Tag: www.infosecurity-magazine.com

The security provider has elevated its warning about a vulnerability affecting firewall management interfaces after observing active exploitation This article has been indexed from www.infosecurity-magazine.com Read the original article: Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors

Read more →

Ilya Lichtenstein hacked into the cryptocurrency exchange in 2016 and stole around 120,000 bitcoins This article has been indexed from www.infosecurity-magazine.com Read the original article: Bitfinex Hacker Jailed for Five Years Over Billion Dollar Crypto Heist

Read more →

The new vulnerability was named “FortiJump Higher” due to its similarity with the “FortiJump” vulnerability discovered in October This article has been indexed from www.infosecurity-magazine.com Read the original article: watchTowr Finds New Zero-Day Vulnerability in Fortinet Products

Read more →

SentinelOne described some of ransomware groups’ favorite techniques for targeting cloud services This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Groups Use Cloud Services For Data Exfiltration

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from www.infosecurity-magazine.com Read the original article: O2’s AI Granny Outsmarts Scam Callers with Knitting Tales

Read more →

Misconfigurations in Microsoft Power Pages granting excessive access permissions expose sensitive data, risking PII to unauthorized users This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Power Pages Misconfiguration Leads to Data Exposure

Read more →

Over 1 million domains are vulnerable to “Sitting Ducks” attack, which exploits DNS misconfigurations This article has been indexed from www.infosecurity-magazine.com Read the original article: Sitting Ducks DNS Attacks Put Global Domains at Risk

Read more →

The FBI and CISA have confirmed that US officials’ private communications have been compromised This article has been indexed from www.infosecurity-magazine.com Read the original article: Massive Telecom Hack Exposes US Officials to Chinese Espionage

Read more →

Over 80% of UK organizations suffered an API security incident in the past year, with each costing over £400,000 This article has been indexed from www.infosecurity-magazine.com Read the original article: API Security in Peril as 83% of Firms Suffer Incidents

Read more →

The UK’s financial regulators have discarded plans to force critical suppliers to disclose new vulnerabilities This article has been indexed from www.infosecurity-magazine.com Read the original article: Bank of England U-turns on Vulnerability Disclosure Rules

Read more →

Hive0145 is targeting Spain, Germany, Ukraine with Strela Stealer malware in invoice phishing tactic This article has been indexed from www.infosecurity-magazine.com Read the original article: Hive0145 Targets Europe with Advanced Strela Stealer Campaigns

Read more →

2025 could see our biggest AI fears materialize, according to a Google Cloud forecast report This article has been indexed from www.infosecurity-magazine.com Read the original article: AI Threat to Escalate in 2025, Google Cloud Warns

Read more →

Lazarus APT has been found smuggling malware onto macOS devices using custom extended attributes, evading detection This article has been indexed from www.infosecurity-magazine.com Read the original article: Lazarus Group Uses Extended Attributes for Code Smuggling in macOS

Read more →

An individual who posted data allegedly stolen via MOVEit from Amazon and other big-name firms claims not to be malicious This article has been indexed from www.infosecurity-magazine.com Read the original article: Amazon MOVEit Leaker Claims to Be Ethical Hacker

Read more →

Microsoft has addressed four zero-day vulnerabilities this month, two of which have been exploited This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Fixes Four More Zero-Days in November Patch Tuesday

Read more →

The TA455 phishing campaign used fake job offers on LinkedIn to deploy malware This article has been indexed from www.infosecurity-magazine.com Read the original article: TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware

Read more →

New phishing tool GoIssue targets GitHub, enabling mass phishing, and has been linked to the GitLoker extortion campaign This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Tool GoIssue Targets Developers on GitHub

Read more →

Panaseer claims 72% of security leaders are taking out personal indemnity insurance as board scrutiny increases This article has been indexed from www.infosecurity-magazine.com Read the original article: CISOs Turn to Indemnity Insurance as Breach Pressure Mounts

Read more →

watchTowr has found a flaw in Citrix’s Session Recording Manager that can be exploited to enable unauthenticated RCE against Citrix Virtual Apps and Desktops This article has been indexed from www.infosecurity-magazine.com Read the original article: New Citrix Zero-Day Vulnerability Allows…

Read more →

Jamf observed North Korean attackers embedding malware within Flutter applications to target macOS devices, potentially to test a new way of weaponizing malware This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korea Hackers Leverage Flutter to…

Read more →

Halliburton has reported a $35m loss associated with an August ransomware breach This article has been indexed from www.infosecurity-magazine.com Read the original article: Energy Giant Halliburton Reveals $35m Ransomware Loss

