Infosecurity News
Vulnerability in Chaty Pro Plugin Exposes 18,000 WordPress Sites
An arbitrary file upload vulnerability in the Chaty Pro plugin has been identified, affecting 18,000 WordPress sites
Attackers Target Japanese Firms with Cobalt Strike
Attackers are actively exploiting an RCE flaw in Windows PHP-CGI implementations to target Japanese firms, deploying Cobalt Strike for persistence
Cybersecurity Job Satisfaction Plummets, Women Hit Hardest
Layoffs and cutbacks have been cited as major factors in a significant drop in job satisfaction among women working in cybersecurity, according to ISC2
Six Critical Infrastructure Sectors Failing on NIS2 Compliance
Enisa identifies six sectors that it says must improve on NIS2 compliance
US Charges Members of Chinese Hacker-for-Hire Group i-Soon
The DoJ has charged Chinese government and i-Soon employees for a series of for-profit data theft campaigns
Silk Typhoon Shifts Tactics to Exploit Common IT Solutions
Chinese espionage group Silk Typhoon is increasingly exploiting common IT solutions to infiltrate networks and exfiltrate data
Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35%
Nonprofits are facing a surge in cyber-attacks as email threats rise 35%, targeting donor data and transactions
Google Introduces New AI-Powered Scam Detection Features for Android
With Android Scam Detection for messages and calls, Google wants to push scam detection further than traditional spam detection
Stress and Burnout Impacting Vast Majority of IT Pros
ISACA identified factors such as heavy workload and long hours as the primary causes of stress, while there has been high turnover of IT professionals in the past two years
Over Half of Organizations Report Serious OT Security Incidents
New SANS Institute research finds that 50% of global organizations were hit by an OT security incident in the past year
Would-be Extortionists Send “BianLian” Ransom Notes in the Mail
GuidePoint Security has received reports of multiple organizations receiving ransom letters in the mail
Private 5G Networks Face Security Risks Amid AI Adoption
Private 5G networks face security risks amid AI adoption and a lack of specialized expertise
New Cyber-Espionage Campaign Targets UAE Aviation and Transport
A cyber-espionage campaign targeting UAE aviation and transport has been identified by researchers, using customized lures to deploy Sosano malware
VMware Warns Customers to Patch Actively Exploited Zero-Day Vulnerabilities
Cloud software firm VMware has issued a critical security advisory, detailing three zero-day vulnerabilities being actively exploited in the wild
North Korean Fake IT Workers Leverage GitHub to Build Jobseeker Personas
Nisos has found six personas leveraging new and existing GitHub accounts to get developer jobs in Japan and the US
CISO Liability Risks Spur Policy Changes at 93% of Organizations
Fastly found that organizations have introduced changes such as increasing CISO participation in strategic decisions in response to growing personal liability risks
CISA Urges Government to Patch Exploited Cisco, Microsoft Flaws
CISA has added five more CVEs into its known exploited vulnerabilities catalog
Half of Online Gambling Firms Lose 10% of Revenue to Fraud
Sumsub research finds European iGaming market is losing billions to fraud each year
Attackers Leverage Microsoft Teams and Quick Assist for Access
Phishing attack exploits social engineering techniques alongside Microsoft Teams and remote access software to deploy BackConnect malware
CISA Denies Reports of Shift in Cybersecurity Posture Amid Russian Threats
The US Cybersecurity and Infrastructure Security Agency confirmed it will keep defending against Russian cyber threats to US critical infrastructure
