Category: www.infosecurity-magazine.com

After analyzing the 12 Rust payloads exploiting Ivanti ConnectSecure vulnerabilities, Synacktiv found they all enabled a sophisticated post-exploitation toolkit This article has been indexed from www.infosecurity-magazine.com Read the original article: Rust Payloads Exploiting Ivanti Zero-Days Linked to Sophisticated Sliver Toolkit

Read more →

New data from Corvus found that ransomware incidents rose by 68% in 2023 compared to 2022, but law enforcement takedowns led to a fall in Q4 This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Incidents Hit…

Read more →

The FBI is warning the public not to fall for scams where they are urged to liquidate assets and hand them to couriers for ‘safekeeping’ This article has been indexed from www.infosecurity-magazine.com Read the original article: FBI: Scammers Are Sending…

Read more →

The House of Lords has questioned the legal basis for police use of facial recognition and wants parliament to legislate This article has been indexed from www.infosecurity-magazine.com Read the original article: UK House of Lords Calls For Legislation on Facial…

Read more →

FortiGuard said the variant was found in an Office document using a VBA script This article has been indexed from www.infosecurity-magazine.com Read the original article: Phobos Ransomware Family Expands With New FAUST Variant

Read more →

The call follows an FTC order saying data brokers must secure consent before selling user data This article has been indexed from www.infosecurity-magazine.com Read the original article: US Senator Exposes NSA Purchase of Americans’ Internet Records

Read more →

Nigeria-based cybercriminals known as Yahoo Boys are the main drivers of a financial sextortion increase on TikTok, Instagram and Snapchat, targeting English-speaking teenagers This article has been indexed from www.infosecurity-magazine.com Read the original article: Nigerian ‘Yahoo Boys’ Behind Social Media…

Read more →

Microsoft said the Russian nation-state group Midnight Blizzard obfuscated its attack through the use of an OAuth application This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Provides Defense Guidance After Nation-State Compromise

Read more →

Drug trafficker Banmeet Singh made $150m in cryptocurrency from dark web sales This article has been indexed from www.infosecurity-magazine.com Read the original article: Dark Web Drugs Vendor Forfeits $150m After Guilty Plea

Read more →

Customers are urged to patch now after exploits are released for critical vulnerability in Jenkins This article has been indexed from www.infosecurity-magazine.com Read the original article: CI/CD at Risk as Exploits Released For Critical Jenkins Bug

Read more →

Ukraine’s security services said that the IT specialist from Kharkiv targeted government websites and provided intelligence to Russia to carry out missile strikes This article has been indexed from www.infosecurity-magazine.com Read the original article: Ukraine Arrests Hacker for Assisting Russian…

Read more →

Recorded Future analyzed leaks describing the close relationship between the Iranian government and Iran-aligned APT groups This article has been indexed from www.infosecurity-magazine.com Read the original article: New Leaks Expose Web of Iranian Intelligence and Cyber Companies

Read more →

Cisco found that privacy and data security risks have led to over a quarter of organizations banning generative AI, at least temporarily, while a majority have instituted controls This article has been indexed from www.infosecurity-magazine.com Read the original article: Data…

Read more →

ESET said Blackwood has been actively engaged in cyber-espionage since at least 2018 This article has been indexed from www.infosecurity-magazine.com Read the original article: China-Aligned APT Group Blackwood Unleashes NSPX30 Implant

Read more →

Bugcrowd’s latest report also recorded a 30% surge in web submissions in 2023 This article has been indexed from www.infosecurity-magazine.com Read the original article: Government Security Vulnerabilities Surge By 151%, Report Finds

Read more →

A global drop in DeFi hacking gains prompted North Korean threat actors to diversify and extend their victim portfolio, Chainalysis found This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korea Hacks Crypto: More Targets, Lower Gains

Read more →

Over 350 million individuals were impacted by data breaches in the US in 2023 and 11% of all publicly traded companies have been compromised This article has been indexed from www.infosecurity-magazine.com Read the original article: Data Privacy Week: US Data…

Read more →

Southern Water confirmed a data breach had occurred after the Black Basta ransomware group purportedly published personal information held by the firm This article has been indexed from www.infosecurity-magazine.com Read the original article: Southern Water Confirms Data Breach Following Black…

Read more →

The Zero Day Initiative’s first Pwn2Own Automotive competition has handed out over $1m for 24 zero-days This article has been indexed from www.infosecurity-magazine.com Read the original article: Pwn2Own Contest Unearths Dozens of Zero-Day Vulnerabilities

