Infosecurity News
Microsoft Azure MFA Flaw Allowed Easy Access Bypass
Microsoft MFA flaw exposed that allowed attackers to bypass security within an hour, putting 400m Office 365 accounts at risk
Operation PowerOFF Takes Down DDoS Boosters
Operation PowerOFF has dismantled a network of 27 DDoS platforms, leading to the arrests of three administrators and the identification of over 300 users
US Sanctions Chinese Firm at Center of Global Firewall Hack
The US government has sanctioned Sichuan Silence and one of its employees for the mass compromise of firewalls which led to the deployment of malware and ransomware
Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day
Microsoft has patched dozens of vulnerabilities in December, including one zero-day being exploited in the wild
Zero Day in Cleo File Transfer Software Exploited En Masse
A zero-day vulnerability in Cleo file transfer software is being exploited in data theft attacks
Snowflake Pledges to Make MFA Mandatory
The multi-cloud data warehousing platform said it will completely phase out single factor authentication with passwords by November 2025
Hackers Exploit Misconfigurations in Public Websites With Improperly Exposed AWS Credentials
Hackers exploited AWS misconfigurations, leaking 2TB of sensitive data, including customer information, credentials and proprietary source code
Utility Companies Face 42% Surge in Ransomware Attacks
The utilities sector saw a 42% surge in ransomware incidents over the past year, with groups like Play focusing on targets with IT and OT systems
New AppLite Malware Targets Banking Apps in Phishing Campaign
New AppLite Banker malware targets Android devices, employing advanced phishing techniques to steal credentials and data
Scottish Parliament TV at Risk of Deepfake Attacks
Researchers found that the broad accessibility of streams of Scottish Parliamentary proceedings make them highly susceptible to deepfake attacks
Court Ruling Provides Clarity on Appeals Against ICO Fines
The UK’s privacy regulator the Information Commissioner’s Office has welcomed a Court of Appeal ruling
Heart Device Maker Artivion Suffers Ransomware Breach
Artivion has revealed in an SEC filing that it suffered a double-extortion ransomware attack
Major Drop in Cyber-Attack Reports from Large UK Financial Businesses
A Hack The Box Freedom of Information request has shown a significant drop in cyber-attacks reported to the Financial Conduct Authority (FCA) in 2024
Federal Appeals Court Upholds Law Threatening US TikTok Ban
Appeals court upheld law forcing TikTok divestiture, citing national security risks over China ties
Compromised AI Library Delivers Cryptocurrency Miner via PyPI
The compromised ultralytics AI library delivered XMRig miner via GitHub Actions exploit
Public Reprimands, an Effective Deterrent Against Data Breaches
The UK's ICO has published its findings following a two-year trial of its Public Sector Approach, which aimed to improve data protection compliance and deter data breaches
Unmasking Termite, the Ransomware Gang Claiming the Blue Yonder Attack
This new ransomware group is likely a new variant of Babuk, said Cyble threat intelligence analysts
Anna Jacques Hospital Ransomware Breach Hits 316K Patients
Massachusetts’ Anna Jacques Hospital notifies over 316,000 patients of a data breach a year ago
Phishing Scam Targets Ukrainian Defense Companies
CERT-UA has issued a warning about phishing emails targeting Ukrainian defense companies and security forces
European Police Disrupt Phone Phishing Gang with Arrests
Dutch and Belgian police have arrested eight in connection with a long-running phone phishing operation
