Infosecurity News
Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure
Russian state actor Midnight Blizzard is using fake wine tasting events as a lure to spread malware for espionage purposes, according to Check Point
NTLM Hash Exploit Targets Poland and Romania Days After Patch
An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild
Senators Urge Cyber-Threat Sharing Law Extension Before Deadline
Bipartisan support grows in Congress to extend Cybersecurity Information Sharing Act for 10 years
Identity Attacks Now Comprise a Third of Intrusions
IBM warns of infostealer surge as attackers automate credential theft and adopt AI to generate highly convincing phishing emails en masse
Microsoft Thwarts $4bn in Fraud Attempts
Microsoft has blocked fraud worth $4bn as threat actors ramp up AI use
CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension
MITRE will be able to keep running the CVE program for at least the next 11 months
Network Edge Devices the Biggest Entry Point for Attacks on SMBs
Sophos found that compromise of network edge devices, such as VPN appliances, accounted for 30% of incidents impacted SMBs in 2024
ICO Issues Merseyside-Based Law Firm £60,000 Fine After Cyber-Attack
A UK Law firm has been fined £60,000 after data stolen during a 2022 cyber-attack was published on the dark web
Hertz Data Breach Exposes Customer Information in Cleo Zero-Day Attack
Hertz has confirmed a data breach exposing customer data after a zero-day attack targeting file transfer software from Cleo Communications
China-Backed Hackers Exploit BRICKSTORM Backdoor to Spy on European Businesses
NVISO discovered new variants of the BRICKSTORM backdoor, initially designed for Linux, on Windows systems
92% of Mobile Apps Found to Use Insecure Cryptographic Methods
Study reveals 92% of mobile apps use insecure cryptographic methods, exposing millions to data risks
Scalper Bots Fueling DVSA Driving Test Black Market
DataDome warns that DYI bots are snapping up driving test places en masse
Chaos Reigns as MITRE Set to Cease CVE and CWE Operations
Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database
North Korean Hackers Exploit LinkedIn to Infect Crypto Developers with Infostealers
Posing as potential employers, Slow Pisces hackers conceal malware in coding challenges sent to cryptocurrency developers on LinkedIn
Compliance Now Biggest Cyber Challenge for UK Financial Services
Regulatory compliance and data protection were the biggest cybersecurity challenges cited by UK financial organizations, according to a Bridewell survey
Bot Traffic Overtakes Human Activity as Threat Actors Turn to AI
Thales report reveals bots now account for 51% of all web traffic, surpassing human activity
Organizations Found to Address Only 21% of GenAI-Related Vulnerabilities
Pentesting firm Cobalt has found that organizations fix less than half of exploited vulnerabilities, with just 21% of generative AI flaws addressed
LabHost Phishing Mastermind Sentenced to 8.5 Years
A UK man has been sentenced to over eight years for masterminding £100m phishing platform LabHost
Major WordPress Plugin Flaw Exploited in Under 4 Hours
Flaw in SureTriggers plugin allows unauthenticated users to create admin accounts on WordPress sites
Prodaft Offers "No Judgment" Deal to Buy Dark Web Accounts from Cybercrime Forum Users
Through the SYS Initiative, Prodaft is offering a secure, anonymous channel for individuals to share information about ongoing cybercrime activities