Read more →

Hewlett Packard Enterprise reveals that Russian state APT29 hackers stole data from corporate mailboxes This article has been indexed from www.infosecurity-magazine.com Read the original article: HPE Says SolarWinds Hackers Accessed its Emails

Read more →

Kaspersky said cybercriminals are exploring schemes to implement ChatGPT in malware development This article has been indexed from www.infosecurity-magazine.com Read the original article: ChatGPT Cybercrime Surge Revealed in 3000 Dark Web Posts

Read more →

Finding comes from Menlo Security’s recently released 2023 State of Browser Security Report This article has been indexed from www.infosecurity-magazine.com Read the original article: Browser Phishing Threats Grew 198% Last Year

Read more →

As a critical infrastructure service for cybercriminals, bulletproof hosting should be tracked and blocked by defenders, Intel471 argued in a new blog post This article has been indexed from www.infosecurity-magazine.com Read the original article: Why Bulletproof Hosting is Key to…

Read more →

X (formerly Twitter) has announced that passkeys are available as a login option for US-based users on iOS following a spate of high-profile account hijacks This article has been indexed from www.infosecurity-magazine.com Read the original article: X Makes Passkeys Available…

Read more →

Researchers have released exploit code for a critical bug in managed file transfer software Fortra GoAnywhere This article has been indexed from www.infosecurity-magazine.com Read the original article: Exploit Code Released For Critical Fortra GoAnywhere Bug

Read more →

The National Cyber Security Centre claims in a new report that AI will increase volume and impact of ransomware attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: AI Set to Supercharge Ransomware Threat, Says NCSC

Read more →

ReversingLabs noted a 1300% surge in harmful open-source packages between 2020 and 2023 This article has been indexed from www.infosecurity-magazine.com Read the original article: Malicious npm Packages Used to Target GitHub Developer SSH Keys

Read more →

Shadowserver reported over 39,000 exploitation attempts from 600 unique IP addresses, mainly Russian This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Target Atlassian Confluence With RCE Exploits

Read more →

The UK government has published a draft code that aims to establish cybersecurity as a key focus for business leaders, on par with financial and legal risks This article has been indexed from www.infosecurity-magazine.com Read the original article: New Cybersecurity…

Read more →

The French CNIL has fined Amazon France Logistique $35m for an “excessively intrusive” surveillance system set up to monitor the performance of its staff This article has been indexed from www.infosecurity-magazine.com Read the original article: French Watchdog Slams Amazon with…

Read more →

The Australian government has sanctioned Russian national Aleksandr Ermakov for his role in the Medibank data breach This article has been indexed from www.infosecurity-magazine.com Read the original article: Australia Sanctions Russian Hacker Behind Medibank Breach

Read more →

A haul of 26 billion records found online was compiled from historic breaches This article has been indexed from www.infosecurity-magazine.com Read the original article: Mega-Breach Database Exposes 26 Billion Records

Read more →

The Securities and Exchange Commission says hackers hijacked its X account in a SIM swap attack after MFA was disabled This article has been indexed from www.infosecurity-magazine.com Read the original article: SEC Confirms SIM Swap Attack Behind X Account Takeover

Read more →

A haul of 26 billion records found online was compiled from historic breaches This article has been indexed from www.infosecurity-magazine.com Read the original article: “Mother of All Breaches” Unlikely to Contain New Data

Read more →

The US loan giant confirmed 16.6 million customers had “sensitive personal” information stolen in a cyber-attack This article has been indexed from www.infosecurity-magazine.com Read the original article: LoanDepot Data Breach Hits 16.6 Million Customers

Read more →

The US loan giant confirmed 16.6 million customers had “sensitive personal” information stolen in a cyber-attack This article has been indexed from www.infosecurity-magazine.com Read the original article: LoanDepot Data Breach Hits 16.6 Customers

Read more →

Thailand’s data breaches fell in 2022-2023, but Resecurity is warning of rising cyber-threats This article has been indexed from www.infosecurity-magazine.com Read the original article: Thai Court Blocks 9near.org to Avoid Exposure of 55M Citizens

Read more →

Kaspersky said the malware targeted macOS Ventura 13.6 and newer versions This article has been indexed from www.infosecurity-magazine.com Read the original article: New macOS Malware Targets Cracked Apps

Read more →

According to ISACA, two-thirds of professionals don’t fully understand the privacy regulations their organization needs to comply with This article has been indexed from www.infosecurity-magazine.com Read the original article: Data Privacy Week: Lack of Understanding, Underfunding Threaten Data Privacy and…

