Category: www.infosecurity-magazine.com

Interpol claims intervention saved one Singapore firm $42m stolen by scammers This article has been indexed from www.infosecurity-magazine.com Read the original article: Police Recover Over $40m Headed to BEC Scammers

Read more →

New report warns of escalating hardware supply chain attacks, with 19% of organizations impacted and nearly all IT leaders expecting nation-state involvement This article has been indexed from www.infosecurity-magazine.com Read the original article: #BHUSA: Nation-State Attacks Target Hardware Supply Chains

Read more →

SonicWall discovered the Apache OFBiz flaw, identifying it as a critical issue enabling unauthenticated remote code execution This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Vulnerability in Apache OFBiz Requires Immediate Patching

Read more →

50% of professionals also cited a lack of expertise as a barrier to effective cyber-risk management This article has been indexed from www.infosecurity-magazine.com Read the original article: 86% of Firms Identify Unknown Cyber-Risks as Top Concern

Read more →

TikTok has committed to permanently withdraw the Lite Rewards program from the EU, after legal proceedings were launched relating to its risks to users, particularly children This article has been indexed from www.infosecurity-magazine.com Read the original article: TikTok Withdraws Lite…

Read more →

The White House and EC-Council scholarship program aims to train over 50,000 students in critical cybersecurity skills This article has been indexed from www.infosecurity-magazine.com Read the original article: White House and EC-Council Launch $15m Cybersecurity Scholarship Program

Read more →

The US government is taking TikTok to court for alleged violations of the COPPA regulation This article has been indexed from www.infosecurity-magazine.com Read the original article: US Sues TikTok For Children’s Law Violations

Read more →

Volexity claims the StormBamboo group compromised an ISP to push malicious software updates to customers This article has been indexed from www.infosecurity-magazine.com Read the original article: APT Group StormBamboo Attacks ISP Customers Via DNS Poisoning

Read more →

The UK’s ICO has identified children’s privacy concerns in 11 social media and video sharing platforms, warning of regulatory action if these issues are not addressed This article has been indexed from www.infosecurity-magazine.com Read the original article: Social Media Firms…

Read more →

The US Government Accountability Office has told the Environmental Protection Agency to urgently develop a strategy to tackle rising cyber-threats to the water industry This article has been indexed from www.infosecurity-magazine.com Read the original article: EPA Told to Address Cyber…

Read more →

The rise in DDOS attacks against the gaming industry is accompanied by increasing bot activity This article has been indexed from www.infosecurity-magazine.com Read the original article: Gaming Industry Faces 94% Surge in DDoS Attacks

Read more →

The UK’s NCSC is launching ACD 2.0, an advanced suite of cybersecurity tools and services designed to protect businesses from evolving cyber threats This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Unveils Advanced Cyber Defence 2.0…

Read more →

UK authorities shut down a scam platform responsible for over 1.3 million calls to 500,000 victims, resulting in millions of pounds in losses This article has been indexed from www.infosecurity-magazine.com Read the original article: Scam Platform Shut Down by UK…

Read more →

CloudSek said the RansomEXX breach occurred via a misconfigured Jenkins server at Brontoo Technology This article has been indexed from www.infosecurity-magazine.com Read the original article: RansomEXX Group Targets Indian Banking With New Tactics

Read more →

Pharma company Cencora confirmed in an updated SEC filing that sensitive personal and health data was exfiltrated by attackers in a February 2024 incident This article has been indexed from www.infosecurity-magazine.com Read the original article: Cencora Confirms Patient Data Stolen…

Read more →

The “Eriakos” info-stealing campaign is using hundreds of fake web shops to defraud victims This article has been indexed from www.infosecurity-magazine.com Read the original article: E-Commerce Fraud Campaign Uses 600+ Fake Sites

Read more →

A Vipre study reveals a 20% increase in business email compromise attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: BEC Attacks Surge 20% Annually Thanks to AI Tooling

Read more →

US non-profit OneBlood has issued an urgent appeal for donations after a ransomware attack has significantly reduced its capacity to distribute blood to hospitals This article has been indexed from www.infosecurity-magazine.com Read the original article: Urgent Blood Appeal Issued in…

Read more →

Discovered by Zimperium’s zLabs team, the SMS Stealer malware was found in over 105,000 samples This article has been indexed from www.infosecurity-magazine.com Read the original article: New SMS Stealer Malware Targets Over 600 Global Brands

