Infosecurity News
Attack Group APT-C-60 Targets Japan Using Trusted Platforms
APT-C-60 targets Japan with phishing emails, using job application ruse and malware via Google Drive
New Bootkit “Bootkitty” Targets Linux Systems via UEFI
Bootkitty, the first Linux-targeting UEFI bootkit, bypassed kernel security in a proof-of-concept attack
New EU Commission to Unveil Healthcare Cybersecurity Plan in First 100 Days
One of the priorities of the newly-approved Von der Leyen Commission II will be to strengthen the healthcare sector’s cyber resilience
Pro-Russian Hacktivists Launch Branded Ransomware Operations
A pro-Russian hacktivist collective, CyberVolk, has launched its own ransomware-as-a-service operations, SentinelLabs has found
Russian RomCom APT Group Leverages Zero-Day Flaws in Firefox and Windows
Russia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks
Nuclear Decommissioning Authority Opens Sellafield Cyber Center
The UK’s Nuclear Decommissioning Authority has opened a new hub dedicated to cybersecurity knowledge sharing
Operation Serengeti Disrupts $193m African Cybercrime Networks
The Interpol-led Operation Serengeti has resulted in the arrest of 1000 suspects across Africa
New DDoS Campaign Exploits IoT Devices and Server Misconfigurations
DDoS campaign by Matrix targets IoT devices and servers, exploiting weak credentials and public scripts
NHS Trust Declares Major Incident for “Cybersecurity Reasons”
Wirral University Teaching Hospital has cancelled outpatient appointments as it responds to a cybersecurity incident
Darknet Services Fuel Holiday Scams and E-Commerce Exploits
Cybercriminals are ramping up scams via darknet marketplaces, selling phishing kits for $100-$1000
Aggressive Chinese APT Group Targets Governments with New Backdoors
A Trend Micro analysis of Earth Estries found that the Chinese threat actor is using new backdoors to avoid detection during espionage operations
Starbucks and Grocery Stores Face Disruption after Ransomware Attack on Blue Yonder
Supply chain management provider Blue Yonder confirmed it was hit by ransomware attack
Over a Third of Firms Struggling With Shadow AI
Some 35% of global organizations report challenges monitoring use of non-approved AI tools
UK Scam Losses Surge 50% Annually to £11.4bn
Cifas figures reveal scammers stole over £11bn from UK consumers in the past 12 months
New York Secures $11.3m from Insurance Firms in Data Breach Settlement
New York State has agreed a $11.3m settlement from two insurance firms following the breach of the personal data of over 120,000 drivers in the state
IoT Device Traffic Up 18% as Malware Attacks Surge 400%
Zscaler’s latest report finds 54.5% of IoT attacks target manufacturing, with the industry suffering more than three times the weekly attacks of other sectors
npm Package Lottie-Player Compromised in Supply Chain Attack
npm package @lottiefiles/lottie-player hacked with malicious code, draining crypto wallets via web3 pop-ups
Google Deindexes Chinese Propaganda Network
Google’s threat intelligence team uncovered four Chinese PR firms operating networks of inauthentic news sites
UK Launches AI Security Lab to Combat Russian Cyber Threats
UK Minister Pat McFadden will say in a speech at a NATO conference that adversaries are looking at using AI on the physical and cyber battlefield
Meta Shutters Two Million Scam Accounts in Two-Year Crackdown
Meta has closed down two million accounts it says were used in scams such as pig butchering