Read more →

US security agency CISA orders all civilian federal agencies to take immediate steps to mitigate two Ivanti zero-day flaws This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Emergency Directive Demands Action on Ivanti Zero-Days

Read more →

Russian intelligence hackers compromise emails of senior Microsoft leadership with simple password spray attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Russian Spies Brute Force Senior Microsoft Staff Accounts

Read more →

Google has warned that the Russia-linked Coldriver has expanded its targeting of Western officials by deploying malware to exfiltrate sensitive data This article has been indexed from www.infosecurity-magazine.com Read the original article: Russian Coldriver Hackers Deploy Malware to Target Western…

Read more →

South Africa’s cyber defenses have been lacking direction and resources for too long, researchers from the Carnegie Endowment for International Peace argued This article has been indexed from www.infosecurity-magazine.com Read the original article: Experts Urge Clearer Direction in South Africa’s…

Read more →

Proofpoint said it thwarted a large-scale campaign on January 11 primarily targeting North America This article has been indexed from www.infosecurity-magazine.com Read the original article: TA866 Resurfaces in Targeted OneDrive Campaign

Read more →

Discovered by Cado Security, the campaign deploys two containers to vulnerable Docker instances This article has been indexed from www.infosecurity-magazine.com Read the original article: New Malware Campaign Exploits 9hits in Docker Assault

Read more →

Microsoft said the social engineering campaign aims to steal sensitive data from experts deemed to be able to influence intelligence and policies relating to the Israel-Hamas War This article has been indexed from www.infosecurity-magazine.com Read the original article: Iranian Phishing…

Read more →

Chainalysis data shows major drop in value of funds received into underground crypto addresses in 2023, to $24.2bn This article has been indexed from www.infosecurity-magazine.com Read the original article: Illicit Cryptocurrency Flows Drop 39% in 2023

Read more →

The UK’s National Cyber Security Centre has launched a Cyber League to monitor emerging cyber-threats This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Builds New “Cyber League” Threat Tracking Community

Read more →

Kaspersky also noted smart home device popularity and malicious apps as threats to children in 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: AI, Gaming, FinTech Named Major Cybersecurity Threats For Kids

Read more →

Abnormal Security also noted a 71% surge in BEC attacks against the same sector This article has been indexed from www.infosecurity-magazine.com Read the original article: Vendor Email Attacks Surged by 137% in Financial Sector in 2023

Read more →

OpenAI will implement a provenance standard into DALL-E 3 and link ChatGPT to an authoritative election website in the US This article has been indexed from www.infosecurity-magazine.com Read the original article: OpenAI Announces Plans to Combat Misinformation Amid 2024 Elections

Read more →

Veeam found that 75% of organizations suffered at least one ransomware attack last year, with 26% hit four or more times This article has been indexed from www.infosecurity-magazine.com Read the original article: 75% of Organizations Hit by Ransomware in 2023

Read more →

An advisory from the FBI and CISA says threat actors are deploying the Androxgh0st malware for victim identification and exploitation in target networks This article has been indexed from www.infosecurity-magazine.com Read the original article: US Government Urges Action to Mitigate…

Read more →

Municipality of Calvià on the Spanish island of Majorca was hit by a ransomware attack last weekend This article has been indexed from www.infosecurity-magazine.com Read the original article: Majorca Tourist Hotspot Hit With $11m Ransom Demand

Read more →

GitHub urges customers to apply a new patch and take action if impacted by credential rotation This article has been indexed from www.infosecurity-magazine.com Read the original article: GitHub Rotates Credentials and Patches New Bug

Read more →

The malware targets browsers, steals crypto wallet and messaging app data, and collects system information This article has been indexed from www.infosecurity-magazine.com Read the original article: Phemedrone Stealer Targets Windows Defender Flaw Despite Patch

Read more →

Kaspersky experts developed the tool after analyzing Shutdown.log, a file retaining reboot information This article has been indexed from www.infosecurity-magazine.com Read the original article: New Tool Identifies Pegasus and Other iOS Spyware

Read more →

In its latest Email Security Risk Report, Egress found that businesses were 10% more negatively affected by phishing attacks in 2023 than in 2022 This article has been indexed from www.infosecurity-magazine.com Read the original article: Email Nightmare: 94% of Firms…

Read more →

Comparitech revealed crypto heists increased in volume by 42% last year This article has been indexed from www.infosecurity-magazine.com Read the original article: Crypto Heists Surge in 2023, $16.93m Already Stolen in 2024

Read more →

Volexity detects 1700 compromised Ivanti VPN devices following publication of two zero-days last week This article has been indexed from www.infosecurity-magazine.com Read the original article: Ivanti Zero-Days Exploited By Multiple Actors Globally

