Category: www.infosecurity-magazine.com

Discovered by FortiGuard Labs, the ValleyRAT campaign targets Chinese Windows systems This article has been indexed from www.infosecurity-magazine.com Read the original article: Advanced ValleyRAT Campaign Hits Windows Users in China

Read more →

Citizen Lab attributed the campaign to Coldriver, a notorious FSB subordinate team, and Coldwastrel, a new, Russian-aligned group This article has been indexed from www.infosecurity-magazine.com Read the original article: Russia’s FSB Behind Massive Phishing Espionage Campaign

Read more →

Ransom payments in the first half of 2024 hit $460m, according to Chainalysis This article has been indexed from www.infosecurity-magazine.com Read the original article: Another Record Year For Ransomware Beckons as Crypto Profits Hit $460m

Read more →

Google has highlighted sophisticated spearphishing attacks by Iranian state actor APT42 targeting individuals associated with the US Presidential campaign This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Warns of Iranian Cyber-Attacks on Presidential Campaigns

Read more →

SolarWinds has discovered and fixed a critical remote code execution vulnerability in Web Help Desk This article has been indexed from www.infosecurity-magazine.com Read the original article: SolarWinds Urges Upgrade After Revealing Critical RCE Bug

Read more →

The phishing attack uses infostealer malware to target saved passwords, credit cards & Bitcoin info This article has been indexed from www.infosecurity-magazine.com Read the original article: New Phishing Attack Uses Sophisticated Infostealer Malware

Read more →

Manufacturing firm Orion revealed it has lost $60m in a business email compromise (BEC) scam, which targeted a non-executive employee This article has been indexed from www.infosecurity-magazine.com Read the original article: Manufacturing Firm Loses $60m in BEC Scam

Read more →

CVE-2024-38173 is a medium severity RCE flaw in Microsoft Outlook, similar to CVE-2024-30103 This article has been indexed from www.infosecurity-magazine.com Read the original article: Research Uncovers New Microsoft Outlook Vulnerability

Read more →

Tenable detailed two privilege escalation vulnerabilities in the Azure Health Bot Service, one of which has been rated critical This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Vulnerability Found in Microsoft’s AI Healthcare Chatbot

Read more →

A cyber-attack has hit several boroughs across Greater Manchester, England, leaving thousands of residents vulnerable to a phishing scam This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyber-Attack Spreads Phishing Scam Across Greater Manchester Areas

Read more →

The UK’s National Cyber Security Centre wants to test the effectiveness of cyber-deception tactics This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Calls on UK Firms to Join Mass Cyber-Deception Initiative

Read more →

Microsoft’s August Patch Tuesday saw the tech giant address nine zero-day vulnerabilities This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Fixes Nine Zero-Days on Patch Tuesday

Read more →

In a Monday filing with the ASX, Evolution Mining stated that the incident was contained This article has been indexed from www.infosecurity-magazine.com Read the original article: Gold Mining Firm in Australia Reports Ransomware Breach

Read more →

NIST has formalized three post-quantum cryptographic algorithms, with organizations urged to start the transition to quantum-secure encryption immediately This article has been indexed from www.infosecurity-magazine.com Read the original article: NIST Formalizes World’s First Post-Quantum Cryptography Standards

Read more →

The EVIT breach exposed the data of 208,717 individuals, including students, faculty and parents This article has been indexed from www.infosecurity-magazine.com Read the original article: East Valley Institute of Technology Data Breach Exposes Over 200,000 Records

Read more →

CERT-UA has warned that a mass phishing campaign impersonating Ukraine’s Security Services has infected more than 100 government devices This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Campaign Compromises 100+ Ukrainian Government Computers

Read more →

Belarusian national Maksim Silnikau, who was operating under the ‘J.P. Morgan’ moniker, is believed to be one of the world’s most prolific Russian-speaking cybercriminals This article has been indexed from www.infosecurity-magazine.com Read the original article: Prolific Belarusian Cybercriminal Arrested in…

