Tag: http://www.infosecurity-magazine.com/rss/news/76/application-security/

Surveillance Commissioner Blasts Cops for Data Retention

Fraser Sampson says UK police have three million photos of innocent people This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Surveillance Commissioner Blasts Cops for Data Retention

HackerOne Exceeds $300m in Bug Bounty Payments

Thirty hackers have earned over one million dollars each This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: HackerOne Exceeds $300m in Bug Bounty Payments

Boeing Investigates LockBit Ransomware Breach Claims

Group alleges it stole large volume of sensitive data This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Boeing Investigates LockBit Ransomware Breach Claims

Nigerian Police Dismantle Major Cybercrime Hub

Training and operations center was based in Abuja This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Nigerian Police Dismantle Major Cybercrime Hub

#ISC2Congress: CISOs Can Elevate Their Role with New Cyber Regulations

New regulations, such as the recent SEC incident reporting requirements, offer huge opportunities for CISOs to boost their influence This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: #ISC2Congress: CISOs Can Elevate Their Role with New Cyber Regulations

#ISC2Congress: CISO Best Practices for Managing Cyber Risk

Two leading CISOs provide best practice tips for CISOs on undertaking a sustainable cyber risk management program This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: #ISC2Congress: CISO Best Practices for Managing Cyber Risk

Operation Triangulation iOS Attack Details Revealed

Kaspersky said the attack exploited five vulnerabilities, four of which were unknown zero-days This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Operation Triangulation iOS Attack Details Revealed

Half of Cyber-Attacks Go Unreported

Almost half of organizations have failed to report cyber-attacks to the appropriate authorities in 2023 This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Half of Cyber-Attacks Go Unreported

ShadowSyndicate Investigation Reveals RaaS Ties

The investigation was conducted by Group-IB, Bridewell and threat researcher Michael Koczwara This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: ShadowSyndicate Investigation Reveals RaaS Ties

ZenRAT Malware Uncovered in Bitwarden Impersonation

Discovered by Proofpoint, ZenRAT is a modular remote access trojan targeting Windows users This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: ZenRAT Malware Uncovered in Bitwarden Impersonation

More than 30 US Banks Targeted in New Xenomorph Malware Campaign

ThreatFabric explained the malware relies on deceptive phishing webpages posing as a Chrome update This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: More than 30 US Banks Targeted in New Xenomorph Malware Campaign

Sophisticated APT Clusters Target Southeast Asia

Unit 42 uncovered three separate threat actor clusters: Stately Taurus, Alloy Taurus and Gelsemium This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Sophisticated APT Clusters Target Southeast Asia

China-Linked EvilBamboo Targets Mobiles

This extensive operation is directed at Tibetan, Uyghur and Taiwanese individuals and organizations This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: China-Linked EvilBamboo Targets Mobiles

Voting Equipment Giants Team Up For Security

The move aims to combat the rampant spread of misinformation among American voters This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Voting Equipment Giants Team Up For Security

Web3 Platform Mixin Network Hit by $200m Crypto Hack

The decentralized finance network has suspended deposits and withdrawals after what could be one of the biggest cyber-attacks on cryptocurrency projects This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Web3 Platform Mixin Network Hit by $200m Crypto…

Almost 900 US Schools Breached Via MOVEit

National Student Clearinghouse reveals more details of incident This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Almost 900 US Schools Breached Via MOVEit

BEC Scammer Pleads Guilty to Part in $6m Scheme

Nigerian was extradited to the US from Canada This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: BEC Scammer Pleads Guilty to Part in $6m Scheme

Almost US 900 Schools Breached Via MOVEit

National Student Clearinghouse reveals more details of incident This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Almost US 900 Schools Breached Via MOVEit

CISA and NFL Collaborate to Secure Super Bowl LVIII

Tabletop exercise assessed the cybersecurity response capabilities, plans and procedures for the event This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: CISA and NFL Collaborate to Secure Super Bowl LVIII

Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023

Kaspersky said these services range from $20 per day to $10,000 a month This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023

Elusive Sandman APT Targets Telecom Giants With LuaJIT Toolkit

SentinelLabs said the group’s tactics focus on stealthy lateral movements and minimal interactions This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Elusive Sandman APT Targets Telecom Giants With LuaJIT Toolkit

#mWISE: Why Zero Days Are Set for Highest Year on Record

Experts at the mWISE conference discussed who is behind the surge in zero-day exploits This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: #mWISE: Why Zero Days Are Set for Highest Year on Record

UK Security Agency Publishes New Crypto Designs

NCSC hopes research will inform future standards This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: UK Security Agency Publishes New Crypto Designs

