Infosecurity News
Cryptomining Malware Found in Popular Open Source Packages
Cryptomining malware hits popular npm packages rspack and vant, posing risks to open source tools
Interpol Identifies Over 140 Human Traffickers in New Initiative
A new digital operation has enabled Interpol to identify scores of human traffickers operating between South America and Europe
ICO Warns of Mobile Phone Festive Privacy Snafu
The Information Commissioner’s Office has warned that millions of Brits don’t know how to erase personal data from their old devices
Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe
OpenAI must also initiate a six-month public awareness campaign across Italian media, explaining how it processes personal data for AI training
Ukraine's Security Service Probes GRU-Linked Cyber-Attack on State Registers
The Security Service of Ukraine has accused Russian-linked actors of perpetrating a cyber-attack against the state registers of Ukraine
LockBit Admins Tease a New Ransomware Version
The LockBitSupp persona said LockBit 4.0 will be launched in February 2025
Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns
The FBI has issued a warning about the Hiatus RAT malware targeting Xiongmai and Hikvision web cameras and DVRs, urging users isolate these devices from networks
CISA Urges Encrypted Messaging After Salt Typhoon Hack
The US Cybersecurity and Infrastructure Security Agency recommended users turn on phishing-resistant MFA and switch to Signal-like apps for messaging
Ransomware Attackers Target Industries with Low Downtime Tolerance
A Dragos report observed 23 new ransomware groups targeting industrial organizations in Q3 2024
US Organizations Still Using Kaspersky Products Despite Ban
Bitsight found that 40% of US organizations who used Kaspersky products before the government ban came into effect still appear to be using them
EU Opens Door for AI Training Using Personal Data
The EU Data Protection Board (EDPB) published a long-awaited opinion on how GDPR should apply to AI models
New Malware Can Kill Engineering Processes in ICS Environments
Forescout identified a new type of malware capable of terminating engineering processes, used to target Siemens engineering workstations
Crypto-Hackers Steal $2.2bn as North Koreans Dominate
Mainly North Korean hackers stole over $2bn from crypto platforms in 2024, says Chainalysis
Recorded Future CEO Calls Russia’s “Undesirable” Listing a “Compliment”
Cybersecurity firm Recorded Future has been listed as an “undesirable” organization by the Prosecutor General's Office of the Russian Federation
Vulnerability Exploit Assessment Tool EPSS Exposed to Adversarial Attack
A Morphisec researcher showed how an attacker could manipulate FIRST’s Exploit Prediction Scoring System (EPSS) using AI
Interpol Calls for an End to “Pig Butchering” Terminology
Interpol wants to change the term “pig butchering” to “romance baiting”
US Government Issues Cloud Security Requirements for Federal Agencies
A CISA Directive sets out actions all US federal agencies must take to identify and secure cloud tenants in their environments
Phishing Attacks Double in 2024
SlashNext reports a 202% increase in overall phishing messages and a 703% surge in credential-based phishing attacks in 2024
New Attacks Exploit VSCode Extensions and npm Packages
Malicious campaigns targeting VSCode extensions have recently expanding to npm, risking software supply chains
Attacker Distributes DarkGate Using MS Teams Vishing Technique
Trend Micro highlighted a case where an attacker posed as a client on an MS Teams call to distribute DarkGate malware
