Tag: www.infosecurity-magazine.com

Ukraine’s State Registers Restored Following Cyber-Attack

The December 2024 cyber-attack on the country’s state registers, was attributed to Russian military intelligence services This article has been indexed from www.infosecurity-magazine.com Read the original article: Ukraine’s State Registers Restored Following Cyber-Attack

US Sanctions Chinese Hackers for Treasury, Telecom Breaches

The US has issued sanctions against an individual and a company involved in recent high-profile compromises of government officials by Chinese state-affiliated hackers This article has been indexed from www.infosecurity-magazine.com Read the original article: US Sanctions Chinese Hackers for Treasury,…

Lazarus Group Targets Developers in New Data Theft Campaign

SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments This article has been indexed from www.infosecurity-magazine.com Read the original article: Lazarus Group Targets Developers…

Star Blizzard Targets WhatsApp in New Campaign

Microsoft highlighted a new Star Blizzard campaign targeting WhatsApp accounts, as the group adapts its TTPs following the takedown of its infrastructure by law enforcement This article has been indexed from www.infosecurity-magazine.com Read the original article: Star Blizzard Targets WhatsApp…

Hackers Use Image-Based Malware and GenAI to Evade Email Security

HP Wolf highlighted novel techniques used by attackers to bypass email protections, including embedding malicious code inside images and utilizing GenAI This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Use Image-Based Malware and GenAI to Evade…

GoDaddy Accused of Serious Security Failings by FTC

A proposed settlement order from the FTC will require GoDaddy to strengthen its security practices following multiple data breaches at the web hosting giant This article has been indexed from www.infosecurity-magazine.com Read the original article: GoDaddy Accused of Serious Security…

Multi-Cloud Adoption Surges Amid Rising Security Concerns

A new report from Fortinet reveals increased adoption of multi-cloud strategies and hybrid implementations combining on-premises and public cloud infrastructure This article has been indexed from www.infosecurity-magazine.com Read the original article: Multi-Cloud Adoption Surges Amid Rising Security Concerns

Secureworks Exposes North Korean Links to Fraudulent Crowdfunding

Secureworks Counter Threat Unit (CTU) has identified links between North Korean IT workers and fraudulent crowdfunding activities, with the group known as Nickle Tapestry orchestrating scams to support North Korean interests This article has been indexed from www.infosecurity-magazine.com Read the…

Microsoft Patches Eight Zero-Days to Start the Year

Patch Tuesday saw Microsoft fix eight zero-days, three of which are being actively exploited This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Patches Eight Zero-Days to Start the Year

New AI Rule Aims to Prevent Misuse of US Technology

A new Interim Final Rule on Artificial Intelligence Diffusion issued in the US strengthens security, streamlines chip sales and prevents misuse of AI technology This article has been indexed from www.infosecurity-magazine.com Read the original article: New AI Rule Aims to…

UK Considers Ban on Ransomware Payments by Public Bodies

A UK government consultation has proposed banning public sector and critical infrastructure organizations from making ransomware payments to disincentivize attackers from targeting these services This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Considers Ban on Ransomware…

UK Registry Nominet Breached Via Ivanti Zero-Day

The .uk registry Nominet has been breached by a recently disclosed zero-day vulnerability in Ivanti products This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Registry Nominet Breached Via Ivanti Zero-Day

Russian Malware Campaign Hits Central Asian Diplomatic Files

Diplomatic entities in Kazakhstan and Central Asia have been targeted by UAC-0063 using weaponized Word docs deploying HATVIBE malware This article has been indexed from www.infosecurity-magazine.com Read the original article: Russian Malware Campaign Hits Central Asian Diplomatic Files

Microsoft 365 MFA Outage Fixed

Microsoft confirmed an outage of its multi-factor authentication system impacting access to Microsoft 365, causing login failures and service disruption This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft 365 MFA Outage Fixed

Slovakia Hit by Historic Cyber-Attack on Land Registry

A large-scale cyber-attack has targeted the information system of Slovakia’s land registry, impacting the management of land and property records This article has been indexed from www.infosecurity-magazine.com Read the original article: Slovakia Hit by Historic Cyber-Attack on Land Registry

Medusind Breach Exposes Sensitive Patient Data

The US medical billing firm is notifying over 360,000 customers that their personal, financial and medical data may have been exposed This article has been indexed from www.infosecurity-magazine.com Read the original article: Medusind Breach Exposes Sensitive Patient Data

Fake PoC Exploit Targets Security Researchers with Infostealer

Trend Micro detailed how attackers are using a fake proof-of-concept for a critical Microsoft vulnerability, designed to steal sensitive data from security researchers This article has been indexed from www.infosecurity-magazine.com Read the original article: Fake PoC Exploit Targets Security Researchers…