Apple Patches Three Actively Exploited Zero-Days

Bugs were found by Citizen Lab and Google This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Apple Patches Three Actively Exploited Zero-Days

UK-US Confirm Agreement for Personal Data Transfers

The agreement, which represents an extension to the EU-US Data Privacy Framework, will enable the free flow of personal data between the UK and US This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: UK-US Confirm Agreement for…

New Ransomware Victims Surge by 47% with Gangs Targeting Small Businesses

The Trend Micro report observed that small organizations are being increasingly targeted by ransomware gangs, including LockBit and BlackCat This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: New Ransomware Victims Surge by 47% with Gangs Targeting Small…

Bot Attack Costs Double to $86m Annually

Netacea warns of growing threat from malicious automation This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Bot Attack Costs Double to $86m Annually

Scams Now Make Up 75% of Cyber-Threats

Norton report warns generative AI is making an impact This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Scams Now Make Up 75% of Cyber-Threats

US Government in Snatch Ransomware Warning

Experts believe attacks have ramped up recently This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: US Government in Snatch Ransomware Warning

#mWISE: US to Implement Game-Changing Cyber Mandates on Medical Devices

A new legal requirement for medical devices in the US will introduce the first-ever SBOM mandate for the consumer market This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: #mWISE: US to Implement Game-Changing Cyber Mandates on Medical…

International Criminal Court Reveals Security Breach

ICC says it’s putting additional protections in place This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: International Criminal Court Reveals Security Breach

Brits Lose $9.3bn to Scams in a Year

One in 10 have suffered from fraud in past 12 months This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Brits Lose $9.3bn to Scams in a Year

#mWISE: Chinese Cyber Power Bigger Than the Rest of the World Combined

China is rising as a cyber superpower, sponsoring not just ever more highly sophisticated espionage campaigns, but also venturing into cybercrime and disinformation This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: #mWISE: Chinese Cyber Power Bigger Than…

Chinese Group Exploiting Linux Backdoor to Target Governments

The new backdoor is being used by Earth Lusca to conduct cyber-espionage campaigns, primarily against governments in Asia and the Balkans This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Chinese Group Exploiting Linux Backdoor to Target Governments

Threat Actor Claims Major TransUnion Data Breach

Database compromise dates back to March 2022 This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Threat Actor Claims Major TransUnion Data Breach

Clorox Struggling to Recover From August Cyber-Attack

US manufacturer can’t say when operations will return to normal This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Clorox Struggling to Recover From August Cyber-Attack

Microsoft AI Researchers Leak 38TB of Private Data

An overly permissive Shared Access Signature (SAS) token was to blame This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Microsoft AI Researchers Leak 38TB of Private Data

Another $40m Dispersed to Western Union Fraud Victims

Around 25,000 global victims will receive full compensation This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Another $40m Dispersed to Western Union Fraud Victims

TikTok Fined $368m For Child Data Privacy Offenses

Chinese social media giant broke GDPR several times over This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: TikTok Fined $368m For Child Data Privacy Offenses

Cloud to Blame for Almost all Security Vulnerabilities

Palo Alto Networks found that over 45% of organizations’ high-risk exposures in the cloud were due to cloud providers introducing new services This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Cloud to Blame for Almost all Security…

China’s Malicious Cyber Activity Informing War Preparations, Pentagon Says

The report says China is likely to launch destructive cyber-attacks against the US Homeland in the event of a military conflict This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: China’s Malicious Cyber Activity Informing War Preparations, Pentagon…

Pirated Software Likely Cause of Airbus Breach

Incident exposed personal information at 3200 vendors This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Pirated Software Likely Cause of Airbus Breach

Elon Musk in Hot Water With FTC Over Twitter Privacy Issues

A new court filing from the US Department of Justice suggests the billionaire “may have jeopardized data privacy and security” at Twitter, now known as X This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Elon Musk in…

Lazarus Group Blamed For $53m Heist at CoinEx

North Korean actors have become prolific crypto-thieves This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Lazarus Group Blamed For $53m Heist at CoinEx

Cloud Vulnerabilities Surge 200% in a Year

But IBM warns credential compromise is number one initial access vector This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Cloud Vulnerabilities Surge 200% in a Year

New Microsoft Teams Phishing Campaign Targets Corporate Employees

The new campaign is believed to be perpetrated by Storm-0324, which distributes the payloads of other attackers after achieving initial network compromise This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: New Microsoft Teams Phishing Campaign Targets Corporate…

MGM Criticized for Repeated Security Failures

The malware researchers’ collective Vx-underground claimed that ALPHV/BlackCat was behind the attack against the casino giant This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: MGM Criticized for Repeated Security Failures

