Samourai Wallet have been charged with money laundering and unlicensed money-transmitting offenses This article has been indexed from www.infosecurity-magazine.com Read the original article: US Takes Down Illegal Cryptocurrency Mixing Service Samourai Wallet

Read more →

An advisory from Cisco Talos has highlighted a sophisticated cyber-espionage campaign targeting government networks globally This article has been indexed from www.infosecurity-magazine.com Read the original article: State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities

Read more →

Cyber threat intelligence provider Cyble found that DragonForce was using a ransomware binary based on LockBit Black’s builder This article has been indexed from www.infosecurity-magazine.com Read the original article: DragonForce Ransomware Group Uses LockBit’s Leaked Builder

Read more →

A new ISC2 study highlights the lack of diversity in cybersecurity with only 4% of teams having a majority of women, while 11% have none at all This article has been indexed from www.infosecurity-magazine.com Read the original article: 11% of…

Read more →

Consumer rights group Which? has found more security gaps in UK banking sites and apps This article has been indexed from www.infosecurity-magazine.com Read the original article: Online Banking Security Still Not Up to Par, Says Which?

Read more →

Email-borne fraud accounted for more insurance claims than any other category in 2023, says Coalition This article has been indexed from www.infosecurity-magazine.com Read the original article: BEC and Fund Transfer Fraud Top Insurance Claims

Read more →

Jake Humphrey and Professor Damian Hughes, the minds behind the High Performance Podcast, share their top non-negotiable behaviours for success in cybersecurity This article has been indexed from www.infosecurity-magazine.com Read the original article: High Performance Podcast Duo to Unveil Secrets…

Read more →

The bill that could see TikTok banned in the US has been approved by the House of Representatives and the Senate This article has been indexed from www.infosecurity-magazine.com Read the original article: US Congress Passes Bill to Ban TikTok

Read more →

The US Treasury announced sanctions on two companies and four individuals for cyber campaigns conducted on behalf of the Iranian government This article has been indexed from www.infosecurity-magazine.com Read the original article: US Sanctions Iranian “Fronts” for Cyber-Attacks on American…

Read more →

The proximity of organizations’ headquarters, like Asda’s and NHS England’s, prompted BlueVoyant to choose Leeds as the location for its first UK SOC This article has been indexed from www.infosecurity-magazine.com Read the original article: Leeds Talent Pool Attracts BlueVoyant’s First…

Read more →

Netacea research found that 93% of security leaders expect to face daily AI-driven attacks by the end of 2024, with 65% predicting that offensive AI will be the norm for cybercriminals This article has been indexed from www.infosecurity-magazine.com Read the…

Read more →

One in five UK organizations have had corporate data exposed via generative AI, says RiverSafe This article has been indexed from www.infosecurity-magazine.com Read the original article: Fifth of CISOs Admit Staff Leaked Data Via GenAI

Read more →

North Korean hackers ran a year-long cyber-espionage campaign against South Korean defense companies This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korean Hackers Target Dozens of Defense Companies

Read more →

The move is reportedly part of a broader effort to counter the misuse of surveillance technology This article has been indexed from www.infosecurity-magazine.com Read the original article: US Imposes Visa Restrictions on Alleged Spyware Figures

Read more →

The call comes amid the rollout of end-to-end encryption on Meta’s Messenger platform This article has been indexed from www.infosecurity-magazine.com Read the original article: End-to-End Encryption Sparks Concerns Among EU Law Enforcement

Read more →

Millions of Americans may be impacted by the Change Healthcare data breach as UnitedHealth confirms exposed data includes personal and health information This article has been indexed from www.infosecurity-magazine.com Read the original article: Millions of Americans’ Data Potentially Exposed in…

Read more →

Mandiant’s latest M-Trends report found that vulnerability exploitation was the most common initial infection vector in 2023, making up 38% of intrusions This article has been indexed from www.infosecurity-magazine.com Read the original article: Vulnerability Exploitation on the Rise as Attackers…

Read more →

Mandiant’s latest M-Trends report found that vulnerability exploitation was the most common initial infection vector in 2023, making up 38% of intrusions This article has been indexed from www.infosecurity-magazine.com Read the original article: Vulnerability Exploitation on the Rise as Attacker…

Read more →

Notorious APT44 group Sandworm launched a major campaign against Ukrainian critical infrastructure in March This article has been indexed from www.infosecurity-magazine.com Read the original article: Russian Sandworm Group Hit 20 Ukrainian Energy and Water Sites

Read more →

Microsoft has warned of a long-running credential stealing campaign from Russia’s APT28 This article has been indexed from www.infosecurity-magazine.com Read the original article: Russian APT28 Group in New “GooseEgg” Hacking Campaign

Read more →

The scheme was uncovered by Kaspersky and has been operational since November 2023 This article has been indexed from www.infosecurity-magazine.com Read the original article: Fraudsters Exploit Telegram’s Popularity For Toncoin Scam

Read more →

This occurs when a private package fetches a similar public one, leading to exploit due to misconfigurations in package managers This article has been indexed from www.infosecurity-magazine.com Read the original article: Dependency Confusion Vulnerability Found in Apache Project

