Infosecurity News

  1. EU Election: Pro-Russian Propaganda Exploits Meta's Failure to Moderate Political Ads

    This year’s EU election will be a stress test to see whether the newly adopted Digital Services Act can efficiently mitigate misinformation threats

  2. Ivanti Patches Two Critical Avalanche Flaws in Major Update

    Ivanti has fixed two critical vulnerabilities in its Avalanche MDM product which could lead to remote code execution

  3. Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

    Cifas reveals 14% rise in dishonest employees, driven mainly by financial necessity last year

  4. Russian Sandworm Group Using Novel Backdoor to Target Ukraine and Allies

    WithSecure researchers said it is likely Russian state group Sandworm has added a novel backdoor dubbed ‘Kapeka’ to its arsenal

  5. Report Suggests 93% of Breaches Lead to Downtime and Data Loss

    According to Pentera, firms are allocating 13% of their total IT security budgets to pentesting

  6. LeakyCLI Flaw Exposes AWS and Google Cloud Credentials

    Orca Security said the issue mirrors a previously identified vulnerability in Azure CLI

  7. Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

    An open letter signed by 50 cybersecurity practitioners requires the US Congress to support NIST in restoring operations at the National Vulnerability Database

  8. Microsoft Most Impersonated Brand in Phishing Scams

    New Check Point data found Microsoft was impersonated in 38% of all brand phishing attacks in Q1 2024, up from 33% in Q4 2024

  9. Open Source Leaders Warn of XZ Utils-Like Takeover Attempts

    Two open source organizations have revealed attempts to socially engineer project takeovers

  10. Bad Bots Drive 10% Annual Surge in Account Takeover Attacks

    Malicious bots now represent a third of all internet traffic, says Imperva

  11. Russia and Ukraine Top Inaugural World Cybercrime Index

    An international team of researchers published the first-ever index ranking countries by cybercrime threat level

  12. New LockBit Variant Exploits Self-Spreading Features

    Kaspersky also uncovered the use of the SessionGopher script to extract saved passwords

  13. Palo Alto Networks Zero-Day Flaw Exploited in Targeted Attacks

    Designated CVE-2024-3400 and with a CVSS score of 10.0, the flaw enables unauthorized actors to execute arbitrary code on affected firewalls

  14. Chipmaker Giant Nexperia Confirms Cyber-Attack Amid Ransomware Group Claims

    Nexperia confirmed its IT servers were accessed by attackers, with the Dunghill ransomware group claiming to have stolen chip designs and other sensitive documents

  15. FBI Warns of Massive Toll Services Smishing Scam

    The Feds have received thousands of complaints about phishing texts from fake road toll collection services

  16. Police Swoop on €645m Cannabis Investment Fraud Gang

    Nine arrests and millions of euros seized in bid to bust JuicyFields investment scammers

  17. CISA Urges Immediate Credential Reset After Sisense Breach

    The breach affecting business analytics provider Sisense could lead to a wide-scale supply chain attack

  18. Palo Alto Networks Warns About Critical Zero-Day in PAN-OS

    A fix for CVE-2024-3400 is scheduled on April 4, Palo Alto Networks announced

  19. Apple Boosts Spyware Alerts For Mercenary Attacks

    The revision points out companies like NSO Group, known for surveillance tools like Pegasus

  20. Data Breach Exposes 300k Taxi Passengers’ Information

    These records belonged to Dublin-based iCabbi, a dispatch and fleet management technology provider

Why not watch?

  1. Enhancing Software Supply Chain Management: A DORA-Focused Approach

  2. Auditing AI Risk: Essential Strategies for IT & Compliance Leaders

  3. Alert Fatigue: What Are You and Your Security Teams Missing?

  4. Navigating Exposures in Energy ICS Environments

What’s hot on Infosecurity Magazine?