Infosecurity News

  1. CISA and FBI Warn Against Buffer Overflow Vulnerabilities

    US agencies have issued a new alert to eliminate buffer overflow vulnerabilities, urging memory-safe programming for secure-by-design software development

  2. Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques

    Astaroth is an advanced phishing kit using real-time credential and session cookie capture to compromise Gmail, Yahoo and Office 365 accounts

  3. Romance Baiting Losses Surge 40% Annually

    Ahead of Valentine’s Day, Chainalysis figures reveal 40% increase in losses to pig butchering, or romance baiting, scams

  4. Russian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand Ops

    Microsoft found that Russian state actor Seashell Blizzard has deployed an initial access subgroup to gain persistent access in a range of high-value global targets

  5. EFF Leads Fight Against DOGE and Musk's Access to US Federal Workers' Data

    The Electronic Frontier Foundation has requested a US federal court to block Elon Musk’s DOGE access to US Office of Personnel Management Data

  6. North Korea Targets Crypto Devs Through NPM Packages

    SecurityScorecard has uncovered a sophisticated campaign linked to North Korea’s Lazarus Group, distributing crypto-stealing malware

  7. CHERI Security Hardware Program Essential to UK Security, Says Government

    NCSC CTO Ollie Whitehouse discussed a UK government-backed project designed to secure underlying computer hardware, preventing most vulnerabilities from occurring

  8. Romance Scams Cost Americans $697.3M Last Year

    Romance scams cost Americans $697.3m in 2024, with crypto fraud schemes on the rise

  9. Exclusive: Massive IoT Data Breach Exposes 2.7 Billion Records

    Massive IoT data breach exposed 2.7 billion records including Wi-Fi credentials

  10. Security Detection Tech Failing, Say Cyber Leaders in Regulated Industries

    A new Everfox survey shows a growing consensus among regulated organizations in favor of a strategic shift away from detecting cyber threats to preventing them

  11. Microsoft Fixes Another Two Actively Exploited Zero-Days

    February Patch Tuesday sees Microsoft fix four zero-days, including two under active exploitation

  12. US, UK and Australia Sanction Russian Bulletproof Hoster Zservers

    The US and its allies have sanctioned Russian bulletproof hoster Zservers for abetting ransomware attacks

  13. Alabama Hacker Admits Role in SEC X Account Breach

    An Alabama man has admitted hacking into the US Security and Exchange Commission’s X account using SIM swap fraud to gain access

  14. New Chinese Hacking Campaign Targets Manufacturing Firms to Steal IP

    Chinese hackers are infiltrating the networks of suppliers of “sensitive” manufacturers, according to a Check Point report to be published in the coming weeks

  15. DDoS Attack Volume and Magnitude Continues to Soar

    Gcore reported a 56% year-over-year rise in DDoS attacks in H2 2024, highlighting a steep long-term growth tend for the attack technique

  16. Ransomware Gangs Increasingly Prioritize Speed and Volume in Attacks

    Ransomware groups are adopting agile techniques in a quantity-over-quality approach, according to a new report from Huntress

  17. 8Base Ransomware Site Seized, Phobos Suspects Arrested in Thailand

    Four Europeans were arrested in Phuket, believed to be members of the Phobos ransomware group

  18. Apple Mitigates “Extremely Sophisticated” Zero-Day Exploit

    Apple has patched a zero-day vulnerability being exploited in targeted attacks

  19. OpenAI Was Not Breached, Say Researchers

    Kela researchers explain that infostealers are to blame for compromised OpenAI logins

  20. BadIIS Malware Exploits IIS Servers for SEO Fraud

    Trend Micro uncovers BadIIS malware exploiting IIS servers for SEO fraud and malicious redirects

What’s hot on Infosecurity Magazine?