Read more →

Meta has agreed a $1.4bn settlement with the State of Texas for failing to inform Facebook users about its biometric data capturing practices This article has been indexed from www.infosecurity-magazine.com Read the original article: Meta to Pay Texas $1.4bn for…

Read more →

According to Fortinet, PyPI package Zlibxjson steals Discord tokens and browser data, including passwords and extensive user information This article has been indexed from www.infosecurity-magazine.com Read the original article: New PyPI Package Zlibxjson Steals Discord, Browser Data

Read more →

IBM reveals a 10% increase in the global cost of a data breach to $4.9m This article has been indexed from www.infosecurity-magazine.com Read the original article: Cost of a Data Breach Surges 10% on Shadow Data Challenge

Read more →

A global outage of Microsoft services was triggered by a DDoS attack, with an error Microsoft’s DDoS protection measures amplifying the impact This article has been indexed from www.infosecurity-magazine.com Read the original article: DDoS Attack Triggers New Microsoft Global Outage

Read more →

Zscaler warns of copycat attacks after revealing one ransomware victim paid $75m This article has been indexed from www.infosecurity-magazine.com Read the original article: Researchers Uncover Largest Ever Ransomware Payment of $75m

Read more →

The OneDrive campaign uses social engineering to trick users into executing a PowerShell script This article has been indexed from www.infosecurity-magazine.com Read the original article: Sophisticated Phishing Campaign Targets Microsoft OneDrive Users

Read more →

According to eSentire, around 400 GenAI account logins are sold daily on the dark web, including credentials for GPT, Quillbot, Notion and Replit This article has been indexed from www.infosecurity-magazine.com Read the original article: Stolen GenAI Accounts Flood Dark Web…

Read more →

The ICO found that the Electoral Commission did not have appropriate security measures in place, allowing hackers to access the personal details of 40 million UK voters This article has been indexed from www.infosecurity-magazine.com Read the original article: ICO Slams…

Read more →

Picus Security claims just 12% of simulated attacks trigger an alert This article has been indexed from www.infosecurity-magazine.com Read the original article: Just One in 10 Attacks Flagged By Security Tools

Read more →

Health savings specialist HealthEquity reveals over four million customers were impacted in a recent breach This article has been indexed from www.infosecurity-magazine.com Read the original article: HealthEquity Breach Hits 4.3 Million Customers

Read more →

Guardio Labs found that attackers exploited a configuration setting in Proofpoint’s email protection service, allowing outbound messages to bypass email protections This article has been indexed from www.infosecurity-magazine.com Read the original article: Millions of Spoofed Emails Bypass Proofpoint Security in…

Read more →

Updated Mandrake samples, identified by Kaspersky, displayed enhanced obfuscation and evasion tactics This article has been indexed from www.infosecurity-magazine.com Read the original article: Mandrake Spyware Infects 32,000 Devices Via Google Play Apps

Read more →

Updated Mandrake samples, identified by Kaspersky, displayed enhanced obfuscation and evasion tactics This article has been indexed from www.infosecurity-magazine.com Read the original article: Mandrake Spyware Infects 32,000 Devices via Google Play Apps

Read more →

Walmart detailed findings about an unknown PowerShell backdoor, which was potentially utilized alongside a new Zloader variant This article has been indexed from www.infosecurity-magazine.com Read the original article: Walmart Discovers New PowerShell Backdoor Linked to Zloader Malware

Read more →

Salt Labs also said XSS combined with OAuth can lead to severe breaches This article has been indexed from www.infosecurity-magazine.com Read the original article: Hotjar, Business Insider Vulnerabilities Expose OAuth Data Risks

Read more →

Sapio Research claims that fewer than 50% of European companies place usage and other restrictions on AI This article has been indexed from www.infosecurity-magazine.com Read the original article: Less Than Half of European Firms Have AI Controls in Place

Read more →

Thousands of customers of cryptocurrency exchange Gemini have had personal data compromised This article has been indexed from www.infosecurity-magazine.com Read the original article: US Crypto Exchange Gemini Reveals Breach

Read more →

Synnovis has rebuilt “substantial parts” of its systems following the Qilin ransomware attack on June 3, enabling the restoration of core blood supplies to NHS hospitals This article has been indexed from www.infosecurity-magazine.com Read the original article: Synnovis Restores Systems…

Read more →

CrowdStrike has acknowledged the claims by the USDoD hacktivist group, which has provided a link to download the alleged threat actor list on a cybercrime forum This article has been indexed from www.infosecurity-magazine.com Read the original article: Hacktivists Claim Leak…

