Infosecurity News

  1. Ofcom Issues Guidance for Tech Firms to Tackle Online Harms

    New Ofcom guidance is designed to help tech companies comply with their obligations around tackling illegal online harms under the Online Safety Act

  2. YouTube Creators Targeted in Global Phishing Campaign

    Over 200,000 YouTube creators have been targeted by malware-laden phishing emails with the aim of infecting their followers

  3. Russia Recruits Ukrainian Kids for Sabotage and Reconnaissance

    Ukrainian officials say Russian intelligence is using video games to trick children into helping the enemy

  4. US Uncovers North Korean IT Worker Fraud, Offers $5M Bounty

    The US Government is offering a $5 million reward for information leading to the disruption of financial mechanisms supporting North Korea following a six-year conspiracy

  5. 2024 Sees Sharp Increase in Microsoft Tool Exploits

    Sophos found observed a significant rise in Microsoft LOLbins abused by attackers in H1 2024 compared to 2023

  6. Akira and RansomHub Surge as Ransomware Claims Reach All-Time High

    Claims on ransomware groups’ data leak sites reached an all-time high in November, with 632 reported victims, according to Corvus Insurance

  7. Researchers Discover Malware Used by Nation-Sates to Attack Industrial Systems

    IOCONTROL, a custom-built IoT/OT malware, was used by Iran-affiliated groups to attack Israel- and US-based OT/IoT devices, according to Claroty

  8. ISC2 Survey Reveals Critical Gaps in Cybersecurity Leadership Skills

    ISC2 research has found that cybersecurity leaders have limited skills and training in areas like communication, strategic mindset and business acumen

  9. UK Shoppers Frustrated as Bots Snap Up Popular Christmas Gifts

    Almost three quarters of UK consumers believe bad bots are ruining Christmas by buying up popular gifts, forcing many to purchase expensive alternatives, according to Imperva research

  10. Security Flaws in WordPress Woffice Theme Prompts Urgent Update

    Two Woffice theme vulnerabilities have been identified that allow attackers to gain unauthorized access and control of unpatched websites

  11. Remcos RAT Malware Evolves with New Techniques

    Cyber-attacks involving Remcos RAT surged in Q3 2024, enabling attackers to control victim machines remotely, steal data and carry out espionage

  12. Lookout Discovers New Spyware Deployed by Russia and China

    Russian-made spyware BoneSpy and PlainGnome target former Soviet states, while public security bureaus in mainland China use Chinese surveillance tool EagleMsgSpy

  13. Insurance Worker Sentenced After Illegally Accessing Claimants’ Data

    An insurance employee has been handed a suspended sentence after illegally accessing personal information

  14. Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge

    HP Wolf reveals that 79% of IT security decision makers are lacking in crucial hardware and firmware expertise

  15. Secret Blizzard Targets Ukrainian Military with Custom Malware

    Microsoft detailed how Russian espionage group Secret Blizzard is leveraging infrastructure of other threat actors to target the Ukrainian military with custom malware

  16. Sophisticated Scam Targets UAE Residents with Fake Police Fines

    Fraudsters in UAE posed as Dubai Police, targeting citizens with fake fines via calls, emails and SMS

  17. Cyber Incident Disrupting Krispy Kreme Online Orders

    Krispy Kreme said the incident is likely to materially affect operations and short-term financial performance

  18. South Korea Takes Down Fraudulent Online Trading Network Used to Extort $6.3M

    The Korean Financial Security Institute (K-FSI) disrupted a fraudulent network that made $6.3m by stealing money from fake personal trading platforms

  19. Microsoft Azure MFA Flaw Allowed Easy Access Bypass

    Microsoft MFA flaw exposed that allowed attackers to bypass security within an hour, putting 400m Office 365 accounts at risk

  20. Operation PowerOFF Takes Down DDoS Boosters

    Operation PowerOFF has dismantled a network of 27 DDoS platforms, leading to the arrests of three administrators and the identification of over 300 users

What’s hot on Infosecurity Magazine?