Infosecurity News
Romance Scam Victims Surge in 2023
New data from Lloyds found that romance scam victims increased by 22% in 2023, with the average amount lost per incident £6937
Cloudflare Suffers Breach After Failing to Rotate Stolen Okta Credentials
Cloudflare revealed suspected nation-state attackers compromised its systems and accessed source code using credentials stolen in the Okta breach
LockBit Reigns Supreme in Soaring Ransomware Landscape
The last quarter of 2023 saw an 80% year-on-year increase in ransomware victim claims, according to ReliaQuest
US Agencies Failure to Oversee Ransomware Protections Threaten White House Goals
A GAO report found that federal agencies are not assessing whether critical infrastructure sectors are implementing NIST ransomware protection guidance
Interpol-Led Initiative Targets 1300 Suspicious IPs
Global collaborative effort focused on combating the global rise of phishing, malware and ransomware
Pump-and-Dump Schemes Make Crypto Fraudsters $240m
Chainalysis reveals that pump-and-dump schemes made Ethereum market manipulators over $240m in 2023 alone
Google’s Bazel Exposed to Command Injection Threat
Cycode stressed securing software supply chains amid complex dependencies and third-party actions
US Thwarts Volt Typhoon Cyber Espionage Campaign Through Router Disruption
US government agencies took down the botnet of Chinese APT Volt Typhoon, used to target critical infrastructure for nation-state espionage
Ivanti Releases Zero-Day Patches and Reveals Two New Bugs
Ivanti has finally released updates to fix two zero-day bugs and two new high-severity vulnerabilities
Pawn Storm’s Stealthy Net-NTLMv2 Assault Revealed
Trend Micro reported recent attacks focused on government sectors, including foreign affairs, energy, defense and transportation
EU Launches First Cybersecurity Certification for Digital Products
The voluntary scheme aims to encourage ICT providers to boost the cybersecurity of products and services across the EU
US Senators Propose Cybersecurity Agriculture Bill
The Farm and Food Cybersecurity Act has cross-party support and aims enhance the US agriculture sector’s cyber defenses
Sysdig Report Exposes 91% Failure in Runtime Scans
The research also revealed 69% of enterprises have yet to integrate AI into cloud environments
US Sanctions Egyptian IT Experts Aiding ISIS in Cybersecurity
The US said the two Egyptian nationals provided cybersecurity training and support to ISIS leadership and supporters, as well as helping enable the group to use cryptocurrency
Citibank Sued For Failing to Protect Fraud Victims
New York attorney general launches legal case against Citi for failing to reimburse or protect fraud victims
City Cyber Taskforce Launches to Secure Corporate Finance
A new initiative led by the ICAEW and NCSC launches today to improve cybersecurity during deals and investments
Schneider Electric Confirms Data Accessed in Ransomware Attack
Energy firm Schneider Electric said a ransomware incident, reportedly perpetrated by the Cactus group, has led to data being accessed from its Sustainability Business division
Orange España Breach: Dark Web Flooded With Operator Credentials
Resecurity discovered over 1572 compromised customers from RIPE, APNIC, AFRINIC and LACNIC
Alpha Ransomware Group Launches Data Leak Site on the Dark Web
Netenrich analyzed the ransom note pattern saying the group is refining their messages to victims
Rust Payloads Exploiting Ivanti Zero-Days Linked to Sophisticated Sliver Toolkit
After analyzing the 12 Rust payloads exploiting Ivanti ConnectSecure vulnerabilities, Synacktiv found they all enabled a sophisticated post-exploitation toolkit
