Infosecurity News
WordPress Plugins at Risk From Polyfill Library Compromise
The attack exploits the polyfill.io domain, which was recently acquired by Funnull, a China-based entity
Microsoft Uncovers Major Flaws in Rockwell PanelView Plus
The vulnerabilities stem from manipulable custom classes in PanelView Plus
Cyber Extortion Soars: SMBs Hit Four Times Harder
Orange Cyberdefense’s latest Cy-Xplorer report shows a 77% rise in cyber extortion, with SMBs impacted 4.2 times more often than large enterprises
Half of Employees Fear Punishment for Reporting Security Mistakes
A ThinkCyber survey conducted at Infosecurity Europe 2024 found that half of employees are afraid of reporting security mistakes
New RUSI Report Exposes Psychological Toll of Ransomware, Urges Action
A new report reveals the hidden mental health toll of ransomware attacks on victims, urging a focus on well-being alongside data and system recovery
APP Fraud Singled Out as Biggest Financial Crime Threat
Payments professionals have highlighted authorized push payment (APP) fraud as the top threat facing businesses and consumers
Dozens of Arrests Disrupt €2.5m Vishing Gang
Police have arrested 54 suspected members of a vishing group who stole the life savings of scores of victims
Mobile Political Spam Surges Threefold For 2024 Election
Proofpoint highlighted how smishing, impersonation and spam are eroding trust in mobile messaging
Chrome Update Will Block Entrust Certificates by November 2024
The move follows a series of reported compliance failures and lack of progress in addressing publicly disclosed incidents
Ransomware Attack Demands Reach a Staggering $5.2m in 2024
Comparitech calculated that the average ransom demand was over $5.2m in the first six months of 2024, with 421 confirmed incidents during this period
Health Tech Execs Get Jail Time For $1bn Fraud Scheme
The former CEO and COO of a health startup will spend years in jail after conducting a large-scale fraud scheme
Cisco Patches Zero-Day Bug Used by Chinese Velvet Ant Group
Cisco has patched a zero-day vulnerability exploited by a Chinese APT group to compromise Nexus switches
Meta’s ‘Pay or Consent’ Data Model Breaches EU Law
The EU Commission said Meta’s pay or consent model means users cannot freely consent to their personal data being collected for advertising purposes
Critical OpenSSH Flaw Enables Full System Compromise
A newly discovered RCE vulnerability, which can lead to full system compromise, has put over 14 million OpenSSH server instances are potentially at risk, according to Qualys
Australian Police Arrest Suspect in Fake Wi-Fi Scam Targeting Airport Passengers
Evil twin Wi-Fi access points mimicked legitimate networks to capture personal data from unsuspecting victims who mistakenly connected to them
Cyber-Insurance Premiums Decline as Firms Build Resilience
Insurance broker Howden says premiums are falling as security best practice takes hold
Over Six Million Hit by Ransomware Breach at Infosys McCamish Systems
Outsourcer Infosys McCamish Systems has revealed millions of victims were impacted by a ransomware attack last year
TeamViewer Cyber-Attack Attributed to Russian APT Midnight Blizzard
Remote software provider TeamViewer has revealed it has been hit by a cyber-attack that it attributes to Russian state actor Midnight Blizzard
Cyber Workforce Grows 15% at Large Organizations as Security is Prioritized
From an average of one cybersecurity expert for 1285 employees in 2023, large organizations now have one for every 1086 employees, according to Wavestone
Google Thwarts Over 10,000 Attempts by Chinese Influence Operator
Google warned of high levels of activity from Chinese influence operator Dragon Bridge, which is increasingly experimenting with generative AI tools to create content