Fancy Product Designer Plugin Flaws Expose WordPress Sites

Critical Fancy Product Designer plugin flaws risk remote code execution and SQL injection attacks on WordPress sites This article has been indexed from www.infosecurity-magazine.com Read the original article: Fancy Product Designer Plugin Flaws Expose WordPress Sites

Critical Ivanti Zero-Day Exploited in the Wild

Ivanti customers are urged to patch two new bugs in the security vendor’s products, one of which is being actively exploited This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Ivanti Zero-Day Exploited in the Wild

Green Bay Packers Pro Shop Data Breach Compromises Customers

The Green Bay Packers disclosed on Monday that their official online store was breached and customer information stolen This article has been indexed from www.infosecurity-magazine.com Read the original article: Green Bay Packers Pro Shop Data Breach Compromises Customers

US Launches Cyber Trust Mark for IoT Devices

The voluntary Cyber Trust Mark labeling program will allow consumers to assess the cybersecurity of IoT devices when making purchasing decisions This article has been indexed from www.infosecurity-magazine.com Read the original article: US Launches Cyber Trust Mark for IoT Devices

Scammers Exploit Microsoft 365 to Target PayPal Users

A new PayPal phishing scam used genuine money requests, bypassing security checks to deceive recipients This article has been indexed from www.infosecurity-magazine.com Read the original article: Scammers Exploit Microsoft 365 to Target PayPal Users

New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices

A newly identified Mirai botnet exploits over 20 vulnerabilities, including zero-days, in industrial routers and smart home devices This article has been indexed from www.infosecurity-magazine.com Read the original article: New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices

New Research Highlights Vulnerabilities in MLOps Platforms

New research by Security Intelligence has revealed security risks in MLOps platforms including Azure ML, BigML and Google Vertex AI This article has been indexed from www.infosecurity-magazine.com Read the original article: New Research Highlights Vulnerabilities in MLOps Platforms

Moxa Urges Immediate Updates for Security Vulnerabilities

Moxa has reported two critical vulnerabilities in its routers and network security appliances that could allow system compromise and arbitrary code execution This article has been indexed from www.infosecurity-magazine.com Read the original article: Moxa Urges Immediate Updates for Security Vulnerabilities

Phishing Click Rates Triple in 2024

Netskope observed a 190% growth in enterprise users clicking phishing links as attackers become more creative in delivering effective lures This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Click Rates Triple in 2024

UK Government to Ban Creation of Explicit Deepfakes

The UK government is cracking down on the generation of sexually explicit deepfakes in a bid to protect women and girls This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Government to Ban Creation of Explicit Deepfakes

CISA Claims Treasury Breach Did Not Impact Other Agencies

The US Cybersecurity and Infrastructure Security Agency claims a recent China-linked breach was confined to the Treasury This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Claims Treasury Breach Did Not Impact Other Agencies

Chinese Hackers Double Cyber-Attacks on Taiwan

Taiwan’s security service said government networks faced 2.4 million attacks in 2024, most of which are attributed to Chinese state actors This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese Hackers Double Cyber-Attacks on Taiwan

New Infostealer Campaign Uses Discord Videogame Lure

Threat actors are tricking victims into downloading malware with the promise of testing a new videogame This article has been indexed from www.infosecurity-magazine.com Read the original article: New Infostealer Campaign Uses Discord Videogame Lure

Scammers Drain $500m from Crypto Wallets in a Year

Scam Sniffer claims that threat actors used wallet drainers to steal $494m from victims in 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Scammers Drain $500m from Crypto Wallets in a Year

US Sanctions Chinese Cybersecurity Firm for Global Botnet Attacks

The US government said that China based firm Integrity Technology Group provided infrastructure for Flax Typhoon to attack multiple US targets This article has been indexed from www.infosecurity-magazine.com Read the original article: US Sanctions Chinese Cybersecurity Firm for Global Botnet…

Atos Group Denies Space Bears’ Ransomware Attack Claims

Atos Group has denied the ransomware group Space Bears’ claims of compromising its database, calling the allegations unfounded This article has been indexed from www.infosecurity-magazine.com Read the original article: Atos Group Denies Space Bears’ Ransomware Attack Claims

DDoS Disrupts Japanese Mobile Giant Docomo

Docomo has revealed a DDoS attack on Thursday took down key services This article has been indexed from www.infosecurity-magazine.com Read the original article: DDoS Disrupts Japanese Mobile Giant Docomo

Web3 Attacks Result in $2.3Bn in Cryptocurrency Losses

The amount of crypto stolen in the Web3 ecosystem rose by 31.6% compared to 2023, with phishing the most costly attack vector This article has been indexed from www.infosecurity-magazine.com Read the original article: Web3 Attacks Result in $2.3Bn in Cryptocurrency…

