Infosecurity News
CISA Urges Software Makers to Eliminate OS Command Injection Vulnerabilities
An alert from the CISA and the FBI has urged software manufacturers to work towards the elimination of operating system (OS) command injection vulnerabilities
Fraud Campaign Targets Russians with Fake Olympics Tickets
Operation Ticket Heist involves 700 web domains to sell fake Olympic Games tickets to a Russian-speaking audience, QuoIntelligence has found
Ransomware Surges Annually Despite Law Enforcement Takedowns
Symantec figures suggest a 9% annual increase claimed ransomware attacks
Huione Guarantee Marketplace Exposed as Front for Cybercrime
Researchers at Elliptic claim multibillion dollar Huione Guarantee platform is enabler of scams and money laundering
Smishing Triad Targets India with Fraud Surge
Smishing Triad's MO involves registering fraudulent domain names that mimic legitimate organizations
Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability
For trusted senders, the flaw is zero-click, but requires one-click interactions for untrusted ones
Ransomware Groups Prioritize Defense Evasion for Data Exfiltration
A Cisco report highlighted TTPs used by the most prominent ransomware groups to evade detection, establish persistence and exfiltrate sensitive data
Russian Media Uses AI-Powered Software to Spread Disinformation
RT leverages the Meliorator software to create fake personas on social media, US, Canadian and Dutch agencies have found
Most Security Pros Admit Shadow SaaS and AI Use
Next DLP study finds majority of security professionals have used unauthorised apps in past year
Microsoft Fixes Four Zero-Days in July Patch Tuesday
Microsoft has addressed two actively exploited and two publicly disclosed zero-day bugs this month
Cyber-Attack on Evolve Bank Exposed Data of 7.6 Million Customers
In a statement on Monday, Evolve confirmed the breach includes over 20,000 customers in Maine
Eldorado Ransomware Strikes Windows and Linux Networks
Group-IB also revealed the ransomware uses Chacha20 and RSA-OAEP for encryption
Chinese State Actor APT40 Exploits N-Day Vulnerabilities “Within Hours”
A joint government advisory warned that the Chinese state-sponsored actor APT40 is capable of immediately exploiting newly public vulnerabilities in widely used software
Avast Provides DoNex Ransomware Decryptor to Victims
Researchers at Avast found a flaw in the cryptographic schema of the DoNex ransomware and have been sending out decryptor keys to victims since March 2024
Just a Fifth of Manufacturers Have Strongest Anti-Phishing Protection
Study confirms most manufacturers with DMARC don’t have it configured to most secure policy
Ticketmaster Extortion Continues, Threat Actor Claims New Ticket Leak
Tickets to Foo Fighters, Aerosmith, Pink and Usher gigs have been leaked by a threat actor trying to extort Ticketmaster
New APT CloudSorcerer Malware Hits Russian Targets
The malware issues commands via a hardcoded charcode table and Microsoft COM object interfaces
Mekotio Trojan Targets Latin American Banking Credentials
Trend Micro said the trojan has been observed masquerading as communications from tax agencies
Cisco Warns regreSSHion Vulnerability Impacts Multiple Products
Cisco has told customers that 42 of its products are impacted by the OpenSSH regreSSHion vulnerability, with a further 51 products being investigated
Russia Blocks VPN Services in Information Crackdown
The ban comes from Russian communication watchdog Roskomnadzor, likely in a bid to control the flow of information to Russian citizens