Read more →

South Korea’s People Power Party calls for new legislation after data on spy planes and tanks is hacked by North Korea This article has been indexed from www.infosecurity-magazine.com Read the original article: South Korea Warns Pyongyang Has Stolen Spy Plane…

Read more →

The FBI and other law enforcers claim to have disrupted the Radar/Dispossessor ransomware group This article has been indexed from www.infosecurity-magazine.com Read the original article: FBI Leads Effort to Dismantle Radar/Dispossessor Ransomware

Read more →

The CVE-2024-6768 flaw in the Windows CLFS.sys driver can lead to BSOD This article has been indexed from www.infosecurity-magazine.com Read the original article: Vulnerability in Windows Driver Leads to System Crashes

Read more →

Firms are introducing 300 services monthly, contributing to 32% of high or critical cloud exposures This article has been indexed from www.infosecurity-magazine.com Read the original article: High-Risk Cloud Exposures Surge Due to Rapid Service Growth

Read more →

DARPA awards $14 million to seven teams competing to develop AI systems capable of identifying and patching vulnerabilities in open-source software This article has been indexed from www.infosecurity-magazine.com Read the original article: DARPA Awards $14m to Seven Teams in AI…

Read more →

Many stakeholders said the future UN convention could allow authoritarian countries to stifle political opposition and violate human rights This article has been indexed from www.infosecurity-magazine.com Read the original article: UN Adopts Controversial Cybercrime Treaty

Read more →

Microsoft claims Iran is ramping up election interference activity in the US, as Trump campaign claims it was hacked This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Reveals Iranian US Election Interference Ops

Read more →

Arthur Petrov is accused of exporting US chips for manufacturers supplying weaponry and equipment to the Russian military This article has been indexed from www.infosecurity-magazine.com Read the original article: Man in Dock Accused of Breaking Hi-Tech Export Controls

Read more →

CISA Director Jen Easterly calls on organizations to drive cybersecurity improvements through a ‘Secure by Demand’ approach This article has been indexed from www.infosecurity-magazine.com Read the original article: #BHUSA: CISA Encourages Organizations to Adopt a ‘Secure by Demand’ Strategy

Read more →

Leading AI companies have formed the Coalition for Secure AI (CoSAI) to address the growing cybersecurity risks posed by artificial intelligence This article has been indexed from www.infosecurity-magazine.com Read the original article: #BHUSA: CoSAI, Combating AI Risks Through Industry Collaboration

Read more →

One primary concern is that the tool might turn ChatGPT users away from the product This article has been indexed from www.infosecurity-magazine.com Read the original article: OpenAI Leadership Split Over In-House AI Watermarking Technology

Read more →

ReliaQuest found that Rclone, WinSCP and cURL were the top three data exfiltration tools utilized by threat actors over the past year This article has been indexed from www.infosecurity-magazine.com Read the original article: Threat Actors Favor Rclone, WinSCP and cURL…

Read more →

CISA Director Jen Easterly expressed strong confidence in the integrity of US election, despite ongoing cybersecurity threats to democratic processes This article has been indexed from www.infosecurity-magazine.com Read the original article: #BHUSA: CISA Director Confident in US Election Security

Read more →

A ransomware tabletop exercise was conducted against a fictious hospital, aiming to educate attendees of how to fight against such threats This article has been indexed from www.infosecurity-magazine.com Read the original article: #BHUSA: Ransomware Drill Targets Healthcare in Operation 911

Read more →

After months of investigation, the SEC decided not to recommend any enforcement action against software provider Progress regarding the supply chain attack This article has been indexed from www.infosecurity-magazine.com Read the original article: SEC Investigation into Progress MOVEit Hack Ends…

Read more →

The LOTS attack uses trusted sites like Google Drawings and WhatsApp to trick users into sharing data This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Attack Exploits Google, WhatsApp to Steal Data

