Tag: www.infosecurity-magazine.com

A sophisticated phishing campaign targeting Microsoft ADFS has been observed, affecting more than 150 organizations This article has been indexed from www.infosecurity-magazine.com Read the original article: Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA

Read more →

Check Point Research has found over 10 million stolen credentials associated with EMEA organizations exposed on cybercrime markets This article has been indexed from www.infosecurity-magazine.com Read the original article: Surge in Infostealer Attacks Threatens EMEA Organizations’ Data Security

Read more →

Texas Governor Greg Abbott announced a Cyber Command, designed to combat surging attacks on the state by nation-states and cybercriminals This article has been indexed from www.infosecurity-magazine.com Read the original article: Texas to Establish Cyber Command Amid “Dramatic” Rise in…

Read more →

Jscambler claims at least 17 sites have been infected with web skimmers, including Casio’s This article has been indexed from www.infosecurity-magazine.com Read the original article: Casio and Others Hit by Magento Web Skimmer Campaign

Read more →

CISA has identified a backdoor in Contec CMS8000 devices that could allow unauthorized access to patient data and disrupt monitoring functions This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Warns of Backdoor Vulnerability in Contec Patient…

Read more →

Hackers hijack high-profile X accounts with phishing scams to steal credentials and promote fraudulent cryptocurrency schemes This article has been indexed from www.infosecurity-magazine.com Read the original article: High-profile X Accounts Targeted in Phishing Campaign

Read more →

VulnCheck observed 768 public reports of CVEs exploited in the wild for the first time in 2024, a 20% rise compared to 2023 This article has been indexed from www.infosecurity-magazine.com Read the original article: 768 CVEs Exploited in the Wild…

Read more →

A new Europol report warns of major challenges accessing and analyzing data for cybercrime investigations This article has been indexed from www.infosecurity-magazine.com Read the original article: European Police: Data Volumes and Deletion Hindering Investigations

Read more →

The UK government has launched a new AI security code of practice it believes will become an ETSI standard This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Announces “World-First” AI Security Standard

Read more →

Cisco Talos found that exploitation of public-facing applications made up 40% of incidents it observed in Q4 2024, marking a notable shift in initial access techniques This article has been indexed from www.infosecurity-magazine.com Read the original article: Threat Actors Target…

Read more →

The Indian tech giant temporarily suspended some of its IT services, which have now been restored This article has been indexed from www.infosecurity-magazine.com Read the original article: Tata Technologies Hit by Ransomware Attack

Read more →

Cyber reports exposed major security flaws in DeepSeek’s R1 LLM This article has been indexed from www.infosecurity-magazine.com Read the original article: DeepSeek’s Flagship AI Model Under Fire for Security Vulnerabilities

Read more →

A global law enforcement operation has taken down infrastructure used by Cracked.io and Nulled.io, which provide cybercriminal tools and services This article has been indexed from www.infosecurity-magazine.com Read the original article: International Operation Dismantles Cracked and Nulled Cybercrime Hubs

Read more →

Google Play blocked 2.36 million policy-violating apps and banned 158,000 harmful developer accounts in 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Blocked 2.36 Million Policy-Violating Apps

Read more →

HTTP client tools used to compromise Microsoft 365 environments with 78% of tenants targeted in 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Attackers Increase Use of HTTP Clients for Account Takeovers

Read more →

SquareX researchers warn that browser syncjacking could lead to full browser and device hijacking This article has been indexed from www.infosecurity-magazine.com Read the original article: Syncjacking Attack Enables Full Browser and Device Takeover

Read more →

Researchers at Wiz uncovered a publicly accessible database belonging to Chinese GenAI provider DeepSeek that leaked sensitive data, including chat history This article has been indexed from www.infosecurity-magazine.com Read the original article: DeepSeek Exposed Database Leaks Sensitive Data

Read more →

New York Blood Center Enterprises revealed that it has been hit by a ransomware attack, disrupting activities and blood drives at its centers across the country This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Attack Disrupts…

Read more →

UK organizations are significantly increasing cybersecurity budgets, with a projected 31% growth in the next year This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Organizations Boosting Cybersecurity Budgets

Read more →

The UK’s National Cyber Security Centre has released a new paper making it easier to assess if a flaw is “unforgivable” This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Calls on Vendors to Eradicate “Unforgivable” Vulnerabilities