Read more →

Despite bans on AI code generation tools, widespread use and lack of governance are creating significant security risks for organizations This article has been indexed from www.infosecurity-magazine.com Read the original article: Despite Bans, AI Code Tools Widespread in Organizations

Read more →

A joint advisory by the UK, US and South Korea have warned of a global espionage campaign by a North Korea threat actor, Andariel, targeting CNI organizations This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korean…

Read more →

Cisco Talos found that ransomware and BEC accounted for 60% of all cyber incidents in Q2 2024, with ransomware rising by 22% compared to Q1 This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware and BEC Make…

Read more →

SonicWall observed a surge in malware attacks in H1 2024, with strains becoming more adept at defense evasion This article has been indexed from www.infosecurity-magazine.com Read the original article: Malware Attacks Surge 30% in First Half of 2024

Read more →

Appsbroker CTS found that nine in 10 IT leaders believe the severity of cyber-attacks has increased over the past year This article has been indexed from www.infosecurity-magazine.com Read the original article: Most IT Leaders Say Severity of Cyber-Attacks has Increased

Read more →

CrowdStrike has published a preliminary Post Incident Review into the global IT outage on July 19, revealing the issue came a Rapid Response Content update This article has been indexed from www.infosecurity-magazine.com Read the original article: CrowdStrike Shares How a…

Read more →

KnowBe4 revealed it was duped into hiring a fake IT worker from North Korea resulting in attempted insider threat activity This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korean Hackers Targeted Cybersecurity Firm KnowBe4 with Fake…

Read more →

Google’s decision to abandon the phase out of third-party cookies on Chrome has been criticized, with the tech giant accused of neglecting user privacy This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Criticized for Abandoning Cookie…

Read more →

A new report published by RUSI highlighted how Russia’s intelligence services have adapted their cybersecurity strategy to the demands of a long war in Ukraine This article has been indexed from www.infosecurity-magazine.com Read the original article: Russia Shifts Cyber Focus…

Read more →

Symantec said Chinese espionage group Daggerfly has updated its malware toolkit as it looks to target Windows, Linux, macOS and Android operating systems This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese Espionage Group Upgrades Malware Arsenal…

Read more →

The UK’s National Crime Agency has infiltrated the DigitalStress marketplace, which offers DDoS capabilities This article has been indexed from www.infosecurity-magazine.com Read the original article: Prolific DDoS Marketplace Shut Down by UK Law Enforcement

Read more →

Trend Micro also revealed a connection between the Play ransomware group and the threat actor Prolific Puma This article has been indexed from www.infosecurity-magazine.com Read the original article: Play Ransomware Expands to Target VMWare ESXi Environments

Read more →

Europol also said that multi-layered extortion tactics in ransomware are becoming more common This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Groups Fragment Amid Rising Cybercrime Threats

Read more →

Cybercriminals have launched phishing campaigns purporting to support organizations impacted by the global IT outage, caused by a CrowdStrike Falcon issue This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybercriminals Exploit CrowdStrike Outage Chaos

Read more →

Two Russian nationals have pleaded guilty to charges relating to their participation in the LockBit ransomware gang This article has been indexed from www.infosecurity-magazine.com Read the original article: Two Russians Convicted for Role in LockBit Attacks

Read more →

The SEC allegations against SolarWinds and its CISO over statements made after the 2020 ‘Sunburst’ hack were based on “hindsight and speculation,” said the judge This article has been indexed from www.infosecurity-magazine.com Read the original article: Sunburst: US Judge Dismisses…

Read more →

An issue related to an update to CrowdStrike’s security platform Falcon Sensor has impacted Microsoft Windows Operating Systems, causing global IT outages This article has been indexed from www.infosecurity-magazine.com Read the original article: CrowdStrike Fault Causes Global IT Outages

Read more →

HotPage manipulates browser traffic by hooking into network-based Windows API functions This article has been indexed from www.infosecurity-magazine.com Read the original article: HotPage Malware Hijacks Browsers with Signed Microsoft Driver

Read more →

All SAP AI Core vulnerabilities were reported to SAP by Wiz and have since been fixed This article has been indexed from www.infosecurity-magazine.com Read the original article: SAP AI Core Flaws Expose Sensitive Customer Data and Keys

Read more →

Crypto accounts tied to scammers associated with $162m in crypto losses have been closed as part of Operation Spincaster This article has been indexed from www.infosecurity-magazine.com Read the original article: Chainalysis Launches Public-Private Plans to Crack Down on Crypto Scams