Read more →

Kimsuky was observed phishing university staff to steal valuable research for North Korea This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korea Kimsuky Launch Phishing Attacks on Universities

Read more →

CISA and FBI report claims the BlackSuit ransomware collective has extracted at least $500m from victims This article has been indexed from www.infosecurity-magazine.com Read the original article: BlackSuit/Royal Ransomware Group Has Demanded $500m

Read more →

Hackers stole $12m in virtual currency from Ronin Network, which has previously suffered a massive $620m heist This article has been indexed from www.infosecurity-magazine.com Read the original article: Ethical Hackers Steal and Return $12m to Ronin Network

Read more →

US cybersecurity officials warn that the recent CrowdStrike outage serves as a stark reminder of potential widespread disruptions from cyber-attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: #BHUSA: CrowdStrike Outage Serves as Dress Rehearsal for China-Led…

Read more →

A surge in new ransomware groups is fueling the cybercrime epidemic as financial incentives outweigh risks for attackers, despite law enforcement efforts This article has been indexed from www.infosecurity-magazine.com Read the original article: #BHUSA: New Ransomware Groups Emerge Despite Crackdowns

Read more →

The Irish data protection watchdog accuses X Corp’s European subsidiary of breaching GDPR with Grok AI training This article has been indexed from www.infosecurity-magazine.com Read the original article: Ireland’s DPC Takes Twitter to Court Over AI User Data Concerns

Read more →

Microsoft 365’s anti-phishing tip can be hidden via CSS, as shown by Certitude’s Moody and Ettlinger This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft 365 Phishing Alert Can Be Hidden with CSS

Read more →

The CISA guidance prioritizes product security alongside the manufacturer’s enterprise security This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Releases Guide to Enhance Software Security Evaluations

Read more →

Boards need to understand where and why AI is being deployed within their organizations in order to mitigate risks This article has been indexed from www.infosecurity-magazine.com Read the original article: #BHUSA: The Board Needs to Understand AI Deployment Risks

Read more →

DARPA’s AI Cyber Challenge is enlisting AI to fight software vulnerabilities, with the healthcare sector closely watching the semi-finals as a potential solution to rising cyber threats This article has been indexed from www.infosecurity-magazine.com Read the original article: #BHUSA: DARPA’s…

Read more →

A new study from the Chartered Management Institute finds just half of firms offer regular security training This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Managers Improve Cyber Knowledge but Staff Lack Training

Read more →

The UK’s ICO wants to fine NHS partner Advanced £6m for failures that led to a major ransomware breach This article has been indexed from www.infosecurity-magazine.com Read the original article: ICO Prepares £6m Fine for NHS Supplier Advanced

Read more →

Of the 17.8m phishing emails detected, 62% bypassed DMARC checks and 56% evaded all security layers This article has been indexed from www.infosecurity-magazine.com Read the original article: #BHUSA: 17.8m Phishing Emails Detected in First Half of 2024

Read more →

Only 0.91% of vulnerabilities of the reported CVEs were weaponized, but represent the most severe risks This article has been indexed from www.infosecurity-magazine.com Read the original article: CVEs Surge 30% in 2024, Only 0.91% Weaponized

Read more →

A new survey reveals that organizations are suffering an average of eight ransomware incidents per year and paying millions in ransom This article has been indexed from www.infosecurity-magazine.com Read the original article: #BHUSA: Ransom Payments Surge, Organizations Pay Average of…

Read more →

SecurityScorecard claims almost all of the world’s biggest public companies are connected to a supply chain breach This article has been indexed from www.infosecurity-magazine.com Read the original article: #BHUSA: 99% of Global 2000 Firms Have Recently Breached Vendors

Read more →

Singapore’s Ministry of Education ordered the removal of Mobile Guardian from students’ Chromebooks and iPads after a cybersecurity breach This article has been indexed from www.infosecurity-magazine.com Read the original article: Mobile Guardian Hack Leads to 13,000 Student Devices Wiped in…

