Infosecurity News
Phishing Attacks Double in 2024
SlashNext reports a 202% increase in overall phishing messages and a 703% surge in credential-based phishing attacks in 2024
New Attacks Exploit VSCode Extensions and npm Packages
Malicious campaigns targeting VSCode extensions have recently expanding to npm, risking software supply chains
Attacker Distributes DarkGate Using MS Teams Vishing Technique
Trend Micro highlighted a case where an attacker posed as a client on an MS Teams call to distribute DarkGate malware
Nigeria Cracks Down on Cryptocurrency Investment Fraud and Romance Scams
The suspects were apprehended in a surprise operation at their hideout in Lagos following intelligence received by Nigeria's Economic and Financial Crimes Commission
Meta Hit with Massive $263m GDPR Fine
The Irish Data Protection Commission has fined Meta $263m for a 2018 data breach impacting 29 million Facebook accounts
European Commission Opens TikTok Election Integrity Probe
The European Commission is investigating whether TikTok allowed foreign actors to influence voters during recent Romanian elections
Sophisticated TA397 Malware Targets Turkish Defense Sector
Sophisticated phishing attack targeting Turkey’s defense sector revealed TA397’s advanced tactics
Texas Tech University Data Breach Impacts 1.4 Million
The breach has affected 650,000 individuals at TTUHSC’s Lubbock campus and 815,000 at its El Paso branch
Cybercriminals Exploit Google Calendar to Spread Malicious Links
Check Point research reveals cybercriminals are using Google Calendar and Drawings to send malicious links, bypassing traditional email security
EU Sanctions Russian Cyber Actors for “Destabilizing Actions”
The EU announced sanctions against individuals and entities involved in cyber-attacks and disinformation campaigns on behalf of the Russian state
GenAI: Security Teams Demand Expertise-Driven Solutions
76% of security leaders favor cybersecurity-focused GenAI tools over domain-agnostic tools
New APIs Discovered by Attackers in Just 29 Seconds
Wallarm honeypot research finds potentially exposed APIs are being discovered within half a minute
US Unveils New National Cyber Incident Response Plan
The draft plan is designed to help businesses understand how the government will support them during a cyber incident
All Major European Financial Firms Suffer Supplier Breaches
SecurityScorecard claims 100% of Europe’s top financial services companies have suffered a supply chain breach in the past year
CISA and EPA Warn of Cyber Risks to Water System Interfaces
CISA and EPA have published guidance for operators of water and wastewater systems to protect against cyber-attacks
Deloitte Alerts Rhode Island to Significant Data Breach in RIBridges System
Rhode Island's RIBridges system has suffered a major data breach, potentially exposing personal information, with Deloitte confirming the presence of malicious software
Fake Captcha Campaign Highlights Risks of Malvertising Networks
Large-scale campaign identified by Guardio Lans and Infoblox, exploiting malvertising and fake captchas to distribute Lumma infostealer for massive theft
Amnesty Accuses Serbia of Tracking Journalists and Activists with Spyware
The Serbian authorities have been using advanced mobile forensics products made by Israeli firm Cellebrite to extract data from mobile devices illegally
Ofcom Issues Guidance for Tech Firms to Tackle Online Harms
New Ofcom guidance is designed to help tech companies comply with their obligations around tackling illegal online harms under the Online Safety Act
YouTube Creators Targeted in Global Phishing Campaign
Over 200,000 YouTube creators have been targeted by malware-laden phishing emails with the aim of infecting their followers
