Tag: www.infosecurity-magazine.com

Third-Party Risk Management Failures Expose UK Finance Sector

Orange Cyberdefense found that over half of UK financial firms suffered at least one third-party attack in 2024, linked to significant gaps in risk management strategies This article has been indexed from www.infosecurity-magazine.com Read the original article: Third-Party Risk Management…

Cybercriminals Weaponize Graphics Files in Phishing Attacks

Sophos has observed cybercriminals ramping up their use of graphics files as part of email phishing attacks to bypass conventional security protections This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybercriminals Weaponize Graphics Files in Phishing Attacks

WordPress ASE Plugin Vulnerability Threatens Site Security

Patchstack urges admins to patch new WordPress ASE plugin vulnerability that lets users restore previous admin privileges This article has been indexed from www.infosecurity-magazine.com Read the original article: WordPress ASE Plugin Vulnerability Threatens Site Security

Spanish Police Arrest Suspected NATO and US Army Hacker

Spain’s National Police force has arrested a suspected data thief who targeted government and military victims This article has been indexed from www.infosecurity-magazine.com Read the original article: Spanish Police Arrest Suspected NATO and US Army Hacker

Sophisticated Phishing Campaign Targets Ukraine’s Largest Bank

A new phishing attack by UAC-0006 has been discovered targeting PrivatBank with malicious files in password-protected archives to evade detection This article has been indexed from www.infosecurity-magazine.com Read the original article: Sophisticated Phishing Campaign Targets Ukraine’s Largest Bank

Ransomware Payments Decline 35% as Victims Resist Demands

Chainalysis found that ransomware payments fell significantly year-over-year despite a recorded increase in the number of ransomware events in 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Payments Decline 35% as Victims Resist Demands

Five Eyes Launch Guidance to Improve Edge Device Security

The UK and its Five Eyes partners have launched new security guidance for edge device manufacturers and network defenders This article has been indexed from www.infosecurity-magazine.com Read the original article: Five Eyes Launch Guidance to Improve Edge Device Security

DaggerFly-Linked Linux Malware Targets Network Appliances

DaggerFly’s Lunar Peek campaign is using a new malware strain, identified by FortiGuard Labs, to compromise Linux networks This article has been indexed from www.infosecurity-magazine.com Read the original article: DaggerFly-Linked Linux Malware Targets Network Appliances

Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA

A sophisticated phishing campaign targeting Microsoft ADFS has been observed, affecting more than 150 organizations This article has been indexed from www.infosecurity-magazine.com Read the original article: Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA

CISA Warns of Backdoor Vulnerability in Contec Patient Monitors

CISA has identified a backdoor in Contec CMS8000 devices that could allow unauthorized access to patient data and disrupt monitoring functions This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Warns of Backdoor Vulnerability in Contec Patient…

High-profile X Accounts Targeted in Phishing Campaign

Hackers hijack high-profile X accounts with phishing scams to steal credentials and promote fraudulent cryptocurrency schemes This article has been indexed from www.infosecurity-magazine.com Read the original article: High-profile X Accounts Targeted in Phishing Campaign

768 CVEs Exploited in the Wild in 2024

VulnCheck observed 768 public reports of CVEs exploited in the wild for the first time in 2024, a 20% rise compared to 2023 This article has been indexed from www.infosecurity-magazine.com Read the original article: 768 CVEs Exploited in the Wild…

UK Announces “World-First” AI Security Standard

The UK government has launched a new AI security code of practice it believes will become an ETSI standard This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Announces “World-First” AI Security Standard

Threat Actors Target Public-Facing Apps for Initial Access

Cisco Talos found that exploitation of public-facing applications made up 40% of incidents it observed in Q4 2024, marking a notable shift in initial access techniques This article has been indexed from www.infosecurity-magazine.com Read the original article: Threat Actors Target…

Tata Technologies Hit by Ransomware Attack

The Indian tech giant temporarily suspended some of its IT services, which have now been restored This article has been indexed from www.infosecurity-magazine.com Read the original article: Tata Technologies Hit by Ransomware Attack

International Operation Dismantles Cracked and Nulled Cybercrime Hubs

A global law enforcement operation has taken down infrastructure used by Cracked.io and Nulled.io, which provide cybercriminal tools and services This article has been indexed from www.infosecurity-magazine.com Read the original article: International Operation Dismantles Cracked and Nulled Cybercrime Hubs

