Infosecurity News
EU Urged to Harmonize Incident Reporting Requirements
Risk managers association FERMA has warned that new EU cyber legislation means there is an inconsistent approach to incident reporting requirements
Tech Professionals Highlight Critical AI Security Skills Gap
A new O’Reilly survey showed a shortage of AI security skills, while AI-enabled security tools become tech professionals’ top priority for the coming year
Fraud Repayment Rules Could Leave Victims Struggling, CTSI Claims
The Chartered Trading Standards Institute is concerned a new cap on fraud reimbursement is too low
Get Safe Online Launches New Scam Detector
A new scam detection tool from Get Safe Online uses AI to help individuals and small businesses protect themselves
How Confidence Between Teams Impacts Cyber Incident Outcomes
Infosecurity recently joined an Immersive Labs Cyber Drill to experience how organizations can enhance their preparedness through training and simulations
New MedusaLocker Ransomware Variant Deployed by Threat Actor
Cisco Talos has observed the financially motivated threat actor targeting organizations globally with a MedusaLocker ransomware variant called “BabyLockerKZ”
Sellafield Fined for Cybersecurity Failures at Nuclear Site
A UK court has fined Sellafield Ltd £332,500 for cybersecurity failings related to the running of the Sellafield nuclear facility
CRI Releases Guidance on Avoiding Ransomware Payments
The Counter Ransomware Initiative has released new guidance discouraging organizations from making ransomware payments
Litespeed Cache Plugin Flaw Allows XSS Attack, Update Now
The new LiteSpeed Cache flaw (CVE-2024-47374) allows unauthenticated code injection across more than six million active installations
Microsoft and US Government Disrupt Russian Star Blizzard Operations
Microsoft and the US government have collectively seized over 100 websites used by Russian nation-state actor Star Blizzard
CeranaKeeper Emerges as New Threat to Thai Government Networks
China-aligned CeranaKeeper discovered targeting Thai govt institutions using cloud services for data exfiltration
Cybersecurity Spending on the Rise, But Security Leaders Still Feel Vulnerable
A new report by Red Canary has found that while cybersecurity budgets have risen, many security leaders still feel overwhelmed by the growing threat landscape
Northern Ireland Police Data Leak Sees Service Fined by ICO
The ICO blamed the Police Service of Northern Ireland for procedural failings that exposed the personal data of 9843 personnel, putting police officers at risk
Crypto-Doubling Scams Surge Following Presidential Debate
Researchers see an uptick in crypto-doubling investment scams following the first presidential debate
Email Phishing Attacks Surge as Attackers Bypass Security Controls
Egress found that attackers are becoming more adept at bypassing email security, such as using compromised accounts and the use of commodity campaigns
FIN7 Gang Hides Malware in AI “Deepnude” Sites
Threat group FIN7 is hiding infostealer malware on sites promising AI deepnude downloads
ACSC and CISA Launch Critical OT Cybersecurity Guidelines
The ACSC, in collaboration with CISA and international partners, has released a guide for securing operational technology in critical sectors
Stonefly Group Targets US Firms With New Malware Tools
North Korean APT Stonefly continues to launch cyber-attacks on US firms despite July indictment
80% of Manufacturing Firms Have Critical Vulnerabilities
A Black Kite report found that 67% of manufacturing firms have at least one vulnerability from CISA’s Known Exploited Vulnerabilities (KEV) catalog
Meta Teams Up with Banks to Target Fraudsters
Meta has announced a new information-sharing partnership with UK financial institutions to target social media fraud