Read more →

The Grand Palais is among French museums hit by ransomware attacks as the Paris 2024 Summer Olympic Games are underway This article has been indexed from www.infosecurity-magazine.com Read the original article: French Museums Hit By Ransomware Attack

Read more →

Interpol claims intervention saved one Singapore firm $42m stolen by scammers This article has been indexed from www.infosecurity-magazine.com Read the original article: Police Recover Over $40m Headed to BEC Scammers

Read more →

New report warns of escalating hardware supply chain attacks, with 19% of organizations impacted and nearly all IT leaders expecting nation-state involvement This article has been indexed from www.infosecurity-magazine.com Read the original article: #BHUSA: Nation-State Attacks Target Hardware Supply Chains

Read more →

SonicWall discovered the Apache OFBiz flaw, identifying it as a critical issue enabling unauthenticated remote code execution This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Vulnerability in Apache OFBiz Requires Immediate Patching

Read more →

50% of professionals also cited a lack of expertise as a barrier to effective cyber-risk management This article has been indexed from www.infosecurity-magazine.com Read the original article: 86% of Firms Identify Unknown Cyber-Risks as Top Concern

Read more →

TikTok has committed to permanently withdraw the Lite Rewards program from the EU, after legal proceedings were launched relating to its risks to users, particularly children This article has been indexed from www.infosecurity-magazine.com Read the original article: TikTok Withdraws Lite…

Read more →

The White House and EC-Council scholarship program aims to train over 50,000 students in critical cybersecurity skills This article has been indexed from www.infosecurity-magazine.com Read the original article: White House and EC-Council Launch $15m Cybersecurity Scholarship Program

Read more →

The US government is taking TikTok to court for alleged violations of the COPPA regulation This article has been indexed from www.infosecurity-magazine.com Read the original article: US Sues TikTok For Children’s Law Violations

Read more →

Volexity claims the StormBamboo group compromised an ISP to push malicious software updates to customers This article has been indexed from www.infosecurity-magazine.com Read the original article: APT Group StormBamboo Attacks ISP Customers Via DNS Poisoning

Read more →

The UK’s ICO has identified children’s privacy concerns in 11 social media and video sharing platforms, warning of regulatory action if these issues are not addressed This article has been indexed from www.infosecurity-magazine.com Read the original article: Social Media Firms…

Read more →

The US Government Accountability Office has told the Environmental Protection Agency to urgently develop a strategy to tackle rising cyber-threats to the water industry This article has been indexed from www.infosecurity-magazine.com Read the original article: EPA Told to Address Cyber…

Read more →

The rise in DDOS attacks against the gaming industry is accompanied by increasing bot activity This article has been indexed from www.infosecurity-magazine.com Read the original article: Gaming Industry Faces 94% Surge in DDoS Attacks

Read more →

The UK’s NCSC is launching ACD 2.0, an advanced suite of cybersecurity tools and services designed to protect businesses from evolving cyber threats This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Unveils Advanced Cyber Defence 2.0…

Read more →

UK authorities shut down a scam platform responsible for over 1.3 million calls to 500,000 victims, resulting in millions of pounds in losses This article has been indexed from www.infosecurity-magazine.com Read the original article: Scam Platform Shut Down by UK…

Read more →

CloudSek said the RansomEXX breach occurred via a misconfigured Jenkins server at Brontoo Technology This article has been indexed from www.infosecurity-magazine.com Read the original article: RansomEXX Group Targets Indian Banking With New Tactics

Read more →

Pharma company Cencora confirmed in an updated SEC filing that sensitive personal and health data was exfiltrated by attackers in a February 2024 incident This article has been indexed from www.infosecurity-magazine.com Read the original article: Cencora Confirms Patient Data Stolen…