Google Blocked 2.36 Million Policy-Violating Apps

Google Play blocked 2.36 million policy-violating apps and banned 158,000 harmful developer accounts in 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Blocked 2.36 Million Policy-Violating Apps

DeepSeek Exposed Database Leaks Sensitive Data

Researchers at Wiz uncovered a publicly accessible database belonging to Chinese GenAI provider DeepSeek that leaked sensitive data, including chat history This article has been indexed from www.infosecurity-magazine.com Read the original article: DeepSeek Exposed Database Leaks Sensitive Data

Ransomware Attack Disrupts Blood Donation Services in US

New York Blood Center Enterprises revealed that it has been hit by a ransomware attack, disrupting activities and blood drives at its centers across the country This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Attack Disrupts…

UK Organizations Boosting Cybersecurity Budgets

UK organizations are significantly increasing cybersecurity budgets, with a projected 31% growth in the next year This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Organizations Boosting Cybersecurity Budgets

AI Surge Drives Record 1205% Increase in API Vulnerabilities

AI-related API vulnerabilities surged 1,205% in 2024, with 99% tied to API flaws, according to a new report by Wallarm This article has been indexed from www.infosecurity-magazine.com Read the original article: AI Surge Drives Record 1205% Increase in API Vulnerabilities

Nation-State Hackers Abuse Gemini AI Tool

Google highlighted significant abuse of its Gemini LLM tool by nation state actors to support malicious activities, including research and malware development This article has been indexed from www.infosecurity-magazine.com Read the original article: Nation-State Hackers Abuse Gemini AI Tool

New Hellcat Ransomware Gang Employs Humiliation Tactics

Cato Networks highlighted how the recently emerged HellCat ransomware group is using novel psychological tactics to court attention and pressurize victims This article has been indexed from www.infosecurity-magazine.com Read the original article: New Hellcat Ransomware Gang Employs Humiliation Tactics

Threat Actors Exploit Government Websites for Phishing

Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections This article has been indexed from www.infosecurity-magazine.com Read the original article: Threat Actors Exploit Government Websites for Phishing

Breakout Time Accelerates 22% as Cyber-Attacks Speed Up

ReliaQuest warns threat actor innovation and infostealer activity helped to accelerate breakout time by 22% in 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Breakout Time Accelerates 22% as Cyber-Attacks Speed Up

Chinese GenAI Startup DeepSeek Sparks Global Privacy Debate

Government agencies and privacy watchdogs have started investigating the Chinese AI chatbot provider over data privacy concerns This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese GenAI Startup DeepSeek Sparks Global Privacy Debate

ENGlobal Cyber-Attack Exposes Sensitive Data

Energy contractor ENGlobal reported that sensitive personal data was stolen by threat actors, with the incident disrupting operations for six weeks This article has been indexed from www.infosecurity-magazine.com Read the original article: ENGlobal Cyber-Attack Exposes Sensitive Data

Lynx Ransomware Group Unveiled with Sophisticated Affiliate Program

Group-IB researchers have exposed the highly organized affiliate platform and sophisticated operations of the Lynx Ransomware-as-a-Service group This article has been indexed from www.infosecurity-magazine.com Read the original article: Lynx Ransomware Group Unveiled with Sophisticated Affiliate Program

58% of Ransomware Victims Forced to Shut Down Operations

A Ponemon Institute survey highlighted the growing impact of ransomware attacks on victims’ revenue and reputation This article has been indexed from www.infosecurity-magazine.com Read the original article: 58% of Ransomware Victims Forced to Shut Down Operations

Mega Data Breaches Push US Victim Count to 1.7 Billion

The number of data breach victims increased 312% annually to exceed 1.7 billion in 2024, according to the ITRC 2024 Annual Data Breach Report This article has been indexed from www.infosecurity-magazine.com Read the original article: Mega Data Breaches Push US…

British Vishing-as-a-Service Trio Sentenced

Three men have been sentenced after pleading guilty to running an account hijacking service for fraudsters This article has been indexed from www.infosecurity-magazine.com Read the original article: British Vishing-as-a-Service Trio Sentenced