Read more →

MediSecure revealed that the personal and health data of approximately 12.9 million Australians has been affected by the May 2024 attack This article has been indexed from www.infosecurity-magazine.com Read the original article: Nearly 13 Million Australians Affected by MediSecure Attack

Read more →

New figures reveal a massive 1170% increase in people impacted by data breaches in Q2 2024 versus a year ago This article has been indexed from www.infosecurity-magazine.com Read the original article: US Data Breach Victim Numbers Surge 1170% Annually

Read more →

A new UK Cyber Security and Resilience Bill will update the NIS Regulations This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Government Set to Introduce New Cyber Security and Resilience Bill

Read more →

Qilin’s attack on Synnovis severely impacted key NHS hospitals in London earlier this month This article has been indexed from www.infosecurity-magazine.com Read the original article: Qilin Ransomware’s Sophisticated Tactics Unveiled By Experts

Read more →

The ICO said a lack of security controls led to a large-scale data breach at the London Borough of Hackney Council This article has been indexed from www.infosecurity-magazine.com Read the original article: ICO Reprimands London Council for Mass Data Breach

Read more →

The threat actor who claimed the recent Disney hack previously targeted AI-centric games and applications with commodity malware and ransomware This article has been indexed from www.infosecurity-magazine.com Read the original article: Understanding NullBulge, the New AI-Fighting ‘Hacktivist’ Group

Read more →

Fortinet observed an 80-90% increase in darknet activity targeting the Olympics between 2023 and 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Paris 2024 Olympics Face Escalating Cyber-Threats

Read more →

Netskope found that 96% of organizations use generative AI applications, with sensitive data frequently shared with these tools This article has been indexed from www.infosecurity-magazine.com Read the original article: Sensitive Data Sharing Risks Heightened as GenAI Surges

Read more →

Interpol claims hundreds of arrests were made as police disrupted the West African Black Axe cybercrime gang This article has been indexed from www.infosecurity-magazine.com Read the original article: Global Police Swoop on Black Axe Cybercrime Syndicate

Read more →

CISA has told federal agencies to patch a critical GeoServer GeoTools vulnerability under active exploitation This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA: Patch Critical GeoServer GeoTools Bug Now

Read more →

Void Banshee targeted North American, European and Southeast Asian regions with the Atlantida stealer This article has been indexed from www.infosecurity-magazine.com Read the original article: MHTML Exploited By APT Group Void Banshee

Read more →

Disney unreleased projects and internal data are part of a data leak claimed by hacktivist group ‘NullBulge’ This article has been indexed from www.infosecurity-magazine.com Read the original article: Hacktivists Claim Leak Over 1 Terabyte of Disney Data

Read more →

The Iranian APT group has shifted away from using legitimate remote monitoring tools to compromise its victims This article has been indexed from www.infosecurity-magazine.com Read the original article: Iranian MuddyWater Upgrades Arsenal With New Custom Backdoor

Read more →

CyberDragon and Cyber Army of Russia, among others, have claimed responsibility for the attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Hacktivist Groups Target Romania Amid Geopolitical Tensions

Read more →

JumpCloud found that half of SME IT teams believe they lack the resources and staffing to defend their organization against cyber-threats This article has been indexed from www.infosecurity-magazine.com Read the original article: Half of SMEs Unprepared for Cyber-Threats

Read more →

Russian AV-maker Kaspersky is set to shutter its US operations from Saturday This article has been indexed from www.infosecurity-magazine.com Read the original article: Kaspersky to Quit US Following Commerce Department Ban

Read more →

Russian AV-maker Kaspersky is set to shutter its US operations from Saturday This article has been indexed from www.infosecurity-magazine.com Read the original article: Kaspersky to Quit US This Weekend

Read more →

A Portsmouth University study finds that large numbers of elderly citizens are being harassed by phone fraudsters This article has been indexed from www.infosecurity-magazine.com Read the original article: Two-Fifths of Senior Citizens Suffer Frequent Fraud Attempts

Read more →

Sysdig said CRYSTALRAY used a variety of open source security tools to scan for vulnerabilities This article has been indexed from www.infosecurity-magazine.com Read the original article: CRYSTALRAY Cyber-Attacks Grow Tenfold Using OSS Tools

Read more →

The WordPress plugin has over 20,000 active installations and is used for site backups and update management This article has been indexed from www.infosecurity-magazine.com Read the original article: WP Time Capsule Plugin Update Urged After Critical Security Flaw

