Costa Rica’s state-owned oil company, RECOPE, suffered a ransomware attack on November 27, disrupting its digital operations and forcing a shift to manual procedures to maintain uninterrupted fuel distribution. This attack is the second major cyber incident targeting a…
Russian Hackers Use Firefox and Windows Vulnerabilities in Global Cyberattack
A sophisticated cyberattack carried out by the Russian cyber threat group RomCom APT has raised alarms within the global cybersecurity community. Exploiting two previously unknown zero-day vulnerabilities in Firefox and Windows, the attack, which took place in October, was…
Cybercriminals Recruit Experts for Advanced Ransomware Development
Businesses and cybercriminals alike are seeking skilled cybersecurity professionals, with the latter advertising for talent capable of developing dark AI models and penetration-testing tools, commonly used for ransomware. These efforts aim to strengthen their malware and reduce the risk…
User Tracking: Google to Store User Data for 180 Days
Google has made a major change in its user tracking, a big leap in privacy concerns for users. Google will stop the nosy cloud storage of data it gets from tracking user location in real time. The privacy change Called…
Vulnerability Summary for the Week of November 25, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Portfolio Management System MCA A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown…
Follow-up on Ignite with Ask Microsoft Anything: Microsoft Security edition
AI transformation starts with security. This was a major theme across the majority of the big news and reveals from Microsoft Security at Microsoft Ignite 2024. The post Follow-up on Ignite with Ask Microsoft Anything: Microsoft Security edition appeared first…
Veza Access Requests reduces the risk of identity-based threats
Veza announced Veza Access Requests product, enabling organizations to reduce the risk of identity-based threats with automated access policy intelligence for application access. Veza Access Requests ensures that users requesting access are automatically provisioned according to the principle of least…
Elastic expands cloud detection and response capabilities from a single SIEM
Elastic announced Elastic Security now offers expanded cloud detection and response (CDR) capabilities from a single SIEM to reduce tool fragmentation and streamline cloud security. The additional features include agentless ingestion, cloud asset inventory, extended protections, and graph view that…
Veeam Data Platform v12.3 encompasses three key objectives for enterprises
Veeam Software released Veeam Data Platform v12.3. This release encompasses three key objectives for enterprises: protecting identity and access management with support for backing up Microsoft Entra ID, powering proactive threat analysis with Recon Scanner and Veeam Threat Hunter, and…
AttackIQ Flex 3.0 empowers security teams to take control of their detection strategies
AttackIQ announced AttackIQ Flex 3.0, agentless security control validation that integrates natively with Splunk to deliver a fully seamless user experience. A growing need for efficient and accurate threat detection As cyber threats grow more sophisticated, organizations are struggling to…
FortiAppSec Cloud simplifies web application security management
Fortinet announced FortiAppSec Cloud, a new cloud-delivered platform that integrates key web application security and performance management tools into a single offering. The platform streamlines web and API security, advanced bot defense, and global server load balancing, among other capabilities,…
Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access
A critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum…
Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console
Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of…
Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks
A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People’s Republic of China (PRC)-affiliated threat actors targeting telecommunications providers. “Identified exploitations or compromises associated with these threat…
Researchers Uncover Backdoor in Solana’s Popular Web3.js npm Library
Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users’ private keys with an aim to drain their cryptocurrency wallets. The attack has been…
How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges
Many organizations struggle with password policies that look strong on paper but fail in practice because they’re too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post…
Kimsuky Group Adopts New Phishing Tactics to Target Victims
North Korean Kimsuky group has escalated their phishing campaigns, using Russian domains to steal credentials This article has been indexed from www.infosecurity-magazine.com Read the original article: Kimsuky Group Adopts New Phishing Tactics to Target Victims
Ransomware Attack Disrupts Operations at US Contractor ENGlobal
ENGlobal has been hit by a ransomware attack, taking its IT systems offline since November 25 This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Attack Disrupts Operations at US Contractor ENGlobal
French Mobile Operators Join Forces to Tackle Rising Fraud
France’s four leading mobile operators, Bouygues, Free, Orange and SFR, have taken steps to combat mobile fraud as part of the GSMA Open Gateway initiative This article has been indexed from www.infosecurity-magazine.com Read the original article: French Mobile Operators Join…
German Police Shutter Country’s Largest Dark Web Market
Law enforcers in Germany have taken down dark web marketplace Crimenetwork and arrested a suspected administrator This article has been indexed from www.infosecurity-magazine.com Read the original article: German Police Shutter Country’s Largest Dark Web Market
Vodka Giant Stoli Files for Bankruptcy After Ransomware Attack
Russian vodka-maker Stoli Group has filed for bankruptcy in the US after ransomware attack and alleged persecution by the Putin regime This article has been indexed from www.infosecurity-magazine.com Read the original article: Vodka Giant Stoli Files for Bankruptcy After Ransomware…
Ransomware affiliate arrested, UK hospital hacked, Cloudflare’s lost logs
Ransomware affiliate Mikhail Matveev arrested Another UK hospital system hacked Cloudflare says it lost 55% of logs pushed to customers for 3.5 hours Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which…
Hydra Market leader sentenced, Pegasus spyware arrest, SpyLoan malware targets millions
Hydra Market leader sentenced to life Former Polish spy chief arrested in Pegasus spyware probe SpyLoan malware targets millions Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent…
Stoli U.S. bankrupts, German Crimenetwork seized, FBI telecom advisory
Stoli files for bankruptcy in U.S. after ransomware attack Police seize largest German online criminal marketplace FBI advises telecoms to boost security following Chinese hacking campaign Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are…