Read more →

AI-related API vulnerabilities surged 1,205% in 2024, with 99% tied to API flaws, according to a new report by Wallarm This article has been indexed from www.infosecurity-magazine.com Read the original article: AI Surge Drives Record 1205% Increase in API Vulnerabilities

Read more →

Google highlighted significant abuse of its Gemini LLM tool by nation state actors to support malicious activities, including research and malware development This article has been indexed from www.infosecurity-magazine.com Read the original article: Nation-State Hackers Abuse Gemini AI Tool

Read more →

Cato Networks highlighted how the recently emerged HellCat ransomware group is using novel psychological tactics to court attention and pressurize victims This article has been indexed from www.infosecurity-magazine.com Read the original article: New Hellcat Ransomware Gang Employs Humiliation Tactics

Read more →

Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections This article has been indexed from www.infosecurity-magazine.com Read the original article: Threat Actors Exploit Government Websites for Phishing

Read more →

ReliaQuest warns threat actor innovation and infostealer activity helped to accelerate breakout time by 22% in 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Breakout Time Accelerates 22% as Cyber-Attacks Speed Up

Read more →

Government agencies and privacy watchdogs have started investigating the Chinese AI chatbot provider over data privacy concerns This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese GenAI Startup DeepSeek Sparks Global Privacy Debate

Read more →

The National Audit Office warns of major gaps in cyber resilience across UK government departments This article has been indexed from www.infosecurity-magazine.com Read the original article: Scores of Critical UK Government IT Systems Have Major Security Holes

Read more →

Energy contractor ENGlobal reported that sensitive personal data was stolen by threat actors, with the incident disrupting operations for six weeks This article has been indexed from www.infosecurity-magazine.com Read the original article: ENGlobal Cyber-Attack Exposes Sensitive Data

Read more →

Group-IB researchers have exposed the highly organized affiliate platform and sophisticated operations of the Lynx Ransomware-as-a-Service group This article has been indexed from www.infosecurity-magazine.com Read the original article: Lynx Ransomware Group Unveiled with Sophisticated Affiliate Program

Read more →

A Ponemon Institute survey highlighted the growing impact of ransomware attacks on victims’ revenue and reputation This article has been indexed from www.infosecurity-magazine.com Read the original article: 58% of Ransomware Victims Forced to Shut Down Operations

Read more →

An API supply-chain attack affecting a popular online travel booking service put millions of airline users at risk This article has been indexed from www.infosecurity-magazine.com Read the original article: API Supply Chain Attacks Put Millions of Airline Users at Risk

Read more →

The number of data breach victims increased 312% annually to exceed 1.7 billion in 2024, according to the ITRC 2024 Annual Data Breach Report This article has been indexed from www.infosecurity-magazine.com Read the original article: Mega Data Breaches Push US…

Read more →

The three Russian hackers are believed to be part of Unit 29155 of the GRU, also known as Cadet Blizzard, Ember Bear and Ruinous Ursa This article has been indexed from www.infosecurity-magazine.com Read the original article: EU Sanctions Three Russians…

Read more →

Three men have been sentenced after pleading guilty to running an account hijacking service for fraudsters This article has been indexed from www.infosecurity-magazine.com Read the original article: British Vishing-as-a-Service Trio Sentenced

Read more →

A new phishing tactic has been identified by Cisco Talos, using hidden text salting to evade email security measures This article has been indexed from www.infosecurity-magazine.com Read the original article: Hidden Text Salting Disrupts Brand Name Detection Systems

Read more →

Obsidian found that threat actors are focusing on SaaS applications to steal sensitive data, with most organizations’ security measures not set up to deal with these attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: SaaS Breaches…

Read more →

A novel phishing campaign identified by Zimperium targets mobile users with malicious PDFs, impersonating USPS to steal credentials This article has been indexed from www.infosecurity-magazine.com Read the original article: New Phishing Campaign Targets Mobile Devices with Malicious PDFs

Read more →

74% of CISOs plan to increase their cyber crisis simulation budgets in 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: CISOs Boost Crisis Simulation Budgets Amid High-Profile Cyber-Attacks

Read more →

A now-patched vulnerability could have enabled threat actors to remotely control Subaru cars This article has been indexed from www.infosecurity-magazine.com Read the original article: Subaru Bug Enabled Remote Vehicle Tracking and Hijacking

Read more →

Change Healthcare has claimed 190 million customers were affected by a mega-breach last year This article has been indexed from www.infosecurity-magazine.com Read the original article: Change Healthcare Breach Almost Doubles in Size to 190 Million Victims

