Infosecurity News

  1. MITRE Unveils Top 25 Most Critical Software Flaws

    The 25 most dangerous software weaknesses between June 2023 and June 2024 are responsible for almost 32,000 vulnerabilities

  2. Manufacturing Sector in the Crosshairs of Advanced Email Attacks

    Phishing attacks, business email compromise and vendor email compromise attacks on manufacturing have surged in the past 12 months

  3. Linux Malware WolfsBane and FireWood Linked to Gelsemium APT

    New Linux malware WolfsBane and FireWood have been linked to Gelsemium APT, a cyber-espionage group targeting critical systems

  4. Vietnam’s Infostealer Crackdown Reveals VietCredCare and DuckTail

    Group-IB revealed key differences in VietCredCare and DuckTail infostealer malware targeting Facebook Business accounts

  5. Google OSS-Fuzz Harnesses AI to Expose 26 Hidden Security Vulnerabilities

    One of these flaws detected using LLMs was in the widely used OpenSSL library

  6. BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk

    The BianLian ransomware group has shifted exclusively to exfiltration-based extortion and is deploying multiple new TTPs for initial access and persistence

  7. Lumma Stealer Proliferation Fueled by Telegram Activity

    Spreading malware via Telegram channels allows threat actors to bypass traditional detection mechanisms and reach a broad, unsuspecting audience

  8. A Fifth of UK Enterprises “Not Sure” If NIS2 Applies

    Over a fifth of large UK businesses aren’t sure of their compliance responsibilities under the new NIS2 directive

  9. Five Charged in Scattered Spider Case

    Five men have been indicted in connection with crimes committed by the Scattered Spider group

  10. Five Privilege Escalation Flaws Found in Ubuntu needrestart

    Five LPE flaws in Ubuntu’s needrestart utility enable attackers to gain root access in versions prior to 3.8

  11. 60% of Emails with QR Codes Classified as Spam or Malicious

    60% of QR code emails are spam according findings from Cisco Talos, who also identified attackers using QR code art to bypass security filters

  12. Chinese APT Group Targets Telecom Firms Linked to Belt and Road Initiative

    CrowdStrike unveiled a new Chinese-aligned hacking group allegedly spying on telecom providers

  13. Apple Issues Emergency Security Update for Actively Exploited Vulnerabilities

    Apple has urged customers to download the security updates, which address vulnerabilities relating to the JavaScriptCore and WebKit frameworks

  14. OWASP Warns of Growing Data Exposure Risk from AI in New Top 10 List for LLMs

    OWASP has updated its Top 10 list of risks for LLMs and GenAI, upgrading several areas and introducing new categories

  15. Hackers Hijack Jupyter Servers for Sport Stream Ripping

    Aqua Security has observed threat actors using compromised Jupyter servers in a bid to illegally stream sporting events

  16. One Deepfake Digital Identity Attack Strikes Every Five Minutes

    Entrust claims deepfakes are driving a surge in digital identity fraud

  17. Cybercriminals Exploit Weekend Lull to Launch Ransomware Attacks

    Ransomware groups are targeting weekends and holidays to exploit understaffed security teams in order to get the best chance of a pay day

  18. CISA Chief Jen Easterly Set to Step Down on January 20

    Easterly and her Deputy Director Nitin Natarajan are expected to leave office before President-elect Trump names a new leadership

  19. T-Mobile Breached in Major Chinese Cyber-Attack on Telecoms

    T-Mobile was hit by Salt Typhoon, a Chinese cyber-espionage group targeting US and global telecom firms

  20. Helldown Ransomware Expands to Target VMware and Linux Systems

    Helldown ransomware has expanded its reach to target Linux and VMware systems, exploiting Zyxel firewall vulnerabilities and exfiltrating data

What’s hot on Infosecurity Magazine?