Infosecurity News
Hertz Data Breach Exposes Customer Information in Cleo Zero-Day Attack
Hertz has confirmed a data breach exposing customer data after a zero-day attack targeting file transfer software from Cleo Communications
China-Backed Hackers Exploit BRICKSTORM Backdoor to Spy on European Businesses
NVISO discovered new variants of the BRICKSTORM backdoor, initially designed for Linux, on Windows systems
92% of Mobile Apps Found to Use Insecure Cryptographic Methods
Study reveals 92% of mobile apps use insecure cryptographic methods, exposing millions to data risks
Scalper Bots Fueling DVSA Driving Test Black Market
DataDome warns that DYI bots are snapping up driving test places en masse
Chaos Reigns as MITRE Set to Cease CVE and CWE Operations
Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database
North Korean Hackers Exploit LinkedIn to Infect Crypto Developers with Infostealers
Posing as potential employers, Slow Pisces hackers conceal malware in coding challenges sent to cryptocurrency developers on LinkedIn
Compliance Now Biggest Cyber Challenge for UK Financial Services
Regulatory compliance and data protection were the biggest cybersecurity challenges cited by UK financial organizations, according to a Bridewell survey
Bot Traffic Overtakes Human Activity as Threat Actors Turn to AI
Thales report reveals bots now account for 51% of all web traffic, surpassing human activity
Organizations Found to Address Only 21% of GenAI-Related Vulnerabilities
Pentesting firm Cobalt has found that organizations fix less than half of exploited vulnerabilities, with just 21% of generative AI flaws addressed
LabHost Phishing Mastermind Sentenced to 8.5 Years
A UK man has been sentenced to over eight years for masterminding £100m phishing platform LabHost
Major WordPress Plugin Flaw Exploited in Under 4 Hours
Flaw in SureTriggers plugin allows unauthenticated users to create admin accounts on WordPress sites
Prodaft Offers "No Judgment" Deal to Buy Dark Web Accounts from Cybercrime Forum Users
Through the SYS Initiative, Prodaft is offering a secure, anonymous channel for individuals to share information about ongoing cybercrime activities
New Malware ResolverRAT Targets Healthcare and Pharma Sectors
ResolverRAT targets healthcare organizations using advanced evasion techniques and social engineering
US Blocks Foreign Governments from Acquiring Citizen Data
The US government has implemented a program that applies export controls on data transactions to certain countries of concern, including China and Russia
Digital Certificate Lifespans to Fall to 47 Days by 2029
CA/Browser Forum members have voted in favor of shortening TLS/SSL certificate lifespans to 47 days
AI Hallucinations Create “Slopsquatting” Supply Chain Threat
Experts have warned that threat actors could hijack AI hallucinations in “slopsquatting” attacks
NVD Revamps Operations as Vulnerability Reporting Surges
The NVD program manager has announced undergoing process improvements to catch up with its growing vulnerability backlog
Google Cloud: Top 5 Priorities for Cybersecurity Leaders Today
Experts at the Google Cloud Next event set out how security teams need to adapt their focuses in the wake of trends such as rising cyber-attacks and advances in AI
Cyble Urges Critical Vulnerability Fixes Affecting Industrial Systems
Rockwell Automation, Hitachi Energy and Inaba Denki Sangyo have products affected by critical vulnerabilities carrying severity ratings as high as 9.9
Google Cloud: China Achieves “Cyber Superpower” Status
Google Cloud’s Sandra Joyce said that Chinese state actors’ advanced techniques and ability to stay undetected pose huge challenges