Read more →

The new Remcos RAT variant identified in a new phishing campaign exploits CVE-2017-0199 via malicious Excel files This article has been indexed from www.infosecurity-magazine.com Read the original article: New Remcos RAT Variant Targets Windows Users Via Phishing

Read more →

The World Economic Forum has shared recommendations on how to build on the success of existing partnerships to accelerate the disruption of cybercriminal activities This article has been indexed from www.infosecurity-magazine.com Read the original article: WEF Introduces Framework to Strengthen…

Read more →

Researchers have uncovered a surge in phishing attacks using Visio .vsdx files to evade security scans This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Visio Files Used in Sophisticated Phishing Attacks

Read more →

This year’s Blue OLEx cyber-attack drill was hosted in Italy and benefited from the new EU-CyCLONe for the first time This article has been indexed from www.infosecurity-magazine.com Read the original article: EU Ramps Up Cyber Resilience with Major Crisis Simulation…

Read more →

The UK Regional Organised Crime Unit (ROCU) Network has urged the elderly to be on the lookout for scam texts offering a winter fuel subsidy This article has been indexed from www.infosecurity-magazine.com Read the original article: Pensioners Warned Over Winter…

Read more →

Swedish-Russian national Roman Sterlingov has been jailed for 12 years and six months for operating notorious cryptocurrency mixer Bitcoin Fog This article has been indexed from www.infosecurity-magazine.com Read the original article: Man Gets 12.5 Years for Running Bitcoin Fog Crypto…

Read more →

South Korea warned that pro-Russian groups have attacked government and private sector websites following the deployment of North Korean soldiers in Ukraine This article has been indexed from www.infosecurity-magazine.com Read the original article: Pro-Russian Hacktivists Target South Korea as North…

Read more →

International energy solution provider Newpark Resources has confirmed it was hit by a ransomware attack that disrupted critical systems This article has been indexed from www.infosecurity-magazine.com Read the original article: Major Oilfield Supplier Hit by Ransomware Attack

Read more →

SentinelLabs observed the North Korean group BlueNoroff targeting crypto firms via a multi-stage malware campaign which utilizes a novel persistence mechanism This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korean Actor Deploys Novel Malware Campaign Against…

Read more →

Androxgh0st botnet has expanded, integrating Mozi IoT payloads and targeting web server vulnerabilities This article has been indexed from www.infosecurity-magazine.com Read the original article: Androxgh0st Botnet Adopts Mozi Payloads, Expands IoT Reach

Read more →

Interlock employs both “big-game hunting” and double extortion tactics against its victims This article has been indexed from www.infosecurity-magazine.com Read the original article: Interlock Ransomware Targets US Healthcare, IT and Government Sectors

Read more →

An ICO audit of AI recruitment tools found numerous data privacy issues that may lead to jobseekers being discriminated against and privacy compromised This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Regulator Urges Stronger Data Protection…

Read more →

TikTok Technology Canada, Inc, the subsidiary of Chinese group ByteDance, will have to cease its operations in Canada This article has been indexed from www.infosecurity-magazine.com Read the original article: Canada Orders Shutdown of Local TikTok Branch Over Security Concerns

Read more →

The UK’s National Cyber Security Centre has released malvertising guidance for brands and their ad partners This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Publishes Tips to Tackle Malvertising Threat

Read more →

CIISec report reveals the average wage for UK security professionals is now over £87,000 This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Cybersecurity Wages Soar Above Inflation as Stress Levels Rise

Read more →

Trend Micro’s Robert McArdle says cybercriminals use of AI is far more limited than many realize, and pales in comparison to defenders’ use of the technology This article has been indexed from www.infosecurity-magazine.com Read the original article: Defenders Outpace Attackers…

Read more →

A cyber-attack targeting telematics provider Microlise has disrupted tracking services for key clients like DHL and Serco This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyber-Attack on Microlise Disrupts DHL and Serco Tracking Services

Read more →

Organizations remain unprepared to defend against known and predictable attacks like ransomware This article has been indexed from www.infosecurity-magazine.com Read the original article: IRISSCON: Organizations Still Falling Victim to Predictable Cyber-Attacks

Read more →

Winos4.0 malware, derived from Gh0strat, targets Windows users via game-related applications, enabling remote control of affected systems This article has been indexed from www.infosecurity-magazine.com Read the original article: Winos4.0 Malware Found in Game Apps, Targets Windows Users

