Infosecurity News
Investment Scams Grow, 13,000 Domains Detected in January 2024
Netcraft said the domains were found across 7000 IPs in January, a 25% increase from December 2023
Cloud Account Attacks Surged 16-Fold in 2023
Red Canary said cloud account compromise detections rose 16-fold in 2023, becoming the fourth most prevalent technique used by threat actors
New Research Exposes Security Risks in ChatGPT Plugins
Salt Security discovered GPT flaws affecting plugin installation, PluginLab and OAuth
Google to Restrict Election-Related Answers on AI Chatbot Gemini
The new restriction to Google’s AI chatbot was first implemented in India, which holds elections in April, before being rolled across other nations
Single RCE Bug Features Among 60 CVEs in March Patch Tuesday
No zero-day vulnerabilities to fix in this month’s Microsoft Patch Tuesday
Nearly 13 Million Secrets Spilled Via Public GitHub Repositories
GitGuardian claims the number of secrets exposed via GitHub has quadrupled since 2021
Study Reveals Top Vulnerabilities in Corporate Web Applications
Kaspersky said access control weaknesses and failures in data protection accounted for 70% of all flaws
US Intelligence Predicts Upcoming Cyber Threats for 2024
The Office of the Director of National Intelligence (ODNI) has unveiled an unclassified version of its Annual Threat Assessment of the US Intelligence Community
New Cloud Attack Targets Crypto CDN Meson Ahead of Launch
Sysdig said the rise of the Meson Network in blockchain signals a new frontier for attackers
Three-Quarters of Cyber Incident Victims Are Small Businesses
Three-quarters of cyber-incidents Sophos responded to involved small businesses in 2023, with attackers’ main goal being data theft
Lawmakers Slam UK Government’s “Ostrich Strategy” for Cybersecurity
An influential parliamentary committee claims government short-termism is exposing the country to ransomware catastrophe
Victims Lose $47m to Crypto Phishing Scams in February
Some 57,000 victims lost $47m in phishing scams targeting their cryptocurrency last month
Magnet Goblin Exploits Ivanti Vulnerabilities
The threat actor uses custom Linux malware to pursue financial gain, according to Check Point Research
BianLian Threat Actor Shifts Focus to Extortion-Only Tactics
GuidePoint said the threat actor gained initial access via vulnerabilities in a TeamCity server
NSA Launches Top 10 Cloud Security Mitigation Strategies
The advisory is associated with ten companion cybersecurity information sheets detailing how to implement each strategy
Third-Party Breach and Missing MFA Contributed to British Library Cyber-Attack
A British Library report found the most likely source of the incident was the compromise of third-party account credentials and no MFA was in place to stop the attackers
Telemedicine Business Owner Faces 20 Years For $136m Fraud
Nurse practitioner pleads guilty to $136m Medicare fraud plot involving her telemedicine companies
Russia’s Midnight Blizzard Accesses Microsoft Source Code
Threat group APT29 is using secrets stolen in an earlier attack to compromise Microsoft’s internal systems
Dropbox Used to Steal Credentials and Bypass MFA in Novel Phishing Campaign
Darktrace reveals a novel phishing campaign where attackers leveraged legitimate Dropbox infrastructure to steal credentials before bypassing MFA
UnitedHealth Sets Timeline to Restore Change Healthcare Systems After BlackCat Hit
UnitedHealth said it expects Change Healthcare’s key systems to be restored by March 18, amid reports it paid a $22m ransom to BlackCat