Read more →

The “Eriakos” info-stealing campaign is using hundreds of fake web shops to defraud victims This article has been indexed from www.infosecurity-magazine.com Read the original article: E-Commerce Fraud Campaign Uses 600+ Fake Sites

Read more →

A Vipre study reveals a 20% increase in business email compromise attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: BEC Attacks Surge 20% Annually Thanks to AI Tooling

Read more →

US non-profit OneBlood has issued an urgent appeal for donations after a ransomware attack has significantly reduced its capacity to distribute blood to hospitals This article has been indexed from www.infosecurity-magazine.com Read the original article: Urgent Blood Appeal Issued in…

Read more →

Discovered by Zimperium’s zLabs team, the SMS Stealer malware was found in over 105,000 samples This article has been indexed from www.infosecurity-magazine.com Read the original article: New SMS Stealer Malware Targets Over 600 Global Brands

Read more →

Meta has agreed a $1.4bn settlement with the State of Texas for failing to inform Facebook users about its biometric data capturing practices This article has been indexed from www.infosecurity-magazine.com Read the original article: Meta to Pay Texas $1.4bn for…

Read more →

According to Fortinet, PyPI package Zlibxjson steals Discord tokens and browser data, including passwords and extensive user information This article has been indexed from www.infosecurity-magazine.com Read the original article: New PyPI Package Zlibxjson Steals Discord, Browser Data

Read more →

IBM reveals a 10% increase in the global cost of a data breach to $4.9m This article has been indexed from www.infosecurity-magazine.com Read the original article: Cost of a Data Breach Surges 10% on Shadow Data Challenge

Read more →

A global outage of Microsoft services was triggered by a DDoS attack, with an error Microsoft’s DDoS protection measures amplifying the impact This article has been indexed from www.infosecurity-magazine.com Read the original article: DDoS Attack Triggers New Microsoft Global Outage

Read more →

Zscaler warns of copycat attacks after revealing one ransomware victim paid $75m This article has been indexed from www.infosecurity-magazine.com Read the original article: Researchers Uncover Largest Ever Ransomware Payment of $75m

Read more →

The OneDrive campaign uses social engineering to trick users into executing a PowerShell script This article has been indexed from www.infosecurity-magazine.com Read the original article: Sophisticated Phishing Campaign Targets Microsoft OneDrive Users

Read more →

According to eSentire, around 400 GenAI account logins are sold daily on the dark web, including credentials for GPT, Quillbot, Notion and Replit This article has been indexed from www.infosecurity-magazine.com Read the original article: Stolen GenAI Accounts Flood Dark Web…

Read more →

The ICO found that the Electoral Commission did not have appropriate security measures in place, allowing hackers to access the personal details of 40 million UK voters This article has been indexed from www.infosecurity-magazine.com Read the original article: ICO Slams…

Read more →

Picus Security claims just 12% of simulated attacks trigger an alert This article has been indexed from www.infosecurity-magazine.com Read the original article: Just One in 10 Attacks Flagged By Security Tools

Read more →

Health savings specialist HealthEquity reveals over four million customers were impacted in a recent breach This article has been indexed from www.infosecurity-magazine.com Read the original article: HealthEquity Breach Hits 4.3 Million Customers

Read more →

Guardio Labs found that attackers exploited a configuration setting in Proofpoint’s email protection service, allowing outbound messages to bypass email protections This article has been indexed from www.infosecurity-magazine.com Read the original article: Millions of Spoofed Emails Bypass Proofpoint Security in…

Read more →

Updated Mandrake samples, identified by Kaspersky, displayed enhanced obfuscation and evasion tactics This article has been indexed from www.infosecurity-magazine.com Read the original article: Mandrake Spyware Infects 32,000 Devices Via Google Play Apps

Read more →

Updated Mandrake samples, identified by Kaspersky, displayed enhanced obfuscation and evasion tactics This article has been indexed from www.infosecurity-magazine.com Read the original article: Mandrake Spyware Infects 32,000 Devices via Google Play Apps