Read more →

Amazon Web Services has launched its Cyber Education Grant Program in the UK This article has been indexed from www.infosecurity-magazine.com Read the original article: AWS Announces £5m Grant for Cyber Education in the UK

Read more →

Crazy Evil, a group of crypto scammers, exploit NFTs and cryptocurrencies with malware targeting influencers and tech professionals This article has been indexed from www.infosecurity-magazine.com Read the original article: Russian Scammers Target Crypto Influencers with Infostealers

Read more →

A new FBI advisory warned that North Korean IT worker schemes have escalated their activities in recent months to include data extortion This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korean IT Workers Holding Data Hostage…

Read more →

SentinelOne researchers highlighted similarities in the approaches used by the HellCat and Morpheus ransomware groups, suggesting shared infrastructure This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Gangs Linked by Shared Code and Ransom Notes

Read more →

Threat actors chained Ivanti CSA vulnerabilities for RCE, credential theft & webshell deployment This article has been indexed from www.infosecurity-magazine.com Read the original article: Chained Vulnerabilities Exploited in Ivanti Cloud Service Appliances

Read more →

Arbitrage betting fraud rises, forcing bookmakers to adopt stricter measures against automated scams This article has been indexed from www.infosecurity-magazine.com Read the original article: Bookmakers Ramp Up Efforts to Combat Arbitrage Betting Fraud

Read more →

Splunk reveals that 82% of CISOs now report directly to the CEO, but many lack EQ This article has been indexed from www.infosecurity-magazine.com Read the original article: CISOs Dramatically Increase Boardroom Influence but Still Lack Soft Skills

Read more →

The network equipment giant urged customers to patch immediately This article has been indexed from www.infosecurity-magazine.com Read the original article: Cisco Fixes Critical Vulnerability in Meeting Management

Read more →

Cybercriminals are selling access to the malicious GenAI chatbot via Telegram, providing rapid assistance for a range of nefarious activities, according to Abnormal Security This article has been indexed from www.infosecurity-magazine.com Read the original article: New GhostGPT AI Chatbot Facilitates…

Read more →

President Trump has pardoned the founder of original dark web marketplace Silk Road This article has been indexed from www.infosecurity-magazine.com Read the original article: Trump Pardons Silk Road Founder Ulbricht

Read more →

Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA This article has been indexed from www.infosecurity-magazine.com Read the original article: Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures

Read more →

PlushDaemon APT hacked South Korean VPN software with SlowStepper backdoor as part of a 2023 espionage campaign This article has been indexed from www.infosecurity-magazine.com Read the original article: PlushDaemon APT Targeted South Korean VPN Software

Read more →

New ESET research reveals that 73% of UK educational institutions experienced at least one cyber-attack or breach in the past five years This article has been indexed from www.infosecurity-magazine.com Read the original article: 73% of UK Education Sector Hit by…

Read more →

NCC Group observed 574 global ransomware attacks in December, the highest monthly volume it has recorded This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Attacks Surge to Record High in December 2024

Read more →

Cyble has found thousands of security vendors’ credentials on the dark web, likely pulled from infostealer logs This article has been indexed from www.infosecurity-magazine.com Read the original article: Major Cybersecurity Vendors’ Credentials Found on Dark Web

Read more →

Netwrix claims 84% of healthcare organizations detected a cyber-attack in the past year This article has been indexed from www.infosecurity-magazine.com Read the original article: Account Compromise and Phishing Top Healthcare Security Incidents

Read more →

Cloudflare warns of a surge in hyper-volumetric DDoS after revealing it stopped a massive 5.6Tbps attack This article has been indexed from www.infosecurity-magazine.com Read the original article: Cloudflare Mitigates Record-Breaking 5.6Tbps DDoS Attack

Read more →

Murdoc_Botnet used Mirai malware to exploit IoT vulnerabilities, targeting devices globally This article has been indexed from www.infosecurity-magazine.com Read the original article: New Mirai Malware Variant Targets AVTECH Cameras, Huawei Routers

Read more →

Security experts have outlined security and privacy concerns around the UK government’s GOV.UK Wallet, which will allow citizens to store all their ID documents in a single place This article has been indexed from www.infosecurity-magazine.com Read the original article: UK’s…

Read more →

A CloudSEK report revealed Zendesk’s platform can be exploited for phishing and investment scams This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Risks Rise as Zendesk Subdomains Facilitate Attacks

