Infosecurity News

  1. NATO Set to Build New Cyber Defense Center

    NATO members have agreed to develop a new integrated facility to help improve collective cyber-resilience

  2. CISA Urges Software Makers to Eliminate OS Command Injection Vulnerabilities

    An alert from the CISA and the FBI has urged software manufacturers to work towards the elimination of operating system (OS) command injection vulnerabilities

  3. Fraud Campaign Targets Russians with Fake Olympics Tickets

    Operation Ticket Heist involves 700 web domains to sell fake Olympic Games tickets to a Russian-speaking audience, QuoIntelligence has found

  4. Ransomware Surges Annually Despite Law Enforcement Takedowns

    Symantec figures suggest a 9% annual increase claimed ransomware attacks

  5. Huione Guarantee Marketplace Exposed as Front for Cybercrime

    Researchers at Elliptic claim multibillion dollar Huione Guarantee platform is enabler of scams and money laundering

  6. Smishing Triad Targets India with Fraud Surge

    Smishing Triad's MO involves registering fraudulent domain names that mimic legitimate organizations

  7. Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability

    For trusted senders, the flaw is zero-click, but requires one-click interactions for untrusted ones

  8. Ransomware Groups Prioritize Defense Evasion for Data Exfiltration

    A Cisco report highlighted TTPs used by the most prominent ransomware groups to evade detection, establish persistence and exfiltrate sensitive data

  9. Russian Media Uses AI-Powered Software to Spread Disinformation

    RT leverages the Meliorator software to create fake personas on social media, US, Canadian and Dutch agencies have found

  10. Most Security Pros Admit Shadow SaaS and AI Use

    Next DLP study finds majority of security professionals have used unauthorised apps in past year

  11. Microsoft Fixes Four Zero-Days in July Patch Tuesday

    Microsoft has addressed two actively exploited and two publicly disclosed zero-day bugs this month

  12. Cyber-Attack on Evolve Bank Exposed Data of 7.6 Million Customers

    In a statement on Monday, Evolve confirmed the breach includes over 20,000 customers in Maine

  13. Eldorado Ransomware Strikes Windows and Linux Networks

    Group-IB also revealed the ransomware uses Chacha20 and RSA-OAEP for encryption

  14. Chinese State Actor APT40 Exploits N-Day Vulnerabilities “Within Hours”

    A joint government advisory warned that the Chinese state-sponsored actor APT40 is capable of immediately exploiting newly public vulnerabilities in widely used software

  15. Avast Provides DoNex Ransomware Decryptor to Victims

    Researchers at Avast found a flaw in the cryptographic schema of the DoNex ransomware and have been sending out decryptor keys to victims since March 2024

  16. Just a Fifth of Manufacturers Have Strongest Anti-Phishing Protection

    Study confirms most manufacturers with DMARC don’t have it configured to most secure policy

  17. Ticketmaster Extortion Continues, Threat Actor Claims New Ticket Leak

    Tickets to Foo Fighters, Aerosmith, Pink and Usher gigs have been leaked by a threat actor trying to extort Ticketmaster

  18. New APT CloudSorcerer Malware Hits Russian Targets

    The malware issues commands via a hardcoded charcode table and Microsoft COM object interfaces

  19. Mekotio Trojan Targets Latin American Banking Credentials

    Trend Micro said the trojan has been observed masquerading as communications from tax agencies

  20. Cisco Warns regreSSHion Vulnerability Impacts Multiple Products

    Cisco has told customers that 42 of its products are impacted by the OpenSSH regreSSHion vulnerability, with a further 51 products being investigated

Why not watch?

  1. Navigating Exposures in Energy ICS Environments

  2. Enhancing Software Supply Chain Management: A DORA-Focused Approach

  3. Identifying Concentration Risk and Securing the Supply Chain

  4. Dispelling the Myths of Defense-Grade Cybersecurity

What’s hot on Infosecurity Magazine?