Apple Agrees $95M Settlement Over Siri Privacy Violations

Apple has agreed to a $95m settlement in a class action lawsuit alleging Siri privacy violations, with eligible users receiving up to $20 per Siri-enabled device This article has been indexed from www.infosecurity-magazine.com Read the original article: Apple Agrees $95M…

US Confirms Russian GenAI Disinformation Op Targeted Election

The US government has sanctioned Russian state-affiliated entity CGE, which used a vast GenAI infrastructure to spread disinformation during the US Presidential election This article has been indexed from www.infosecurity-magazine.com Read the original article: US Confirms Russian GenAI Disinformation Op…

New DoubleClickjacking Attack Bypasses Protections

DoubleClickjacking bypasses X-Frame-Options and SameSite cookies in double-click sequences, exposing UI authentication flaws This article has been indexed from www.infosecurity-magazine.com Read the original article: New DoubleClickjacking Attack Bypasses Protections

HIPAA Rules Update Proposed to Combat Healthcare Data Breaches

The US government has set out proposals to increase security obligations on healthcare providers to protect patient data amid surging cyber-attacks in the sector This article has been indexed from www.infosecurity-magazine.com Read the original article: HIPAA Rules Update Proposed to…

Hackers Leak Rhode Island Citizens’ Data on Dark Web

The State of Rhode Island has confirmed that cybercriminals have begun publishing data stolen from its social services portal, the RIBridges system This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Leak Rhode Island Citizens’ Data on…

Majority of UK SMEs Lack Cybersecurity Policy

Insurance firm Markel Direct found that 69% of UK SMEs lack a cybersecurity policy, with a significant lack of basic cybersecurity measures in place across these firms This article has been indexed from www.infosecurity-magazine.com Read the original article: Majority of…

US and Japan Blame North Korea for $308m Crypto Heist

A joint US-Japan alert attributed North Korean hackers with a May 2024 crypto heist worth $308m from Japan-based company DMM This article has been indexed from www.infosecurity-magazine.com Read the original article: US and Japan Blame North Korea for $308m Crypto…

Spyware Maker NSO Group Liable for WhatsApp User Hacks

A US judge has ruled in favor of WhatsApp in a long-running case against commercial spyware-maker NSO Group This article has been indexed from www.infosecurity-magazine.com Read the original article: Spyware Maker NSO Group Liable for WhatsApp User Hacks

Major Biometric Data Farming Operation Uncovered

Researchers at iProov have discovered a dark web group compiling identity documents and biometric data to bypass KYC checks This article has been indexed from www.infosecurity-magazine.com Read the original article: Major Biometric Data Farming Operation Uncovered

Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP

The vulnerabilities, now patched, posed significant risks, including unauthorized file uploads, privilege escalation and SQL injection attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP

Ransomware Attack Exposes Data of 5.6 Million Ascension Patients

US healthcare giant Ascension revealed that 5.6 million individuals have had their personal, medical and financial information breached in a ransomware attack This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Attack Exposes Data of 5.6 Million…

ICO Warns of Mobile Phone Festive Privacy Snafu

The Information Commissioner’s Office has warned that millions of Brits don’t know how to erase personal data from their old devices This article has been indexed from www.infosecurity-magazine.com Read the original article: ICO Warns of Mobile Phone Festive Privacy Snafu

LockBit Admins Tease a New Ransomware Version

The LockBitSupp persona said LockBit 4.0 will be launched in February 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: LockBit Admins Tease a New Ransomware Version

Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns

The FBI has issued a warning about the Hiatus RAT malware targeting Xiongmai and Hikvision web cameras and DVRs, urging users isolate these devices from networks This article has been indexed from www.infosecurity-magazine.com Read the original article: Webcams and DVRs…

CISA Urges Encrypted Messaging After Salt Typhoon Hack

The US Cybersecurity and Infrastructure Security Agency recommended users turn on phishing-resistant MFA and switch to Signal-like apps for messaging This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Urges Encrypted Messaging After Salt Typhoon Hack

US Organizations Still Using Kaspersky Products Despite Ban

Bitsight found that 40% of US organizations who used Kaspersky products before the government ban came into effect still appear to be using them This article has been indexed from www.infosecurity-magazine.com Read the original article: US Organizations Still Using Kaspersky…

EU Opens Door for AI Training Using Personal Data

The EU Data Protection Board (EDPB) published a long-awaited opinion on how GDPR should apply to AI models This article has been indexed from www.infosecurity-magazine.com Read the original article: EU Opens Door for AI Training Using Personal Data