Read more →

Group-IB report lifts the lid on infamous crypto-drainer malware Inferno Drainer This article has been indexed from www.infosecurity-magazine.com Read the original article: Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+

Read more →

Netscout found a spike from 10,000 to 143,957 devices in scans between December 2023 and early January 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Researchers Uncover Major Surge in Global Botnet Activity

Read more →

US senators have accused the SEC of failing to properly secure its social media accounts after hackers comprised its X account and posted a fake Bitcoin announcement This article has been indexed from www.infosecurity-magazine.com Read the original article: Senators Demand…

Read more →

Discovered by the SentinelLabs team, FBot targets web servers, cloud services and SaaS platforms This article has been indexed from www.infosecurity-magazine.com Read the original article: Python-Based Tool FBot Disrupts Cloud Security

Read more →

Content delivery provider Cloudflare observed a staggering surge in DDoS attacks against environmental services during COP28 This article has been indexed from www.infosecurity-magazine.com Read the original article: Environmental Websites Hit by DDoS Surge in COP28 Crossfire

Read more →

The main British Library catalogue will be back online on Monday, January 15, as the institution continues its technical rebuild following the ransomware attack last year This article has been indexed from www.infosecurity-magazine.com Read the original article: British Library Catalogue…

Read more →

A new Recorded Future report warns of growing abuse of GitHub and recommends blocking risky services This article has been indexed from www.infosecurity-magazine.com Read the original article: Security Experts Urge IT to Lock Down GitHub Services

Read more →

The ICO has fined HelloFresh £140,000 for breaking privacy laws with a spam marketing campaign This article has been indexed from www.infosecurity-magazine.com Read the original article: HelloFresh Fined £140K After Sending 80 Million Spam Messages

Read more →

CISA’s advisory provides mitigations for vulnerabilities in ICS products used in critical infrastructure industries like energy, manufacturing and transportation This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Urges Critical Infrastructure to Patch Urgent ICS Vulnerabilities

Read more →

Email security provider Cofense outlined some of the most common HR-related scams and phishing campaigns it has observed This article has been indexed from www.infosecurity-magazine.com Read the original article: Waiting for Your Pay Raise? Cofense Warns Against HR-Related Scams

Read more →

Bitdefender researchers revealed the vulnerability allows an attacker to send commands to the thermostat and replace its firmware This article has been indexed from www.infosecurity-magazine.com Read the original article: Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise

Read more →

Millions in the UK have had their data compromised because of cyber incidents involving law firms, a recent analysis of IOC data has found This article has been indexed from www.infosecurity-magazine.com Read the original article: Human Error and Insiders Expose…

Read more →

Fidelity National Financial revealed that the ransomware attack last year potentially impacted 1.3 million customers data in an updated SEC filing This article has been indexed from www.infosecurity-magazine.com Read the original article: 1.3 Million FNF Customers’ Data Potentially Exposed in…

Read more →

Mandiant has shared its findings following X account hijacking, firm blames misconfigured 2FA and X’s policy change This article has been indexed from www.infosecurity-magazine.com Read the original article: Mandiant’s X Account Was Hacked in Brute-Force Password Attack

Read more →

The UK’s National Cyber Security Centre has launched a new online security guide to help smaller organizations better manage risk This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Publishes Practical Security Guidance For SMBs

Read more →

Ivanti has released mitigation steps after reports of active exploitation of Connect Secure and Policy Secure vulnerabilities This article has been indexed from www.infosecurity-magazine.com Read the original article: Two Ivanti Zero-Days Actively Exploited in the Wild

Read more →

Cyber-attacks and misinformation top WEF’s list of global risks, with cybercrime poised to exploit tech advancements and AI dominance raising concerns about vulnerability This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyber Insecurity and Misinformation Top WEF…

Read more →

Law enforcement operations on cybercriminal infrastructure have proven efficient at hindering malware activity but are far from being a silver bullet, according to Recorded Future This article has been indexed from www.infosecurity-magazine.com Read the original article: Malware Takedowns Show Progress,…

Read more →

The Arctic Wolf report found that 14.3% of officials believe their state is not prepared at all to deal with election-targeted cyber incidents, including phishing and disinformation campaigns This article has been indexed from www.infosecurity-magazine.com Read the original article: Only…

Read more →

Market.Us found that the global cyber insurance market will be worth $90.6bn by 2033, driven by increasing cyber-threats and growing regulations This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyber Insurance Market to be Worth Over $90bn…