Chilling Lack of Cyber Experts in UK Government, Finds Parliamentary Inquiry

The parliamentary inquiry heard there are “particular shortages” of cybersecurity experts in the civil service, with pay restraints a major factor This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Chilling Lack of Cyber Experts in UK Government,…

Microsoft Fixes Two Zero-Day Bugs Used in Attacks

Microsoft announces updates for around 60 CVEs This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Microsoft Fixes Two Zero-Day Bugs Used in Attacks

Windows Systems Targeted in Multi-Stage Malware Attack

According to Fortinet security expert Cara Lin, the attack begins with a phishing email This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Windows Systems Targeted in Multi-Stage Malware Attack

Cyber-criminals “Jailbreak” AI Chatbots For Malicious Ends

SlashNext research shows that most of these tools connect to jailbroken versions of public chatbots This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Cyber-criminals “Jailbreak” AI Chatbots For Malicious Ends

MGM Resorts Hit By Cyber-Attack, Systems Down

The incident disrupted key company services, impacting website, bookings and in-casino functions This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: MGM Resorts Hit By Cyber-Attack, Systems Down

Fighting Individual Ransomware Strains Fruitless, UK Agencies Suggest

The report highlights the complex supply chain involved in ransomware attacks, requiring a more holistic approach to be taken by governments This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Fighting Individual Ransomware Strains Fruitless, UK Agencies Suggest

Redfly Group Compromises National Power Grid

Symantec warns of mounting threat to critical infrastructure This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Redfly Group Compromises National Power Grid

Cuba Ransomware Group Unleashes Undetectable Malware

Kaspersky found suspicious files in December 2022 which activated the komar65 library known as BUGHATCH This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Cuba Ransomware Group Unleashes Undetectable Malware

Lazarus Group Targets macOS in Supply Chain Assault

ESET explained the impact of the supply chain attack translated to a 16.8% increase in Trojan detections This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Lazarus Group Targets macOS in Supply Chain Assault

Pentagon Urges Collaboration in Cyber Defense

Beavers emphasized ongoing modernization initiatives for IT architecture and user experience This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Pentagon Urges Collaboration in Cyber Defense

Board Members Struggling to Understand Cyber Risks

The report found that many boards struggle to challenge what they hear about cybersecurity from their organization’s CISO This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Board Members Struggling to Understand Cyber Risks

Evil Telegram Mods Removed From Google Play

Researchers warn of spyware hidden in legitimate-looking apps This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Evil Telegram Mods Removed From Google Play

Cyber-criminals Exploit GPUs in Graphic Design Software

Cisco Talos reported that the campaign has been active since at least November 2021 This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Cyber-criminals Exploit GPUs in Graphic Design Software

Google TAG Exposes North Korean Campaign Targeting Researchers

The team has discovered the exploitation of at least one zero-day flaw in the last few weeks This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Google TAG Exposes North Korean Campaign Targeting Researchers

Russian Man Handed Nine-Year Sentence for Hacking Scheme

Vladislav Klyushin hacked into US filing agents to discover non-public information about hundreds of companies on the US stock exchange This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Russian Man Handed Nine-Year Sentence for Hacking Scheme

CISA Adds Critical RocketMQ Bug to Must-Patch List

Apache flaw can enable remote command execution This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: CISA Adds Critical RocketMQ Bug to Must-Patch List

CISA Adds Critical RocketMQ Bug to Must-Patch List

Apache flaw can enable remote command execution This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: CISA Adds Critical RocketMQ Bug to Must-Patch List

API Vulnerabilities: 74% of Organizations Report Multiple Breaches

The Traceable report is based on insights from 1629 cybersecurity experts across the US, UK and EU This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: API Vulnerabilities: 74% of Organizations Report Multiple Breaches

DGA Behavior Shifts Raise Cybersecurity Concerns

Akamai found domain shifts of 50 days from expected dates, suggesting hacker-driven confusion This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: DGA Behavior Shifts Raise Cybersecurity Concerns

Zero-Day Flaw Exposes Atlas VPN User IPs

The exploit code, shared by a researcher on Reddit, demonstrates the issue This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Zero-Day Flaw Exposes Atlas VPN User IPs

UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware

These new sanctions follow a first wave in February 2023, where seven Russians involved with Trickbot and Conti were also sanctioned This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: UK and US Sanction 11 Russians Tied to…

IBM Reports Patient Data Breach at Johnson & Johnson Subsidiary

The attackers may have accessed sensitive patient information, such as health insurance and medication details This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: IBM Reports Patient Data Breach at Johnson & Johnson Subsidiary