Read more →

Walmart detailed findings about an unknown PowerShell backdoor, which was potentially utilized alongside a new Zloader variant This article has been indexed from www.infosecurity-magazine.com Read the original article: Walmart Discovers New PowerShell Backdoor Linked to Zloader Malware

Read more →

Salt Labs also said XSS combined with OAuth can lead to severe breaches This article has been indexed from www.infosecurity-magazine.com Read the original article: Hotjar, Business Insider Vulnerabilities Expose OAuth Data Risks

Read more →

Sapio Research claims that fewer than 50% of European companies place usage and other restrictions on AI This article has been indexed from www.infosecurity-magazine.com Read the original article: Less Than Half of European Firms Have AI Controls in Place

Read more →

Thousands of customers of cryptocurrency exchange Gemini have had personal data compromised This article has been indexed from www.infosecurity-magazine.com Read the original article: US Crypto Exchange Gemini Reveals Breach

Read more →

Synnovis has rebuilt “substantial parts” of its systems following the Qilin ransomware attack on June 3, enabling the restoration of core blood supplies to NHS hospitals This article has been indexed from www.infosecurity-magazine.com Read the original article: Synnovis Restores Systems…

Read more →

CrowdStrike has acknowledged the claims by the USDoD hacktivist group, which has provided a link to download the alleged threat actor list on a cybercrime forum This article has been indexed from www.infosecurity-magazine.com Read the original article: Hacktivists Claim Leak…

Read more →

Despite bans on AI code generation tools, widespread use and lack of governance are creating significant security risks for organizations This article has been indexed from www.infosecurity-magazine.com Read the original article: Despite Bans, AI Code Tools Widespread in Organizations

Read more →

A joint advisory by the UK, US and South Korea have warned of a global espionage campaign by a North Korea threat actor, Andariel, targeting CNI organizations This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korean…

Read more →

Cisco Talos found that ransomware and BEC accounted for 60% of all cyber incidents in Q2 2024, with ransomware rising by 22% compared to Q1 This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware and BEC Make…

Read more →

SonicWall observed a surge in malware attacks in H1 2024, with strains becoming more adept at defense evasion This article has been indexed from www.infosecurity-magazine.com Read the original article: Malware Attacks Surge 30% in First Half of 2024

Read more →

Appsbroker CTS found that nine in 10 IT leaders believe the severity of cyber-attacks has increased over the past year This article has been indexed from www.infosecurity-magazine.com Read the original article: Most IT Leaders Say Severity of Cyber-Attacks has Increased

Read more →

CrowdStrike has published a preliminary Post Incident Review into the global IT outage on July 19, revealing the issue came a Rapid Response Content update This article has been indexed from www.infosecurity-magazine.com Read the original article: CrowdStrike Shares How a…

Read more →

KnowBe4 revealed it was duped into hiring a fake IT worker from North Korea resulting in attempted insider threat activity This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korean Hackers Targeted Cybersecurity Firm KnowBe4 with Fake…

Read more →

Google’s decision to abandon the phase out of third-party cookies on Chrome has been criticized, with the tech giant accused of neglecting user privacy This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Criticized for Abandoning Cookie…

Read more →

A new report published by RUSI highlighted how Russia’s intelligence services have adapted their cybersecurity strategy to the demands of a long war in Ukraine This article has been indexed from www.infosecurity-magazine.com Read the original article: Russia Shifts Cyber Focus…

Read more →

Symantec said Chinese espionage group Daggerfly has updated its malware toolkit as it looks to target Windows, Linux, macOS and Android operating systems This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese Espionage Group Upgrades Malware Arsenal…

Read more →

The UK’s National Crime Agency has infiltrated the DigitalStress marketplace, which offers DDoS capabilities This article has been indexed from www.infosecurity-magazine.com Read the original article: Prolific DDoS Marketplace Shut Down by UK Law Enforcement

Read more →