Read more →

Data from DLA Piper showed a 33% year-on-year fall in GDPR fines issued in Europe in 2024, with total penalties reaching €1.2bn This article has been indexed from www.infosecurity-magazine.com Read the original article: GDPR Fines Total €1.2bn in 2024

Read more →

Critical flaws include those in Oracle Supply Chain products This article has been indexed from www.infosecurity-magazine.com Read the original article: Oracle To Address 320 Vulnerabilities in January Patch Update

Read more →

Sophos has warned of IT impersonation vishing attacks designed to remotely deploy ransomware This article has been indexed from www.infosecurity-magazine.com Read the original article: Russian Ransomware Groups Deploy Email Bombing and Teams Vishing

Read more →

ISACA research claims privacy budgets are set to decline further in 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: Most European Privacy Teams Are Understaffed and Underfunded

Read more →

HPE is investigating claims of data breach by hacker IntelBroker, who offered stolen files for sale This article has been indexed from www.infosecurity-magazine.com Read the original article: HPE Launches Investigation After Hacker Claims Data Breach

Read more →

Android apps, linked to APT group DONOT, disguised as a chat platform for intelligence gathering This article has been indexed from www.infosecurity-magazine.com Read the original article: Indian APT Group DONOT Misuses App for Intelligence Gathering

Read more →

The December 2024 cyber-attack on the country’s state registers, was attributed to Russian military intelligence services This article has been indexed from www.infosecurity-magazine.com Read the original article: Ukraine’s State Registers Restored Following Cyber-Attack

Read more →

The US has issued sanctions against an individual and a company involved in recent high-profile compromises of government officials by Chinese state-affiliated hackers This article has been indexed from www.infosecurity-magazine.com Read the original article: US Sanctions Chinese Hackers for Treasury,…

Read more →

CIA analysts Asif William Rahman has pleaded guilty to sharing classified documents about an Israeli attack This article has been indexed from www.infosecurity-magazine.com Read the original article: Former CIA Analyst Pleads Guilty to Sharing Top Secret Files

Read more →

At least half a million accounts have been compromised after a breach at hotel management software firm Otelier This article has been indexed from www.infosecurity-magazine.com Read the original article: Data on Half a Million Hotel Guests Exposed After Otelier Breach

Read more →

The Supreme Court has upheld a law that could potentially ban TikTok in the US This article has been indexed from www.infosecurity-magazine.com Read the original article: US Supreme Court Gives Green Light to TikTok Ban

Read more →

SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments This article has been indexed from www.infosecurity-magazine.com Read the original article: Lazarus Group Targets Developers…

Read more →

Microsoft highlighted a new Star Blizzard campaign targeting WhatsApp accounts, as the group adapts its TTPs following the takedown of its infrastructure by law enforcement This article has been indexed from www.infosecurity-magazine.com Read the original article: Star Blizzard Targets WhatsApp…

Read more →

AliExpress, Shein, Temu, TikTok, WeChat and Xiaomi are accused of operating unlawful data transfers to China This article has been indexed from www.infosecurity-magazine.com Read the original article: Noyb Files GDPR Complaints Against TikTok and Five Chinese Tech Giants

Read more →

The EU’s DORA regulation is in effect as of January 17, with mixed evidence around compliance levels among financial firms This article has been indexed from www.infosecurity-magazine.com Read the original article: DORA Takes Effect: Financial Firms Still Navigating Compliance Headwinds

Read more →

Middle East real estate scams are surging as fraudsters exploit online listings and bypassed due diligence checks This article has been indexed from www.infosecurity-magazine.com Read the original article: Middle Eastern Real Estate Fraud Grows with Online Listings

Read more →

Truth Social, launched by the Trump Media & Technology Group in 2022, has become a hotspot for scams like phishing and investment fraud This article has been indexed from www.infosecurity-magazine.com Read the original article: Trump’s Truth Social Users Targeted by…

Read more →

The US President’s second cybersecurity Executive Order will impose stricter security standards on software providers This article has been indexed from www.infosecurity-magazine.com Read the original article: Biden Tightens Software Supply Chain Security Requirements Ahead of Trump Takeover

Read more →

Compliance with the Digital Operational Resilience Act (DORA) has cost many businesses over €1 million, according to research from Rubrik This article has been indexed from www.infosecurity-magazine.com Read the original article: DORA Compliance Costs Soar Past €1m for Many UK…

