Infosecurity News
Internet Archive and Wayback Machine Resurrect After DDoS Wave
Internet Archive founder confirmed the allegedly exposed data was “safe”
macOS Vulnerability Could Expose User Data, Microsoft Warns
Microsoft urges macOS users to apply a fix for the vulnerability, which it believes may be under active exploitation by the Adload malware family
Instagram Rolls Out New Sextortion Protection Measures
Instagram has announced new security features to protect users from sextortion scams, including hiding follower lists, preventing screenshots, and launching an awareness campaign
Microsoft Named Most Imitated Brand in Phishing Attacks
The Redmond-based firm was the most impersonated brand in the third quarter of 2024, while Alibaba entered the Top 10 for the first time
US Arrest Man for SEC X Account Hack
US authorities have charged a man for involvement in the SEC X account hack in January 2024, which falsely announced the approval of Bitcoin Exchange Traded Funds
Cicada3301 Ransomware Targets Critical Sectors in US and UK
Cicada3301 ransomware has targeted critical sectors in US/UK, leaking data from 30 firms in three months
US Charges Anonymous Sudan Members in DDoS Cybercrime Case
US authorities have charged two Sudanese linked to DDoS cybercrime group, Anonymous Sudan, which caused $10m in damages
Iranian Hackers Target Critical Infrastructure with Brute Force Attacks
The ongoing campaign targets multiple critical infrastructure sectors, including healthcare, government, information technology, engineering, and energy
North Korea Escalates Fake IT Worker Schemes to Extort Employers
Secureworks said it had observed a case where a fake North Korean IT contractor exfiltrated proprietary data before issuing a ransom demand to their former employer
RansomHub Overtakes LockBit as Most Prolific Ransomware Group
Symantec data reveals RansomHub claimed more attacks than any other group in Q3 2024
Two-thirds of Attributable Malware Linked to Nation States
Netskope claims 66% of malware attacks last year were backed by nation states
CISA Seeks Feedback on Upcoming Product Security Flaws Guidance
CISA is asking for feedback on future guidance outlining bad security practices in product development as part of its Secure by Design initiative
NIS2 Confusion: Concerns Over Readiness as Deadline Reached
NIS2 will be enforced as of October 17, yet many organizations and even EU member states appear completely unprepared for implementation
CISA Urges Improvements in US Software Supply Chain Transparency
CISA released the third edition of SBOM guidelines to enhance software component transparency
Ethical Hackers Embrace AI Tools Amid Rising Cyber Threats
A new Bugcrowd study shows 71% of ethical hackers now see AI boosting hacking value, up from 21% in 2023
Coffee Lovers Warned of New Starbucks Phishing Scam
Phishing emails claiming to be from Starbucks are offering recipients a "free Coffee Lovers Box" in an attempt to steal personal or install malware on devices
Cyber Threats Escalating Beyond Ability to Defend, New NCSC Head Warns
New NCSC CEO Dr Richard Horne warned in a speech that there is a widening gap between escalating threats and society’s ability to defend against them
FIDO Alliance Proposes New Passkey Exchange Standard
The new set of specifications could enable users to securely move passkeys and all other credentials across providers
Experts Play Down Significance of Chinese Quantum “Hack”
DigiCert says imminent crypto threat from quantum computing has been over-hyped
UK Government Launches AI Safety Scheme to Tackle Deepfakes
New government grants for AI safety research are designed to fund work into deepfakes and other cyber risks