Infosecurity News

  1. API Security in Peril as 83% of Firms Suffer Incidents

    Over 80% of UK organizations suffered an API security incident in the past year, with each costing over £400,000

  2. Bank of England U-turns on Vulnerability Disclosure Rules

    The UK’s financial regulators have discarded plans to force critical suppliers to disclose new vulnerabilities

  3. Hive0145 Targets Europe with Advanced Strela Stealer Campaigns

    Hive0145 is targeting Spain, Germany, Ukraine with Strela Stealer malware in invoice phishing tactic

  4. AI Threat to Escalate in 2025, Google Cloud Warns

    2025 could see our biggest AI fears materialize, according to a Google Cloud forecast report

  5. Lazarus Group Uses Extended Attributes for Code Smuggling in macOS

    Lazarus APT has been found smuggling malware onto macOS devices using custom extended attributes, evading detection

  6. Amazon MOVEit Leaker Claims to Be Ethical Hacker

    An individual who posted data allegedly stolen via MOVEit from Amazon and other big-name firms claims not to be malicious

  7. Microsoft Fixes Four More Zero-Days in November Patch Tuesday

    Microsoft has addressed four zero-day vulnerabilities this month, two of which have been exploited

  8. TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware

    The TA455 phishing campaign used fake job offers on LinkedIn to deploy malware

  9. Phishing Tool GoIssue Targets Developers on GitHub

    New phishing tool GoIssue targets GitHub, enabling mass phishing, and has been linked to the GitLoker extortion campaign

  10. CISOs Turn to Indemnity Insurance as Breach Pressure Mounts

    Panaseer claims 72% of security leaders are taking out personal indemnity insurance as board scrutiny increases

  11. New Citrix Zero-Day Vulnerability Allows Remote Code Execution

    watchTowr has found a flaw in Citrix’s Session Recording Manager that can be exploited to enable unauthenticated RCE against Citrix Virtual Apps and Desktops

  12. North Korea Hackers Leverage Flutter to Deliver macOS Malware

    Jamf observed North Korean attackers embedding malware within Flutter applications to target macOS devices, potentially to test a new way of weaponizing malware

  13. Energy Giant Halliburton Reveals $35m Ransomware Loss

    Halliburton has reported a $35m loss associated with an August ransomware breach

  14. WEF Introduces Framework to Strengthen Anti-Cybercrime Partnerships

    The World Economic Forum has shared recommendations on how to build on the success of existing partnerships to accelerate the disruption of cybercriminal activities

  15. New Remcos RAT Variant Targets Windows Users Via Phishing

    The new Remcos RAT variant identified in a new phishing campaign exploits CVE-2017-0199 via malicious Excel files

  16. Microsoft Visio Files Used in Sophisticated Phishing Attacks

    Researchers have uncovered a surge in phishing attacks using Visio .vsdx files to evade security scans

  17. EU Ramps Up Cyber Resilience with Major Crisis Simulation Exercise

    This year’s Blue OLEx cyber-attack drill was hosted in Italy and benefited from the new EU-CyCLONe for the first time

  18. Pensioners Warned Over Winter Fuel Payment Scam Texts

    The UK Regional Organised Crime Unit (ROCU) Network has urged the elderly to be on the lookout for scam texts offering a winter fuel subsidy

  19. Man Gets 12.5 Years for Running Bitcoin Fog Crypto Mixer

    Swedish-Russian national Roman Sterlingov has been jailed for 12 years and six months for operating notorious cryptocurrency mixer Bitcoin Fog

  20. Pro-Russian Hacktivists Target South Korea as North Korea Joins Ukraine War

    South Korea warned that pro-Russian groups have attacked government and private sector websites following the deployment of North Korean soldiers in Ukraine

What’s hot on Infosecurity Magazine?