Infosecurity News
Alpha Ransomware Group Launches Data Leak Site on the Dark Web
Netenrich analyzed the ransom note pattern saying the group is refining their messages to victims
Rust Payloads Exploiting Ivanti Zero-Days Linked to Sophisticated Sliver Toolkit
After analyzing the 12 Rust payloads exploiting Ivanti ConnectSecure vulnerabilities, Synacktiv found they all enabled a sophisticated post-exploitation toolkit
Ransomware Incidents Hit Record High, But Law Enforcement Takedowns Slow Growth
New data from Corvus found that ransomware incidents rose by 68% in 2023 compared to 2022, but law enforcement takedowns led to a fall in Q4
FBI: Scammers Are Sending Couriers to Collect Cash From Victims
The FBI is warning the public not to fall for scams where they are urged to liquidate assets and hand them to couriers for ‘safekeeping’
UK House of Lords Calls For Legislation on Facial Recognition Tech
The House of Lords has questioned the legal basis for police use of facial recognition and wants parliament to legislate
Phobos Ransomware Family Expands With New FAUST Variant
FortiGuard said the variant was found in an Office document using a VBA script
US Senator Exposes NSA Purchase of Americans’ Internet Records
The call follows an FTC order saying data brokers must secure consent before selling user data
Nigerian 'Yahoo Boys' Behind Social Media Sextortion Surge in the US
Nigeria-based cybercriminals known as Yahoo Boys are the main drivers of a financial sextortion increase on TikTok, Instagram and Snapchat, targeting English-speaking teenagers
Microsoft Provides Defense Guidance After Nation-State Compromise
Microsoft said the Russian nation-state group Midnight Blizzard obfuscated its attack through the use of an OAuth application
Dark Web Drugs Vendor Forfeits $150m After Guilty Plea
Drug trafficker Banmeet Singh made $150m in cryptocurrency from dark web sales
CI/CD at Risk as Exploits Released For Critical Jenkins Bug
Customers are urged to patch now after exploits are released for critical vulnerability in Jenkins
Ukraine Arrests Hacker for Assisting Russian Missile Strikes
Ukraine’s security services said that the IT specialist from Kharkiv targeted government websites and provided intelligence to Russia to carry out missile strikes
New Leaks Expose Web of Iranian Intelligence and Cyber Companies
Recorded Future analyzed leaks describing the close relationship between the Iranian government and Iran-aligned APT groups
Data Privacy Week: Companies are Banning Generative AI Due to Privacy Risks
Cisco found that privacy and data security risks have led to over a quarter of organizations banning generative AI, at least temporarily, while a majority have instituted controls
China-Aligned APT Group Blackwood Unleashes NSPX30 Implant
ESET said Blackwood has been actively engaged in cyber-espionage since at least 2018
Government Security Vulnerabilities Surge By 151%, Report Finds
Bugcrowd’s latest report also recorded a 30% surge in web submissions in 2023
North Korea Hacks Crypto: More Targets, Lower Gains
A global drop in DeFi hacking gains prompted North Korean threat actors to diversify and extend their victim portfolio, Chainalysis found
Data Privacy Week: US Data Breaches Surge, 2023 Sees 78% Increase in Compromises
Over 350 million individuals were impacted by data breaches in the US in 2023 and 11% of all publicly traded companies have been compromised
Southern Water Confirms Data Breach Following Black Basta Claims
Southern Water confirmed a data breach had occurred after the Black Basta ransomware group purportedly published personal information held by the firm
Pwn2Own Contest Unearths Dozens of Zero-Day Vulnerabilities
The Zero Day Initiative’s first Pwn2Own Automotive competition has handed out over $1m for 24 zero-days