Hidden Text Salting Disrupts Brand Name Detection Systems

A new phishing tactic has been identified by Cisco Talos, using hidden text salting to evade email security measures This article has been indexed from www.infosecurity-magazine.com Read the original article: Hidden Text Salting Disrupts Brand Name Detection Systems

SaaS Breaches Skyrocket 300% as Traditional Defenses Fall Short

Obsidian found that threat actors are focusing on SaaS applications to steal sensitive data, with most organizations’ security measures not set up to deal with these attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: SaaS Breaches…

New Phishing Campaign Targets Mobile Devices with Malicious PDFs

A novel phishing campaign identified by Zimperium targets mobile users with malicious PDFs, impersonating USPS to steal credentials This article has been indexed from www.infosecurity-magazine.com Read the original article: New Phishing Campaign Targets Mobile Devices with Malicious PDFs

Russian Scammers Target Crypto Influencers with Infostealers

Crazy Evil, a group of crypto scammers, exploit NFTs and cryptocurrencies with malware targeting influencers and tech professionals This article has been indexed from www.infosecurity-magazine.com Read the original article: Russian Scammers Target Crypto Influencers with Infostealers

Ransomware Gangs Linked by Shared Code and Ransom Notes

SentinelOne researchers highlighted similarities in the approaches used by the HellCat and Morpheus ransomware groups, suggesting shared infrastructure This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Gangs Linked by Shared Code and Ransom Notes

New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing

Cybercriminals are selling access to the malicious GenAI chatbot via Telegram, providing rapid assistance for a range of nefarious activities, according to Abnormal Security This article has been indexed from www.infosecurity-magazine.com Read the original article: New GhostGPT AI Chatbot Facilitates…

Trump Pardons Silk Road Founder Ulbricht

President Trump has pardoned the founder of original dark web marketplace Silk Road This article has been indexed from www.infosecurity-magazine.com Read the original article: Trump Pardons Silk Road Founder Ulbricht

PlushDaemon APT Targeted South Korean VPN Software

PlushDaemon APT hacked South Korean VPN software with SlowStepper backdoor as part of a 2023 espionage campaign This article has been indexed from www.infosecurity-magazine.com Read the original article: PlushDaemon APT Targeted South Korean VPN Software

UK’s New Digital IDs Raise Security and Privacy Fears

Security experts have outlined security and privacy concerns around the UK government’s GOV.UK Wallet, which will allow citizens to store all their ID documents in a single place This article has been indexed from www.infosecurity-magazine.com Read the original article: UK’s…

GDPR Fines Total €1.2bn in 2024

Data from DLA Piper showed a 33% year-on-year fall in GDPR fines issued in Europe in 2024, with total penalties reaching €1.2bn This article has been indexed from www.infosecurity-magazine.com Read the original article: GDPR Fines Total €1.2bn in 2024

Ukraine’s State Registers Restored Following Cyber-Attack

The December 2024 cyber-attack on the country’s state registers, was attributed to Russian military intelligence services This article has been indexed from www.infosecurity-magazine.com Read the original article: Ukraine’s State Registers Restored Following Cyber-Attack

US Sanctions Chinese Hackers for Treasury, Telecom Breaches

The US has issued sanctions against an individual and a company involved in recent high-profile compromises of government officials by Chinese state-affiliated hackers This article has been indexed from www.infosecurity-magazine.com Read the original article: US Sanctions Chinese Hackers for Treasury,…

Lazarus Group Targets Developers in New Data Theft Campaign

SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments This article has been indexed from www.infosecurity-magazine.com Read the original article: Lazarus Group Targets Developers…

Star Blizzard Targets WhatsApp in New Campaign

Microsoft highlighted a new Star Blizzard campaign targeting WhatsApp accounts, as the group adapts its TTPs following the takedown of its infrastructure by law enforcement This article has been indexed from www.infosecurity-magazine.com Read the original article: Star Blizzard Targets WhatsApp…

Hackers Use Image-Based Malware and GenAI to Evade Email Security

HP Wolf highlighted novel techniques used by attackers to bypass email protections, including embedding malicious code inside images and utilizing GenAI This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Use Image-Based Malware and GenAI to Evade…