Read more →

The Nigerian police have arrested 113 foreign individuals and their 17 Nigerian collaborators for their alleged involvement in high-level cybercrimes This article has been indexed from www.infosecurity-magazine.com Read the original article: Massive Nigerian Cybercrime Bust Sees 130 Arrested

Read more →

Google wants to ensure a smooth transition towards required MFA across all Google Cloud accounts with a phased rollout running throughout 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Cloud to Mandate Multifactor Authentication by…

Read more →

A man suspected of breaching hundreds of Snowflake accounts has been arrested This article has been indexed from www.infosecurity-magazine.com Read the original article: Snowflake Hacking Suspect Arrested in Canada

Read more →

Interpol claims an international policing operation has shuttered 22,000 IPs connected with cybercrime This article has been indexed from www.infosecurity-magazine.com Read the original article: Global Operation Takes Down 22,000 Malicious IPs

Read more →

ClickFix exploits fake error messages across multiple platforms, such as Google Meet and Zoom This article has been indexed from www.infosecurity-magazine.com Read the original article: ClickFix Exploits Users with Fake Errors and Malicious Code

Read more →

ToxicPanda malware targets banking apps on Android, spreading through Italy, Portugal and Spain This article has been indexed from www.infosecurity-magazine.com Read the original article: ToxicPanda Malware Targets Banking Apps on Android Devices

Read more →

A joint US government advisory warned about increasing foreign influence efforts designed to undermine the legitimacy of the Presidential Election This article has been indexed from www.infosecurity-magazine.com Read the original article: US Voters Urged to Use Official Sources for Election…

Read more →

APT36 evolved its remote access trojan, ElizaRAT, along with introducing a new stealer payload called ApoloStealer This article has been indexed from www.infosecurity-magazine.com Read the original article: Pakistani Hackers Targeted High-Profile Indian Entities using Custom RAT

Read more →

Lloyds Bank has revealed that Oasis fans comprise the vast majority of ticket scam victims it deals with This article has been indexed from www.infosecurity-magazine.com Read the original article: Oasis Fans Losing Up to £1000 Each to Ticket Scammers

Read more →

A Which? report outlines serious privacy concerns with smart device products including air fryers This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese Air Fryers May Be Spying on Consumers, Which? Warns

Read more →

The City of Columbus, Ohio, informed the Maine Attorney General’s Office that approximately 55% of its residents were affected by the breach This article has been indexed from www.infosecurity-magazine.com Read the original article: Columbus Ransomware Attack Exposes Data of 500,000…

Read more →

Cybercriminals are exploiting DocuSign APIs to send fake invoices, bypassing security filters and mimicking well-known brands This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybercriminals Exploit DocuSign APIs to Send Fake Invoices

Read more →

A US district court sentenced a Nigerian man for an elaborate ‘man-in-the-middle’ phishing campaign, which resulted in $12m in losses from real-estate transactions This article has been indexed from www.infosecurity-magazine.com Read the original article: Nigerian Handed 26-Year Sentence for Real…

Read more →

The flaw, an exploitable stack buffer underflow in SQLite, was found by Google’s Big Sleep team using a large language model (LLM) This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Researchers Claim First Vulnerability Found Using…

Read more →

US government agencies said the video, widely shared on social media, is part of Russia’s broader strategy of undermining the integrity of the Presidential Election This article has been indexed from www.infosecurity-magazine.com Read the original article: US Says Russia Behind…

Read more →

Checkmarx has observed a novel npm supply chain attack using Ethereum smart contracts to manage command-and-control (C2) operations This article has been indexed from www.infosecurity-magazine.com Read the original article: Supply Chain Attack Uses Smart Contracts for C2 Ops

Read more →

Several UK council websites are back online after being disrupted by Russian hacktivist DDoS attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Council Sites Recover Following Russian DDoS Blitz

Read more →

Sophos provided details of changing tactics by Chinese APT groups over a five-year period, involving a shift towards stealthy, targeted attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Sophos Warns Chinese Hackers Are Becoming Stealthier

Read more →

Multiple vulnerabilities in Rockwell Automation and Mitsubishi products could allow ICS cyber-attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Warns of Critical Software Vulnerabilities in Industrial Devices

Read more →

US and Israeli government agencies have warned that the Iranian state-sponsored threat actor Cotton Sandstorm is deploying new tradecraft to expand its operations This article has been indexed from www.infosecurity-magazine.com Read the original article: US and Israel Warn of Iranian…

Read more →

New phishing kit Xiu Gou, featuring a unique “doggo” mascot, targets users in US, UK, Spain, Australia and Japan with 2000+ scam websites This article has been indexed from www.infosecurity-magazine.com Read the original article: New Xiu Gou Phishing Kit Targets…