Read more →

The leak likely comes from a zero-day exploit affecting Fortinet’s products This article has been indexed from www.infosecurity-magazine.com Read the original article: New Hacking Group Leaks Configuration of 15,000 Fortinet Firewalls

Read more →

HP Wolf highlighted novel techniques used by attackers to bypass email protections, including embedding malicious code inside images and utilizing GenAI This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Use Image-Based Malware and GenAI to Evade…

Read more →

A proposed settlement order from the FTC will require GoDaddy to strengthen its security practices following multiple data breaches at the web hosting giant This article has been indexed from www.infosecurity-magazine.com Read the original article: GoDaddy Accused of Serious Security…

Read more →

A new EU action plan will be structured around four pillars: prevention, threat detection and identification, response to cyber-attacks and deterrence This article has been indexed from www.infosecurity-magazine.com Read the original article: EU To Launch New Support Centre by 2026…

Read more →

CISA launched the JCDC AI Cybersecurity Playbook to enhance collaboration on AI cybersecurity risks This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Launches Playbook to Boost AI Cybersecurity Collaboration

Read more →

The FBI deleted Chinese PlugX malware from thousands of devices in the US, using a technique developed by French cybersecurity firm Sekoia.io This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese PlugX Malware Deleted in Global Law…

Read more →

A new report from Fortinet reveals increased adoption of multi-cloud strategies and hybrid implementations combining on-premises and public cloud infrastructure This article has been indexed from www.infosecurity-magazine.com Read the original article: Multi-Cloud Adoption Surges Amid Rising Security Concerns

Read more →

Chainalysis estimates threat actors made at least $51bn through crypto crime in 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Illicit Crypto-Inflows Set to Top $51bn in a Year

Read more →

The security provider published mitigation measures to prevent exploitation This article has been indexed from www.infosecurity-magazine.com Read the original article: Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls

Read more →

Secureworks Counter Threat Unit (CTU) has identified links between North Korean IT workers and fraudulent crowdfunding activities, with the group known as Nickle Tapestry orchestrating scams to support North Korean interests This article has been indexed from www.infosecurity-magazine.com Read the…

Read more →

Patch Tuesday saw Microsoft fix eight zero-days, three of which are being actively exploited This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Patches Eight Zero-Days to Start the Year

Read more →

A new Interim Final Rule on Artificial Intelligence Diffusion issued in the US strengthens security, streamlines chip sales and prevents misuse of AI technology This article has been indexed from www.infosecurity-magazine.com Read the original article: New AI Rule Aims to…

Read more →

Browser-based cyber-threats surged in 2024, with credential abuse and infostealers on the rise This article has been indexed from www.infosecurity-magazine.com Read the original article: Browser-Based Cyber-Threats Surge as Email Malware Declines

Read more →

Barings Law is planning to sue the two tech giants over numerous alleged violations of data misuse, including for AI training This article has been indexed from www.infosecurity-magazine.com Read the original article: Manchester Law Firm Leads 15,000 to Sue Google…

Read more →

A UK government consultation has proposed banning public sector and critical infrastructure organizations from making ransomware payments to disincentivize attackers from targeting these services This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Considers Ban on Ransomware…

Read more →

CISA claims US critical infrastructure providers are improving cyber hygiene and remediation activities This article has been indexed from www.infosecurity-magazine.com Read the original article: Remediation Times Drop Sharply as Cyber Hygiene Take Up Surges

Read more →

The .uk registry Nominet has been breached by a recently disclosed zero-day vulnerability in Ivanti products This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Registry Nominet Breached Via Ivanti Zero-Day

Read more →

A joint government advisory has set out steps critical infrastructure firms should take to ensure any OT products they purchase are secure by design This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Infrastructure Urged to Scrutinize…

Read more →

Diplomatic entities in Kazakhstan and Central Asia have been targeted by UAC-0063 using weaponized Word docs deploying HATVIBE malware This article has been indexed from www.infosecurity-magazine.com Read the original article: Russian Malware Campaign Hits Central Asian Diplomatic Files

Read more →

Microsoft confirmed an outage of its multi-factor authentication system impacting access to Microsoft 365, causing login failures and service disruption This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft 365 MFA Outage Fixed

Read more →

Researchers at Check Point said FunkSec operators appear to use AI for malware development This article has been indexed from www.infosecurity-magazine.com Read the original article: New Ransomware Group Uses AI to Develop Nefarious Tools

Read more →