Read more →

State-backed Ukrainian hacking group Blackjack has launched a destructive attack against a Moscow-based ISP in retaliation for Kyivstar attack This article has been indexed from www.infosecurity-magazine.com Read the original article: Ukrainian “Blackjack” Hackers Take Out Russian ISP

Read more →

Critical Hyper-V flaw one of 12 remote code execution vulnerabilities fixed this Patch Tuesday This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Fixes 12 RCE Bugs in January Patch Tuesday

Read more →

The vulnerability could lead to remote code execution on affected systems This article has been indexed from www.infosecurity-magazine.com Read the original article: Flaw in AI Plugin Exposes 50,000 WordPress Sites to Remote Attack

Read more →

The figure comes from XM Cyber’s 2024 State of Security Posture Report, exploring how organizations approach cybersecurity challenges This article has been indexed from www.infosecurity-magazine.com Read the original article: 82% of Companies Struggle to Manage Security Exposure

Read more →

2023 saw an increased number of deals in the cybersecurity industry, but the overall investment in the sector dropped, Pinpoint revealed This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybersecurity Deals Boom as Investment Dips, Pinpoint Reports

Read more →

Cisco Talos announced that a decryption key for the Babuk Tortilla ransomware variant is available for victims to download This article has been indexed from www.infosecurity-magazine.com Read the original article: New Decryption Key Available for Babuk Tortilla Ransomware Victims

Read more →

A Nigerian national has been sentenced to a decade behind bars for his role in romance and BEC scam This article has been indexed from www.infosecurity-magazine.com Read the original article: Nigerian Gets 10 Years For Laundering Scam Funds

Read more →

Mortgage lender LoanDepot has revealed a ransomware breach resulting in stolen and encrypted data This article has been indexed from www.infosecurity-magazine.com Read the original article: LoanDepot Confirms Ransomware Attack in SEC Filing

Read more →

New research from Check Point explores the significance of code manipulation in malware analysis This article has been indexed from www.infosecurity-magazine.com Read the original article: New Research: Tackling .NET Malware With Harmony Library

Read more →

AP said departure and arrival screens displayed a message accusing Hezbollah of jeopardizing Lebanon This article has been indexed from www.infosecurity-magazine.com Read the original article: Anti-Hezbollah Groups Hack Beirut Airport Screens

Read more →

Turkey-aligned espionage group Sea Turtle has been conducting campaigns targeting Dutch telecommunication and media organizations This article has been indexed from www.infosecurity-magazine.com Read the original article: Turkish APT Sea Turtle Resurfaces, Spies on Dutch IT Firms

Read more →

North Korean hackers remain effective in stealing cryptocurrency despite growing international law enforcement action This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korean Hackers Stole $600m in Crypto in 2023

Read more →

Pharma giant Merck has reached a settlement with cyber-insurers that refused to pay out for “acts of war” This article has been indexed from www.infosecurity-magazine.com Read the original article: Merck Settles With Insurers Over $700m NotPetya Claim

Read more →

Blockchain security firm Certik had its own social media account hacked to push a crypto scam This article has been indexed from www.infosecurity-magazine.com Read the original article: Security Firm Certik’s Account Hijacked to Spread Crypto Drainer

Read more →

The dark web site’s infrastructure was taken down in 2019 following an international law enforcement operation This article has been indexed from www.infosecurity-magazine.com Read the original article: 19 xDedic Cybercrime Market Users and Admins Face Prison

Read more →

A Certik report found there was $1.84bn in losses across 751 cybersecurity incidents targeting Web3 in 2023 This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyber-Attacks Drain $1.84bn from Web3 in 2023

Read more →

This effort is the first step in NIST’s broader mission to support the development of trustworthy AI This article has been indexed from www.infosecurity-magazine.com Read the original article: NIST Fortifies Chatbots and Self-Driving Cars Against Digital Threats

Read more →

A 23andMe letter sent to a legal firm representing victims of the data breach claims that users were at fault for recycling passwords This article has been indexed from www.infosecurity-magazine.com Read the original article: 23andMe Blames User “Negligence” for Data…

Read more →

Password manager provider LastPass has started implementing stricter password measures for its customers This article has been indexed from www.infosecurity-magazine.com Read the original article: LastPass Enforces 12-Character Master Passwords

Read more →

Ukraine’s security service says Sandworm accessed Kyivstar’s system at least six months before launching the attack This article has been indexed from www.infosecurity-magazine.com Read the original article: Ukraine Blames Russian Sandworm Hackers for Kyivstar Attack

Read more →