Read more →

Barracuda has observed attackers using three different URL protection services to mask their phishing URLs, bypassing email security tools This article has been indexed from www.infosecurity-magazine.com Read the original article: Attackers Exploit URL Protections to Disguise Phishing Links

Read more →

US pharmacy chain Rite Aid has confirmed a cybersecurity ‘incident’ in June This article has been indexed from www.infosecurity-magazine.com Read the original article: Pharmacy Giant Rite Aid Hit By Ransomware

Read more →

Google is in talks to acquire security startup Wiz Security This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Lines Up $23bn Swoop For Startup Wiz Security

Read more →

AT&T discloses data breach where hackers accessed customer call logs from a cloud platform in April This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Downloaded Call Logs from Cloud Platform in AT&T Breach

Read more →

Clay County, Indiana, said a ransomware attack has prevented the administration of critical services, leading to a disaster declaration being filed This article has been indexed from www.infosecurity-magazine.com Read the original article: Indiana County Files Disaster Declaration Following Ransomware Attack

Read more →

Advance Auto Parts has confirmed a breach of its Snowflake account will impact millions This article has been indexed from www.infosecurity-magazine.com Read the original article: Snowflake Breach at Advance Auto Parts Hits 2.3 Million People

Read more →

NATO members have agreed to develop a new integrated facility to help improve collective cyber-resilience This article has been indexed from www.infosecurity-magazine.com Read the original article: NATO Set to Build New Cyber Defense Center

Read more →

An alert from the CISA and the FBI has urged software manufacturers to work towards the elimination of operating system (OS) command injection vulnerabilities This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Urges Software Makers to…

Read more →

Operation Ticket Heist involves 700 web domains to sell fake Olympic Games tickets to a Russian-speaking audience, QuoIntelligence has found This article has been indexed from www.infosecurity-magazine.com Read the original article: Fraud Campaign Targets Russians with Fake Olympics Tickets

Read more →

Symantec figures suggest a 9% annual increase claimed ransomware attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Surges Annually Despite Law Enforcement Takedowns

Read more →

Researchers at Elliptic claim multibillion dollar Huione Guarantee platform is enabler of scams and money laundering This article has been indexed from www.infosecurity-magazine.com Read the original article: Huione Guarantee Marketplace Exposed as Front for Cybercrime

Read more →

Smishing Triad’s MO involves registering fraudulent domain names that mimic legitimate organizations This article has been indexed from www.infosecurity-magazine.com Read the original article: Smishing Triad Targets India with Fraud Surge

Read more →

For trusted senders, the flaw is zero-click, but requires one-click interactions for untrusted ones This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability

Read more →

A Cisco report highlighted TTPs used by the most prominent ransomware groups to evade detection, establish persistence and exfiltrate sensitive data This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Groups Prioritize Defense Evasion for Data Exfiltration

Read more →

RT leverages the Meliorator software to create fake personas on social media, US, Canadian and Dutch agencies have found This article has been indexed from www.infosecurity-magazine.com Read the original article: Russian Media Uses AI-Powered Software to Spread Disinformation

Read more →

Next DLP study finds majority of security professionals have used unauthorised apps in past year This article has been indexed from www.infosecurity-magazine.com Read the original article: Most Security Pros Admit Shadow SaaS and AI Use

Read more →

Microsoft has addressed two actively exploited and two publicly disclosed zero-day bugs this month This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Fixes Four Zero-Days in July Patch Tuesday

Read more →

In a statement on Monday, Evolve confirmed the breach includes over 20,000 customers in Maine This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyber-Attack on Evolve Bank Exposed Data of 7.6 Million Customers

Read more →

Group-IB also revealed the ransomware uses Chacha20 and RSA-OAEP for encryption This article has been indexed from www.infosecurity-magazine.com Read the original article: Eldorado Ransomware Strikes Windows and Linux Networks

Read more →

A joint government advisory warned that the Chinese state-sponsored actor APT40 is capable of immediately exploiting newly public vulnerabilities in widely used software This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese State Actor APT40 Exploits N-Day…

Read more →

Researchers at Avast found a flaw in the cryptographic schema of the DoNex ransomware and have been sending out decryptor keys to victims since March 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Avast Provides DoNex…

Read more →

Study confirms most manufacturers with DMARC don’t have it configured to most secure policy This article has been indexed from www.infosecurity-magazine.com Read the original article: Just a Fifth of Manufacturers Have Strongest Anti-Phishing Protection

Read more →