Infosecurity News
Silk Typhoon Shifts Tactics to Exploit Common IT Solutions
Chinese espionage group Silk Typhoon is increasingly exploiting common IT solutions to infiltrate networks and exfiltrate data
Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35%
Nonprofits are facing a surge in cyber-attacks as email threats rise 35%, targeting donor data and transactions
Google Introduces New AI-Powered Scam Detection Features for Android
With Android Scam Detection for messages and calls, Google wants to push scam detection further than traditional spam detection
Stress and Burnout Impacting Vast Majority of IT Pros
ISACA identified factors such as heavy workload and long hours as the primary causes of stress, while there has been high turnover of IT professionals in the past two years
Over Half of Organizations Report Serious OT Security Incidents
New SANS Institute research finds that 50% of global organizations were hit by an OT security incident in the past year
Would-be Extortionists Send “BianLian” Ransom Notes in the Mail
GuidePoint Security has received reports of multiple organizations receiving ransom letters in the mail
Private 5G Networks Face Security Risks Amid AI Adoption
Private 5G networks face security risks amid AI adoption and a lack of specialized expertise
New Cyber-Espionage Campaign Targets UAE Aviation and Transport
A cyber-espionage campaign targeting UAE aviation and transport has been identified by researchers, using customized lures to deploy Sosano malware
VMware Warns Customers to Patch Actively Exploited Zero-Day Vulnerabilities
Cloud software firm VMware has issued a critical security advisory, detailing three zero-day vulnerabilities being actively exploited in the wild
North Korean Fake IT Workers Leverage GitHub to Build Jobseeker Personas
Nisos has found six personas leveraging new and existing GitHub accounts to get developer jobs in Japan and the US
CISO Liability Risks Spur Policy Changes at 93% of Organizations
Fastly found that organizations have introduced changes such as increasing CISO participation in strategic decisions in response to growing personal liability risks
CISA Urges Government to Patch Exploited Cisco, Microsoft Flaws
CISA has added five more CVEs into its known exploited vulnerabilities catalog
Half of Online Gambling Firms Lose 10% of Revenue to Fraud
Sumsub research finds European iGaming market is losing billions to fraud each year
Attackers Leverage Microsoft Teams and Quick Assist for Access
Phishing attack exploits social engineering techniques alongside Microsoft Teams and remote access software to deploy BackConnect malware
CISA Denies Reports of Shift in Cybersecurity Posture Amid Russian Threats
The US Cybersecurity and Infrastructure Security Agency confirmed it will keep defending against Russian cyber threats to US critical infrastructure
Phishing Campaign Uses Havoc Framework to Control Infected Systems
A new phishing campaign has been identified using Havoc to control infected systems, leveraging SharePoint and Microsoft Graph API
Vodafone Trials Quantum-Safe Tech to Protect Smartphone Browsing
Telecoms provider Vodafone has developed the new proof of concept with IBM, as it seeks to implement post-quantum cryptography ahead of anticipated quantum-based attacks
ICO Launches TikTok Investigation Over Use of Children’s Data
The Information Commissioner’s Office is now investigating how TikTok uses 13–17-year-olds’ personal information
BYOVD Attacks Exploit Zero-Day in Paragon Partition Manager
Threat actors are exploiting a zero-day bug in Paragon Partition Manager's BioNTdrv.sys driver during ransomware attacks
Third-Party Attacks Drive Major Financial Losses in 2024
Data from Resilience found that third-party attacks made up 23% of material cyber insurance claims in 2024, with ransomware attacks targeting vendors a major driver
