Infosecurity News
Manchester Law Firm Leads 15,000 to Sue Google and Microsoft over AI Data
Barings Law is planning to sue the two tech giants over numerous alleged violations of data misuse, including for AI training
UK Considers Ban on Ransomware Payments by Public Bodies
A UK government consultation has proposed banning public sector and critical infrastructure organizations from making ransomware payments to disincentivize attackers from targeting these services
Remediation Times Drop Sharply as Cyber Hygiene Take Up Surges
CISA claims US critical infrastructure providers are improving cyber hygiene and remediation activities
UK Registry Nominet Breached Via Ivanti Zero-Day
The .uk registry Nominet has been breached by a recently disclosed zero-day vulnerability in Ivanti products
Critical Infrastructure Urged to Scrutinize Product Security During Procurement
A joint government advisory has set out steps critical infrastructure firms should take to ensure any OT products they purchase are secure by design
Russian Malware Campaign Hits Central Asian Diplomatic Files
Diplomatic entities in Kazakhstan and Central Asia have been targeted by UAC-0063 using weaponized Word docs deploying HATVIBE malware
Microsoft 365 MFA Outage Fixed
Microsoft confirmed an outage of its multi-factor authentication system impacting access to Microsoft 365, causing login failures and service disruption
New Ransomware Group Uses AI to Develop Nefarious Tools
Researchers at Check Point said FunkSec operators appear to use AI for malware development
WEF Warns of Growing Cyber Inequity Amid Escalating Complexities in Cyberspace
A new WEF report highlighted growing disparities in the cyber capabilities of different types of organizations and regions
Three Russians Charged with Crypto Mixer Money Laundering
Three Russian men have been indicted on money laundering charges connected to cryptocurrency mixers
Telefonica Breach Hits 20,000 Employees and Exposes Jira Details
Telefonica has confirmed a breach of its internal ticketing system exposing more than 236,000 lines of customer data
Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer
CrowdStrike warned it had observed a phishing campaign impersonating the firm’s recruitment process to lure victims into downloading cryptominer
Slovakia Hit by Historic Cyber-Attack on Land Registry
A large-scale cyber-attack has targeted the information system of Slovakia’s land registry, impacting the management of land and property records
Medusind Breach Exposes Sensitive Patient Data
The US medical billing firm is notifying over 360,000 customers that their personal, financial and medical data may have been exposed
Fake PoC Exploit Targets Security Researchers with Infostealer
Trend Micro detailed how attackers are using a fake proof-of-concept for a critical Microsoft vulnerability, designed to steal sensitive data from security researchers
Fancy Product Designer Plugin Flaws Expose WordPress Sites
Critical Fancy Product Designer plugin flaws risk remote code execution and SQL injection attacks on WordPress sites
Japan Faces Prolonged Cyber-Attacks Linked to China’s MirrorFace
Cyber-attacks by China-linked MirrorFace targeted Japan’s national security information in major campaigns operating since 2019
PowerSchool Reportedly Pays Ransom to Prevent Student Data Leak
A school district said that PowerSchool paid a ransom to prevent the attackers releasing data it accessed of students and teachers in North America
EU Commission Liable for Breaching EU’s Own Data Protection Rules
A court has ruled the EU Commission infringed an individual’s right to the protection of their personal data by transferring their details to the US
Government Launches £1.9m Initiative to Boost UK’s Cyber Resilience
The UK government has pledged nearly £2m to 30 new Cyber Local projects designed to enhance cyber resilience
