Infosecurity News

  1. FTC Records 50% Drop in Nuisance Calls Since 2021

    The US Federal Trade Commission is celebrating a halving of unwanted telemarketing and scam calls since 2021

  2. UK Shoppers Lost £11.5m Last Christmas, NCSC Warns

    The UK’s National Cyber Security Centre is urging shoppers to stay safe this Christmas after revealing they lost £11.5m to fraudsters in 2023

  3. Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors

    The security provider has elevated its warning about a vulnerability affecting firewall management interfaces after observing active exploitation

  4. Bitfinex Hacker Jailed for Five Years Over Billion Dollar Crypto Heist

    Ilya Lichtenstein hacked into the cryptocurrency exchange in 2016 and stole around 120,000 bitcoins

  5. watchTowr Finds New Zero-Day Vulnerability in Fortinet Products

    The new vulnerability was named “FortiJump Higher” due to its similarity with the “FortiJump” vulnerability discovered in October

  6. Ransomware Groups Use Cloud Services For Data Exfiltration

    SentinelOne described some of ransomware groups’ favorite techniques for targeting cloud services

  7. O2’s AI Granny Outsmarts Scam Callers with Knitting Tales

  8. Sitting Ducks DNS Attacks Put Global Domains at Risk

    Over 1 million domains are vulnerable to “Sitting Ducks” attack, which exploits DNS misconfigurations

  9. Microsoft Power Pages Misconfiguration Leads to Data Exposure

    Misconfigurations in Microsoft Power Pages granting excessive access permissions expose sensitive data, risking PII to unauthorized users

  10. Massive Telecom Hack Exposes US Officials to Chinese Espionage

    The FBI and CISA have confirmed that US officials’ private communications have been compromised

  11. API Security in Peril as 83% of Firms Suffer Incidents

    Over 80% of UK organizations suffered an API security incident in the past year, with each costing over £400,000

  12. Bank of England U-turns on Vulnerability Disclosure Rules

    The UK’s financial regulators have discarded plans to force critical suppliers to disclose new vulnerabilities

  13. Hive0145 Targets Europe with Advanced Strela Stealer Campaigns

    Hive0145 is targeting Spain, Germany, Ukraine with Strela Stealer malware in invoice phishing tactic

  14. AI Threat to Escalate in 2025, Google Cloud Warns

    2025 could see our biggest AI fears materialize, according to a Google Cloud forecast report

  15. Lazarus Group Uses Extended Attributes for Code Smuggling in macOS

    Lazarus APT has been found smuggling malware onto macOS devices using custom extended attributes, evading detection

  16. Amazon MOVEit Leaker Claims to Be Ethical Hacker

    An individual who posted data allegedly stolen via MOVEit from Amazon and other big-name firms claims not to be malicious

  17. Microsoft Fixes Four More Zero-Days in November Patch Tuesday

    Microsoft has addressed four zero-day vulnerabilities this month, two of which have been exploited

  18. TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware

    The TA455 phishing campaign used fake job offers on LinkedIn to deploy malware

  19. Phishing Tool GoIssue Targets Developers on GitHub

    New phishing tool GoIssue targets GitHub, enabling mass phishing, and has been linked to the GitLoker extortion campaign

  20. CISOs Turn to Indemnity Insurance as Breach Pressure Mounts

    Panaseer claims 72% of security leaders are taking out personal indemnity insurance as board scrutiny increases

Why not watch?

  1. Reinforcing Firewall Security: The Need to Adapt to Persistent Cyber Threats

  2. How to Manage Your Risks and Protect Your Financial Data

  3. Alert Fatigue: What Are You and Your Security Teams Missing?

  4. Navigating Exposures in Energy ICS Environments

What’s hot on Infosecurity Magazine?