Read more →

CrushFTP is urging customers to download v11 of its file transfer platform, with attackers actively exploiting a vulnerability that allows them to download system files This article has been indexed from www.infosecurity-magazine.com Read the original article: CrushFTP File Transfer Vulnerability…

Read more →

The new document is the first release from NSA’s Artificial Intelligence Security Center (AISC), in partnership with other government agencies in the US and other Five Eyes countries This article has been indexed from www.infosecurity-magazine.com Read the original article: NSA…

Read more →

The UK’s National Cyber Security Centre will see Richard Horne take over as its new boss in the autumn This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Announces PwC’s Richard Horne as New CEO

Read more →

Non-profit MITRE says a sophisticated state group breached its network via two chained Ivanti zero-days This article has been indexed from www.infosecurity-magazine.com Read the original article: MITRE Reveals Ivanti Breach By Nation State Actor

Read more →

This drop represents a direct threat to US national cybersecurity infrastructure, said CyberSN representatives in their report This article has been indexed from www.infosecurity-magazine.com Read the original article: Alarming Decline in Cybersecurity Job Postings in the US

Read more →

A joint advisory from Europol and US and Dutch government agencies estimated that Akira made around $42m in ransomware proceeds from March 2023 to January 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Akira Ransomware Group…

Read more →

The figures come from Egress’s latest report, which also suggests secure email gateways lag behind tech advancements This article has been indexed from www.infosecurity-magazine.com Read the original article: Quishing Attacks Jump Tenfold, Attachment Payloads Halve

Read more →

Mandiant has confirmed that Sandworm is responsible for many cyber-attacks against Ukraine has close ties with a Russian hacktivist group This article has been indexed from www.infosecurity-magazine.com Read the original article: Russia’s Sandworm Upgraded to APT44 by Google’s Mandiant

Read more →

Zscaler also confirmed MadMxShell uses DLL sideloading and DNS tunneling for C2 communication This article has been indexed from www.infosecurity-magazine.com Read the original article: New Cyber-Threat MadMxShell Exploits Typosquatting and Google Ads

Read more →

A US government advisory sets out actions election officials need to take to mitigate the impact of nation-state influence campaigns ahead of the November elections This article has been indexed from www.infosecurity-magazine.com Read the original article: US Election Officials Told…

Read more →

Bridewell report reveals critical infrastructure firms are losing faith in their defensive tooling This article has been indexed from www.infosecurity-magazine.com Read the original article: Trust in Cyber Takes a Knock as CNI Budgets Flatline

Read more →

The Metropolitan Police and partners have disrupted the prolific LabHost phishing-as-a-service platform This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost

Read more →

The attacks exploit CVE-2023-22518, a critical flaw in Atlassian Confluence Data Center and Server This article has been indexed from www.infosecurity-magazine.com Read the original article: Linux Cerber Ransomware Variant Exploits Atlassian Servers

Read more →

Proofpoint confirmed Kimsuky has directly contacted foreign policy experts since 2023 through seemingly benign email conversations This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korean Group Kimsuky Exploits DMARC and Web Beacons

Read more →

OpenSSF, in collaboration with the US Government, has developed Protobom, a open source tool designed to simplify SBOM management for organizations This article has been indexed from www.infosecurity-magazine.com Read the original article: US Government and OpenSSF Partner on New SBOM…

Read more →

This year’s EU elections will be a stress test to see whether the newly adopted Digital Services Act can efficiently mitigate misinformation threats This article has been indexed from www.infosecurity-magazine.com Read the original article: EU Elections: Pro-Russian Propaganda Exploits Meta’s…

Read more →

Ivanti has fixed two critical vulnerabilities in its Avalanche MDM product which could lead to remote code execution This article has been indexed from www.infosecurity-magazine.com Read the original article: Ivanti Patches Two Critical Avalanche Flaws in Major Update

Read more →

Cifas reveals 14% rise in dishonest employees, driven mainly by financial necessity last year This article has been indexed from www.infosecurity-magazine.com Read the original article: Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

Read more →

WithSecure researchers said it is likely Russian state group Sandworm has added a novel backdoor dubbed ‘Kapeka’ to its arsenal This article has been indexed from www.infosecurity-magazine.com Read the original article: Russian Sandworm Group Using Novel Backdoor to Target Ukraine…

Read more →

According to Pentera, firms are allocating 13% of their total IT security budgets to pentesting This article has been indexed from www.infosecurity-magazine.com Read the original article: Report Suggests 93% of Breaches Lead to Downtime and Data Loss

Read more →

Orca Security said the issue mirrors a previously identified vulnerability in Azure CLI This article has been indexed from www.infosecurity-magazine.com Read the original article: LeakyCLI Flaw Exposes AWS and Google Cloud Credentials

Read more →

An open letter signed by 50 cybersecurity practitioners requires the US Congress to support NIST in restoring operations at the National Vulnerability Database This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybersecurity Pros Urge US Congress to…

Read more →

New Check Point data found Microsoft was impersonated in 38% of all brand phishing attacks in Q1 2024, up from 33% in Q4 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Most Impersonated Brand in…

