Infosecurity News
Telegram Used as C2 Channel for New Golang Malware
A Golang backdoor is using Telegram as its command and control (C2) channel, an approach that makes detection harder for defenders, according to Netskope researchers
Estonian Duo Plead Guilty to $577m Crypto Ponzi Scheme
Two Estonian nationals have pleaded guilty to running a cryptocurrency-related Ponzi scheme
Palo Alto Networks and SonicWall Firewalls Under Attack
Vulnerabilities in firewalls from Palo Alto Networks and SonicWall are currently under active exploitation
Russian Hackers Target Microsoft 365 Accounts with Device Code Phishing
Volexity highlighted how Russian nation-state actors are stealing Microsoft device authentication codes to compromise accounts
UK's AI Safety Institute Rebrands Amid Government Strategy Shift
The organization becomes the AI Security Institute as the UK shifts its focus to tackling AI risks to national security
China-Linked Espionage Tools Used in Recent Ransomware Attack
Symantec found that tools previously only used by Chinese nation-state espionage actors were deployed in a ransomware attack
CISA and FBI Warn Against Buffer Overflow Vulnerabilities
US agencies have issued a new alert to eliminate buffer overflow vulnerabilities, urging memory-safe programming for secure-by-design software development
Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques
Astaroth is an advanced phishing kit using real-time credential and session cookie capture to compromise Gmail, Yahoo and Office 365 accounts
Romance Baiting Losses Surge 40% Annually
Ahead of Valentine’s Day, Chainalysis figures reveal 40% increase in losses to pig butchering, or romance baiting, scams
Russian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand Ops
Microsoft found that Russian state actor Seashell Blizzard has deployed an initial access subgroup to gain persistent access in a range of high-value global targets
EFF Leads Fight Against DOGE and Musk's Access to US Federal Workers' Data
The Electronic Frontier Foundation has requested a US federal court to block Elon Musk’s DOGE access to US Office of Personnel Management Data
North Korea Targets Crypto Devs Through NPM Packages
SecurityScorecard has uncovered a sophisticated campaign linked to North Korea’s Lazarus Group, distributing crypto-stealing malware
CHERI Security Hardware Program Essential to UK Security, Says Government
NCSC CTO Ollie Whitehouse discussed a UK government-backed project designed to secure underlying computer hardware, preventing most vulnerabilities from occurring
Romance Scams Cost Americans $697.3M Last Year
Romance scams cost Americans $697.3m in 2024, with crypto fraud schemes on the rise
Exclusive: Massive IoT Data Breach Exposes 2.7 Billion Records
Massive IoT data breach exposed 2.7 billion records including Wi-Fi credentials
Security Detection Tech Failing, Say Cyber Leaders in Regulated Industries
A new Everfox survey shows a growing consensus among regulated organizations in favor of a strategic shift away from detecting cyber threats to preventing them
Microsoft Fixes Another Two Actively Exploited Zero-Days
February Patch Tuesday sees Microsoft fix four zero-days, including two under active exploitation
US, UK and Australia Sanction Russian Bulletproof Hoster Zservers
The US and its allies have sanctioned Russian bulletproof hoster Zservers for abetting ransomware attacks
Alabama Hacker Admits Role in SEC X Account Breach
An Alabama man has admitted hacking into the US Security and Exchange Commission’s X account using SIM swap fraud to gain access
New Chinese Hacking Campaign Targets Manufacturing Firms to Steal IP
Chinese hackers are infiltrating the networks of suppliers of “sensitive” manufacturers, according to a Check Point report to be published in the coming weeks