Read more →

Emeraldwhale breach allowed access to over 10,000 repositories and resulted in the theft of more than 15,000 cloud service credentials This article has been indexed from www.infosecurity-magazine.com Read the original article: Misconfigured Git Configurations Targeted in Emeraldwhale Attack

Read more →

EMERALDWHALE breach allowed access to over 10,000 repositories and resulted in the theft of more than 15,000 cloud service credentials This article has been indexed from www.infosecurity-magazine.com Read the original article: Misconfigured Git Configurations Targeted in EMERALDWHALE Attack

Read more →

A report by the Canadian Centre for Cyber Security described China as the most sophisticated cyber threat to Canada, also identified India as an emerging threat This article has been indexed from www.infosecurity-magazine.com Read the original article: Canadian Government Data…

Read more →

Palo Alto Networks’ Unit 42 has observed the first-ever collaboration between North Korean-backed Jumpy Pisces and Play ransomware This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korean Hackers Collaborate with Play Ransomware

Read more →

Malware-related attacks against global government organizations increased 236% year-on-year in Q1 2024, according to SonicWall This article has been indexed from www.infosecurity-magazine.com Read the original article: Government Sector Suffers 236% Surge in Malware Attacks

Read more →

ITRC data finds 81% of US small businesses have suffered a data or security breach over the past year This article has been indexed from www.infosecurity-magazine.com Read the original article: Over 80% of US Small Businesses Have Been Breached

Read more →

The LiteSpeed Cache vulnerability allows administrator-level access, risking security for over 6 million WordPress sites This article has been indexed from www.infosecurity-magazine.com Read the original article: LiteSpeed Cache Plugin Vulnerability Poses Admin Access Risk

Read more →

The new FakeCall variant uses advanced vishing tactics, featuring Bluetooth for device monitoring This article has been indexed from www.infosecurity-magazine.com Read the original article: Updated FakeCall Malware Targets Mobile Devices with Vishing

Read more →

In a major security update, Apple has fixed dozens of bugs and vulnerabilities across its operating systems and services This article has been indexed from www.infosecurity-magazine.com Read the original article: Apple Rolls Out Major Security Update to Patch macOS and…

Read more →

CISA’s 2025-2026 International Strategic Plan aims to strengthen external partnerships to reduce risks to critical infrastructure relied on in the US This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Launches First International Cybersecurity Plan

Read more →

Comparitech warns that voters could be misled as most local government sites are failing on basic security This article has been indexed from www.infosecurity-magazine.com Read the original article: Over Half of US County Websites “Could Be Spoofed”

Read more →

Microsoft has spotted a major spearphishing campaign from the Russian APT29 group using RDP for compromise This article has been indexed from www.infosecurity-magazine.com Read the original article: Midnight Blizzard Spearphishing Campaign Targets Thousands with RDP Files

Read more →

Microsoft has spotted a major spearphishing campaign from the Russian APT29 group using RDP for compromise This article has been indexed from www.infosecurity-magazine.com Read the original article: APT29 Spearphishing Campaign Targets Thousands with RDP Files

Read more →

ThreatFabric researchers have discovered significant updates to the LightSpy spyware, featuring plugins designed to interfere with device functionality This article has been indexed from www.infosecurity-magazine.com Read the original article: New LightSpy Spyware Targets iOS with Enhanced Capabilities

Read more →

The phishing campaign targeted users via texts impersonating Amazon, linked to the threat actor Chenlun This article has been indexed from www.infosecurity-magazine.com Read the original article: Chenlun’s Evolving Phishing Tactics Target Trusted Brands

Read more →

Operation Magnus took down infrastructure used to run the Redline and Meta infostealers, widely used tools in cybercriminal activities This article has been indexed from www.infosecurity-magazine.com Read the original article: Law Enforcement Operation Takes Down Redline and Meta Infostealers

Read more →

A Veeam report found that businesses are prioritizing NIS2 compliance, with 95% of applicable firms diverting funds from other areas of the business This article has been indexed from www.infosecurity-magazine.com Read the original article: NIS2 Compliance Puts Strain on Business…

Read more →

Global Witness uncovered a network of 71 suspicious accounts on X supporting the Azeri government This article has been indexed from www.infosecurity-magazine.com Read the original article: Suspicious Social Media Accounts Deployed Ahead of COP29

Read more →

The UK has joined forces with its Five Eyes peers to offer cybersecurity guidance to startups This article has been indexed from www.infosecurity-magazine.com Read the original article: Five Eyes Agencies Launch Startup Security Initiative