Read more →

Two open source organizations have revealed attempts to socially engineer project takeovers This article has been indexed from www.infosecurity-magazine.com Read the original article: Open Source Leaders Warn of XZ Utils-Like Takeover Attempts

Read more →

Malicious bots now represent a third of all internet traffic, says Imperva This article has been indexed from www.infosecurity-magazine.com Read the original article: Bad Bots Drive 10% Annual Surge in Account Takeover Attacks

Read more →

An international team of researchers published the first-ever index ranking countries by cybercrime threat level This article has been indexed from www.infosecurity-magazine.com Read the original article: Russia and Ukraine Top Inaugural World Cybercrime Index

Read more →

Kaspersky also uncovered the use of the SessionGopher script to extract saved passwords This article has been indexed from www.infosecurity-magazine.com Read the original article: New LockBit Variant Exploits Self-Spreading Features

Read more →

Designated CVE-2024-3400 and with a CVSS score of 10.0, the flaw enables unauthorized actors to execute arbitrary code on affected firewalls This article has been indexed from www.infosecurity-magazine.com Read the original article: Palo Alto Networks Zero-Day Flaw Exploited in Targeted…

Read more →

Nexperia confirmed its IT servers were accessed by attackers, with the Dunghill ransomware group claiming to have stolen chip designs and other sensitive documents This article has been indexed from www.infosecurity-magazine.com Read the original article: Chipmaker Giant Nexperia Confirms Cyber-Attack…

Read more →

The Feds have received thousands of complaints about phishing texts from fake road toll collection services This article has been indexed from www.infosecurity-magazine.com Read the original article: FBI Warns of Massive Toll Services Smishing Scam

Read more →

Nine arrests and millions of euros seized in bid to bust JuicyFields investment scammers This article has been indexed from www.infosecurity-magazine.com Read the original article: Police Swoop on €645m Cannabis Investment Fraud Gang

Read more →

The breach affecting business analytics provider Sisense could lead to a wide-scale supply chain attack This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Urges Immediate Credential Reset After Sisense Breach

Read more →

A fix for CVE-2024-3400 is scheduled on April 4, Palo Alto Networks announced This article has been indexed from www.infosecurity-magazine.com Read the original article: Palo Alto Networks Warns About Critical Zero-Day in PAN-OS

Read more →

The revision points out companies like NSO Group, known for surveillance tools like Pegasus This article has been indexed from www.infosecurity-magazine.com Read the original article: Apple Boosts Spyware Alerts For Mercenary Attacks

Read more →

These records belonged to Dublin-based iCabbi, a dispatch and fleet management technology provider This article has been indexed from www.infosecurity-magazine.com Read the original article: Data Breach Exposes 300k Taxi Passengers’ Information

Read more →

A new cyber espionage campaign, called ‘eXotic Visit,’ targeted Android users in South Asia via seemingly legitimate messaging apps This article has been indexed from www.infosecurity-magazine.com Read the original article: New Android Espionage Campaign Spotted in India and Pakistan

Read more →

Distribution vectors of the Raspberry Robin worm now include Windows Script Files (WSF) alongside other methods like USB drives This article has been indexed from www.infosecurity-magazine.com Read the original article: Raspberry Robin Distributed Through Windows Script Files

Read more →

Checkmarx warns of GitHub search result manipulation designed to promote malicious repositories This article has been indexed from www.infosecurity-magazine.com Read the original article: Threat Actors Game GitHub Search to Spread Malware

Read more →

The number of publicly reported data breaches and leaks grew 90% in the first three months of the year This article has been indexed from www.infosecurity-magazine.com Read the original article: US Data Breach Reports Surge 90% Annually in Q1

Read more →

Proofpoint said it is the first time this threat actor has been seen using LLM-generated PowerShell scripts This article has been indexed from www.infosecurity-magazine.com Read the original article: Rhadamanthys Malware Deployed By TA547 Against German Targets

Read more →

The issues identified permit unauthorized access to the TV’s root system by bypassing authorization mechanisms This article has been indexed from www.infosecurity-magazine.com Read the original article: LG TV Vulnerabilities Expose 91,000 Devices

Read more →

A WiCyS report detailed the causes of disparities in the experiences of women working in cybersecurity compared to men, including respect and exclusion This article has been indexed from www.infosecurity-magazine.com Read the original article: Women Experience Exclusion Twice as Often…

Read more →

A flaw in the Rust standard library exposes Windows systems to command injection attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Windows: New ‘BatBadBut’ Rust Vulnerability Given Highest Severity Score

Read more →

The DoJ says it has seized $1.4bn and charged 3500 defendants in COVID fraud cases since 2021 This article has been indexed from www.infosecurity-magazine.com Read the original article: US Claims to Have Recovered $1.4bn in COVID Fraud

Read more →

April’s Patch Tuesday saw fixes for 150 CVEs, including two being actively exploited in the wild This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Patches 150 Flaws Including Two Zero-Days

Read more →

The UK Government’s latest Cyber Security Breaches Survey found a large increase in the proportion of businesses impacted by a cyber-attack or breach in the past 12 months This article has been indexed from www.infosecurity-magazine.com Read the original article: Half…

Read more →