Infosecurity News
Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland
Trend Micro’s Zero Day Initiative hands out over $1m in awards for Pwn2Own competitors, who found more than 70 zero-day flaws
AI-Powered BEC Scams Zero in on Manufacturers
Vipre research reveals that 10% of emails targeting the manufacturing sector are BEC attempts
Change Healthcare Breach Affects 100 Million Americans
Updated figures from the HHS revealed that 100 million patients have been notified that their data was breached in the Change Healthcare ransomware attack
Ukraine Warns of Mass Phishing Campaign Targeting Citizens Data
CERT-UA said the phishing campaign lures victims into downloading malware used to exfiltrate files containing sensitive personal data
Irish Data Protection Watchdog Fines LinkedIn $336m
LinkedIn violated the EU’s GDPR in how it processes its users personal data for behavioral purposes
Inequity Challenges Women in Digital Trust, But Progress is Being Made
A new ISACA study reveals that pay inequity and a lack of female leadership are significant issues noted by women in the digital trust sector
MacOS-Focused Ransomware Attempts Leverage LockBit Brand
An unidentified threat actor has attempted to develop ransomware targeting macOS devices, posing as LockBit
Lazarus Group Exploits Google Chrome Flaw in New Campaign
Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware
Penn State Settles for $1.25M Over Cybersecurity Violations
Penn State will pay $1.25m for failing federal cybersecurity standards in DoD and NASA contracts
White House Issues AI National Security Memo
The National Security Memorandum on AI sets out actions for the federal government to ensure the safe, secure and trustworthy development of AI
Fortinet Confirms Exploitation of Critical FortiManager Zero-Day Vulnerability
This high-severity flaw, dubbed FortiJump by security researcher Kevin Beaumont, has been added to CISA’s KEV catalog
UK Government Introduces New Data Governance Legislation
The Data (Use and Access) Bill governs digital verification services and the use of personal data in public services, and will revamp the Information Commissioner’s Office
Cybersecurity Teams Largely Ignored in AI Policy Development
A new ISACA study has revealed that cybersecurity professionals are often overlooked in the development of AI policies
UK Government Urges Organizations to Get Cyber Essentials Certified
On the 10th anniversary since Cyber Essentials was introduced, the UK government has highlighted the impact the scheme has had in preventing attacks
New Malware WarmCookie Targets Users with Malicious Links
WarmCookie malware, aka BadSpace, spreads via malspam, malvertising and enables persistent access
Embargo Ransomware Gang Deploys Customized Defense Evasion Tools
The recently discovered Embargo ransomware group is using Rust-based custom tools to overcome victims’ security defenses, ESET researchers have observed
Former British PM Cameron Calls for Tech Engagement with China Despite Cyber Threats
Former UK PM David Cameron called for stronger defenses against Chinese cyber espionage while advocating collaboration with Beijing, coinciding with the BRICS Summit
70% of Leaders See Cyber Knowledge Gap in Employees
70% of leaders see cyber knowledge gap; AI attacks are harder to detect, 60% expect more victims
Internet Archive Secures Zendesk Account, Works Toward Full-Service Restoration
While Internet Archive’s services slowly resume, the data breach reveals the non-profit’s security failures
US Government Pledges to Cyber Threat Sharing Via TLP Protocol
The US government has issued guidance for federal agencies on the use of Traffic Light Protocol, designed to boost intelligence sharing with the cybersecurity community
