Infosecurity News
US Uncovers North Korean IT Worker Fraud, Offers $5M Bounty
The US Government is offering a $5 million reward for information leading to the disruption of financial mechanisms supporting North Korea following a six-year conspiracy
2024 Sees Sharp Increase in Microsoft Tool Exploits
Sophos found observed a significant rise in Microsoft LOLbins abused by attackers in H1 2024 compared to 2023
Akira and RansomHub Surge as Ransomware Claims Reach All-Time High
Claims on ransomware groups’ data leak sites reached an all-time high in November, with 632 reported victims, according to Corvus Insurance
Researchers Discover Malware Used by Nation-Sates to Attack Industrial Systems
IOCONTROL, a custom-built IoT/OT malware, was used by Iran-affiliated groups to attack Israel- and US-based OT/IoT devices, according to Claroty
ISC2 Survey Reveals Critical Gaps in Cybersecurity Leadership Skills
ISC2 research has found that cybersecurity leaders have limited skills and training in areas like communication, strategic mindset and business acumen
UK Shoppers Frustrated as Bots Snap Up Popular Christmas Gifts
Almost three quarters of UK consumers believe bad bots are ruining Christmas by buying up popular gifts, forcing many to purchase expensive alternatives, according to Imperva research
Security Flaws in WordPress Woffice Theme Prompts Urgent Update
Two Woffice theme vulnerabilities have been identified that allow attackers to gain unauthorized access and control of unpatched websites
Remcos RAT Malware Evolves with New Techniques
Cyber-attacks involving Remcos RAT surged in Q3 2024, enabling attackers to control victim machines remotely, steal data and carry out espionage
Lookout Discovers New Spyware Deployed by Russia and China
Russian-made spyware BoneSpy and PlainGnome target former Soviet states, while public security bureaus in mainland China use Chinese surveillance tool EagleMsgSpy
Insurance Worker Sentenced After Illegally Accessing Claimants’ Data
An insurance employee has been handed a suspended sentence after illegally accessing personal information
Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge
HP Wolf reveals that 79% of IT security decision makers are lacking in crucial hardware and firmware expertise
Secret Blizzard Targets Ukrainian Military with Custom Malware
Microsoft detailed how Russian espionage group Secret Blizzard is leveraging infrastructure of other threat actors to target the Ukrainian military with custom malware
Sophisticated Scam Targets UAE Residents with Fake Police Fines
Fraudsters in UAE posed as Dubai Police, targeting citizens with fake fines via calls, emails and SMS
Cyber Incident Disrupting Krispy Kreme Online Orders
Krispy Kreme said the incident is likely to materially affect operations and short-term financial performance
South Korea Takes Down Fraudulent Online Trading Network Used to Extort $6.3M
The Korean Financial Security Institute (K-FSI) disrupted a fraudulent network that made $6.3m by stealing money from fake personal trading platforms
Microsoft Azure MFA Flaw Allowed Easy Access Bypass
Microsoft MFA flaw exposed that allowed attackers to bypass security within an hour, putting 400m Office 365 accounts at risk
Operation PowerOFF Takes Down DDoS Boosters
Operation PowerOFF has dismantled a network of 27 DDoS platforms, leading to the arrests of three administrators and the identification of over 300 users
US Sanctions Chinese Firm at Center of Global Firewall Hack
The US government has sanctioned Sichuan Silence and one of its employees for the mass compromise of firewalls which led to the deployment of malware and ransomware
Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day
Microsoft has patched dozens of vulnerabilities in December, including one zero-day being exploited in the wild
Zero Day in Cleo File Transfer Software Exploited En Masse
A zero-day vulnerability in Cleo file transfer software is being exploited in data theft attacks
