Infosecurity News
South Korea Police Investigates Telegram Over Deepfake Porn
The Asian country’s law enforcement suspects the instant messaging app of abetting deepfake sex crimes
Verkada Facing Penalty After Hackers Viewed Sensitive Video Footage
The US FTC has proposed a $2.95m fine for security camera firm Verkada for alleged security failings that allowed hackers to access customers' video footage
Cicada3301 Ransomware Group Emerges From the Ashes of ALPHV
Truesec claims new Cicada3301 ransomware-as-a-service group could have ties to ALPHV/BlackCat and Brutus
Scores of Organizations Hit By Novel Voldemort Malware
Proofpoint has uncovered a new cyber-espionage campaign deploying new malware dubbed “Voldemort”
Published Vulnerabilities Surge by 43%
Forescout highlighted a 43% increase in published vulnerabilities in H1 2024, with attackers targeting flaws in VPNs and network infrastructure for initial access
Russian Hackers Use Commercial Spyware Exploits to Target Victims
In a campaign targeting Mongolian government websites, Russian-backed APT29 leveraged exploits previously used by spyware vendors NSO Group and Intellexa
North Korean Hackers Launch New Wave of npm Package Attacks
North Korean groups exploited npm packages in coordinated attacks, targeting developers and cryptocurrency wallet browser extensions
BlackByte Adopts New Tactics, Targets ESXi Hypervisors
BlackByte, linked to the Conti group, exploited VMware ESXi CVE-2024-37085 to control virtual machines
Unpatched CCTV Cameras Exploited to Spread Mirai Variant
Threat actors are exploiting a vulnerability found in CCTV cameras used in critical infrastructure to spread a Mirai malware variant
Surge in New Scams as Pig Butchering Dominates
Chainalysis report reveals a likely increase in new internet scams this year as fraudsters adapt to increasing enforcement efforts
Iranian Hackers Secretly Aid Ransomware Attacks on US
CISA and the FBI warned that Iranian APT group, Fox Kitten, has helped ransomware groups to attack US organizations since 2017
IT Engineer Charged For Attempting to Extort Former Employer
A virtual machine specialist was arrested after a foiled data extortion plot targeting his former employer
Ransomware Attacks Exposed 6.7 Million Records in US Schools
Ransomware attacks on US schools and colleges have surged, with 491 incidents since 2018, affecting over 8000 institutions
LummaC2 Infostealer Resurfaces With Obfuscated PowerShell Tactics
LummaC2, a C-based MaaS tool first identified in 2022, has resurfaced to exfiltrate credentials and personal data
Iran-Backed Peach Sandstorm Hackers Deploy New Tickler Backdoor
The hacking subsidiary of the Iranian Islamic Revolutionary Guard Corps (RGC) has targeted satellite, communications, oil and gas and government sectors in the US and UAE
Money Laundering Dominates UK Fraud Cases
KPMG research finds money laundering accounted for the majority of fraud cases heard in the first half of 2024
South Korean Spies Exploit WPS Office Zero-Day
ESET uncovers a South Korean cyber-espionage campaign featuring a zero-day exploit for WPS Office
Microsoft 365 Copilot Vulnerability Exposes User Data Risks
The flaw in Microsoft 365 Copilot allowed data theft using ASCII smuggling and prompt injection
MOVEit Hack Exposed Personal Data of Half Million TDECU Users
The Texas Dow Employees Credit Union told the Maine Attorney General the MOVEit data breach compromised information of over 500,000 members
FBI Flawed Data Handling Raises Security Concerns
A US Justice Department watchdog has found “significant weaknesses” in the FBI’s physical and online media storage and disposal processes
