Infosecurity News
Sophisticated TA397 Malware Targets Turkish Defense Sector
Sophisticated phishing attack targeting Turkey’s defense sector revealed TA397’s advanced tactics
Texas Tech University Data Breach Impacts 1.4 Million
The breach has affected 650,000 individuals at TTUHSC’s Lubbock campus and 815,000 at its El Paso branch
Cybercriminals Exploit Google Calendar to Spread Malicious Links
Check Point research reveals cybercriminals are using Google Calendar and Drawings to send malicious links, bypassing traditional email security
EU Sanctions Russian Cyber Actors for “Destabilizing Actions”
The EU announced sanctions against individuals and entities involved in cyber-attacks and disinformation campaigns on behalf of the Russian state
GenAI: Security Teams Demand Expertise-Driven Solutions
76% of security leaders favor cybersecurity-focused GenAI tools over domain-agnostic tools
New APIs Discovered by Attackers in Just 29 Seconds
Wallarm honeypot research finds potentially exposed APIs are being discovered within half a minute
US Unveils New National Cyber Incident Response Plan
The draft plan is designed to help businesses understand how the government will support them during a cyber incident
All Major European Financial Firms Suffer Supplier Breaches
SecurityScorecard claims 100% of Europe’s top financial services companies have suffered a supply chain breach in the past year
CISA and EPA Warn of Cyber Risks to Water System Interfaces
CISA and EPA have published guidance for operators of water and wastewater systems to protect against cyber-attacks
Deloitte Alerts Rhode Island to Significant Data Breach in RIBridges System
Rhode Island's RIBridges system has suffered a major data breach, potentially exposing personal information, with Deloitte confirming the presence of malicious software
Fake Captcha Campaign Highlights Risks of Malvertising Networks
Large-scale campaign identified by Guardio Lans and Infoblox, exploiting malvertising and fake captchas to distribute Lumma infostealer for massive theft
Amnesty Accuses Serbia of Tracking Journalists and Activists with Spyware
The Serbian authorities have been using advanced mobile forensics products made by Israeli firm Cellebrite to extract data from mobile devices illegally
Ofcom Issues Guidance for Tech Firms to Tackle Online Harms
New Ofcom guidance is designed to help tech companies comply with their obligations around tackling illegal online harms under the Online Safety Act
YouTube Creators Targeted in Global Phishing Campaign
Over 200,000 YouTube creators have been targeted by malware-laden phishing emails with the aim of infecting their followers
Russia Recruits Ukrainian Kids for Sabotage and Reconnaissance
Ukrainian officials say Russian intelligence is using video games to trick children into helping the enemy
US Uncovers North Korean IT Worker Fraud, Offers $5M Bounty
The US Government is offering a $5 million reward for information leading to the disruption of financial mechanisms supporting North Korea following a six-year conspiracy
2024 Sees Sharp Increase in Microsoft Tool Exploits
Sophos found observed a significant rise in Microsoft LOLbins abused by attackers in H1 2024 compared to 2023
Akira and RansomHub Surge as Ransomware Claims Reach All-Time High
Claims on ransomware groups’ data leak sites reached an all-time high in November, with 632 reported victims, according to Corvus Insurance
Researchers Discover Malware Used by Nation-Sates to Attack Industrial Systems
IOCONTROL, a custom-built IoT/OT malware, was used by Iran-affiliated groups to attack Israel- and US-based OT/IoT devices, according to Claroty
ISC2 Survey Reveals Critical Gaps in Cybersecurity Leadership Skills
ISC2 research has found that cybersecurity leaders have limited skills and training in areas like communication, strategic mindset and business acumen