Read more →

The UK’s information commissioner claims most adults in the country have had their personal data exposed or compromised This article has been indexed from www.infosecurity-magazine.com Read the original article: ICO: 55% of UK Adults Have Had Data Lost or Stolen

Read more →

Evasive Panda’s CloudScout uses MgBot to steal session cookies, infiltrating cloud data in Taiwan This article has been indexed from www.infosecurity-magazine.com Read the original article: Evasive Panda’s CloudScout Toolset Targets Taiwan

Read more →

The surge in job scams targets vulnerable individuals, mirroring pig butchering fraud tactics This article has been indexed from www.infosecurity-magazine.com Read the original article: New Type of Job Scam Targets Financially Vulnerable Populations

Read more →

Google researchers have observed Russian threat actor UNC5812 using a malware campaign via Telegram to access the devices of Ukrainian military recruits This article has been indexed from www.infosecurity-magazine.com Read the original article: Russian Malware Campaign Targets Ukrainian Recruits Via…

Read more →

Trend Micro’s Zero Day Initiative hands out over $1m in awards for Pwn2Own competitors, who found more than 70 zero-day flaws This article has been indexed from www.infosecurity-magazine.com Read the original article: Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own…

Read more →

Vipre research reveals that 10% of emails targeting the manufacturing sector are BEC attempts This article has been indexed from www.infosecurity-magazine.com Read the original article: AI-Powered BEC Scams Zero in on Manufacturers

Read more →

Updated figures from the HHS revealed that 100 million patients have been notified that their data was breached in the Change Healthcare ransomware attack This article has been indexed from www.infosecurity-magazine.com Read the original article: Change Healthcare Breach Affects 100…

Read more →

CERT-UA said the phishing campaign lures victims into downloading malware used to exfiltrate files containing sensitive personal data This article has been indexed from www.infosecurity-magazine.com Read the original article: Ukraine Warns of Mass Phishing Campaign Targeting Citizens Data

Read more →

LinkedIn violated the EU’s GDPR in how it processes its users personal data for behavioral purposes This article has been indexed from www.infosecurity-magazine.com Read the original article: Irish Data Protection Watchdog Fines LinkedIn $336m

Read more →

A new ISACA study reveals that pay inequity and a lack of female leadership are significant issues noted by women in the digital trust sector This article has been indexed from www.infosecurity-magazine.com Read the original article: Inequity Challenges Women in…

Read more →

An unidentified threat actor has attempted to develop ransomware targeting macOS devices, posing as LockBit This article has been indexed from www.infosecurity-magazine.com Read the original article: MacOS-Focused Ransomware Attempts Leverage LockBit Brand

Read more →

Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware This article has been indexed from www.infosecurity-magazine.com Read the original article: Lazarus Group Exploits Google Chrome Flaw in New Campaign

Read more →

Penn State will pay $1.25m for failing federal cybersecurity standards in DoD and NASA contracts This article has been indexed from www.infosecurity-magazine.com Read the original article: Penn State Settles for $1.25M Over Cybersecurity Violations

Read more →

The National Security Memorandum on AI sets out actions for the federal government to ensure the safe, secure and trustworthy development of AI This article has been indexed from www.infosecurity-magazine.com Read the original article: White House Issues AI National Security…

Read more →

This high-severity flaw, dubbed FortiJump by security researcher Kevin Beaumont, has been added to CISA’s KEV catalog This article has been indexed from www.infosecurity-magazine.com Read the original article: Fortinet Confirms Exploitation of Critical FortiManager Zero-Day Vulnerability

Read more →

The Data (Use and Access) Bill governs digital verification services and the use of personal data in public services, and will revamp the Information Commissioner’s Office This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Government Introduces…

Read more →

A new ISACA study has revealed that cybersecurity professionals are often overlooked in the development of AI policies This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybersecurity Teams Largely Ignored in AI Policy Development

Read more →

On the 10th anniversary since Cyber Essentials was introduced, the UK government has highlighted the impact the scheme has had in preventing attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Government Urges Organizations to Get…

Read more →

While Internet Archive’s services slowly resume, the data breach reveals the non-profit’s security failures This article has been indexed from www.infosecurity-magazine.com Read the original article: Internet Archive Secures Zendesk Account, Works Toward Full-Service Restoration

Read more →

70% of leaders see cyber knowledge gap; AI attacks are harder to detect, 60% expect more victims This article has been indexed from www.infosecurity-magazine.com Read the original article: 70% of Leaders See Cyber Knowledge Gap in Employees

Read more →