Infosecurity News
Darknet Services Fuel Holiday Scams and E-Commerce Exploits
Cybercriminals are ramping up scams via darknet marketplaces, selling phishing kits for $100-$1000
Aggressive Chinese APT Group Targets Governments with New Backdoors
A Trend Micro analysis of Earth Estries found that the Chinese threat actor is using new backdoors to avoid detection during espionage operations
Starbucks and Grocery Stores Face Disruption after Ransomware Attack on Blue Yonder
Supply chain management provider Blue Yonder confirmed it was hit by ransomware attack
Over a Third of Firms Struggling With Shadow AI
Some 35% of global organizations report challenges monitoring use of non-approved AI tools
UK Scam Losses Surge 50% Annually to £11.4bn
Cifas figures reveal scammers stole over £11bn from UK consumers in the past 12 months
New York Secures $11.3m from Insurance Firms in Data Breach Settlement
New York State has agreed a $11.3m settlement from two insurance firms following the breach of the personal data of over 120,000 drivers in the state
IoT Device Traffic Up 18% as Malware Attacks Surge 400%
Zscaler’s latest report finds 54.5% of IoT attacks target manufacturing, with the industry suffering more than three times the weekly attacks of other sectors
npm Package Lottie-Player Compromised in Supply Chain Attack
npm package @lottiefiles/lottie-player hacked with malicious code, draining crypto wallets via web3 pop-ups
Google Deindexes Chinese Propaganda Network
Google’s threat intelligence team uncovered four Chinese PR firms operating networks of inauthentic news sites
UK Launches AI Security Lab to Combat Russian Cyber Threats
UK Minister Pat McFadden will say in a speech at a NATO conference that adversaries are looking at using AI on the physical and cyber battlefield
Meta Shutters Two Million Scam Accounts in Two-Year Crackdown
Meta has closed down two million accounts it says were used in scams such as pig butchering
ICO Urges More Data Sharing to Tackle Fraud Epidemic
The UK’s Information Commissioner’s Office argues that regulatory concerns shouldn’t prevent firms sharing data to stop scams
Microsoft Seizes 240 Websites to Disrupt Global Distribution of Phish Kits
Microsoft has seized 240 websites associated with the “ONXX” phishing-as-a-service operation, and has sued the developer of this service
Russian Cyber Spies Target Organizations with HatVibe and CherrySpy Malware
Russian-aligned TAG-110 uses custom tools to spy on governments, human rights groups and educational institutions in Europe and Asia
Three-Quarters of Black Friday Spam Emails Identified as Scams
Bitdefender found that 77% of Black Friday-themed spam emails in 2024 have been identified as scams, with attackers becoming more creative in their campaigns
Five Ransomware Groups Responsible for 40% of Cyber-Attacks in 2024
Corvus Insurance highlighted the growing complexity and competition within the ransomware ecosystem, with the threat level remaining elevated
MITRE Unveils Top 25 Most Critical Software Flaws
The 25 most dangerous software weaknesses between June 2023 and June 2024 are responsible for almost 32,000 vulnerabilities
Manufacturing Sector in the Crosshairs of Advanced Email Attacks
Phishing attacks, business email compromise and vendor email compromise attacks on manufacturing have surged in the past 12 months
Linux Malware WolfsBane and FireWood Linked to Gelsemium APT
New Linux malware WolfsBane and FireWood have been linked to Gelsemium APT, a cyber-espionage group targeting critical systems
Vietnam’s Infostealer Crackdown Reveals VietCredCare and DuckTail
Group-IB revealed key differences in VietCredCare and DuckTail infostealer malware targeting Facebook Business accounts
