Infosecurity News
Industrial Cyber Espionage France's Top Threat Ahead of 2024 Paris Olympics
Ransomware and destabilization attacks rose in 2023, yet France’s National Cybersecurity Agency is most concerned about a diversification of cyber espionage campaigns
Four Million WordPress Sites Vulnerable to LiteSpeed Plugin Flaw
The flaw, discovered by Patchstack, stems from a lack of input sanitization and output escaping in the plugin’s code
NIST Releases Final Version of Cybersecurity Framework 2.0
NIST has made further tweaks to Version 2.0 of its Cybersecurity Framework following feedback from the cybersecurity community
Half of IT Leaders Identify IoT as Security Weak Point
The Viakoo study also said 50% firms faced IoT cyber incidents in past year, 44% of which were severe
Most Commercial Code Contains High-Risk Open Source Bugs
Synopsys report reveals 74% of codebases now contain risky open source components
69% of Organizations Infected by Ransomware in 2023
Proofpoint found that 69% of organizations experienced a successful ransomware incident in the past year, with 60% hit on four or more occasions
Business Logic Abuse Dominates as API Attacks Surge
Imperva finds attacks targeting API business logic increased to 27% in 2023
White House Urges Tech Industry to Eliminate Memory Safety Vulnerabilities
A new White House report has urged software and hardware developers to adopt memory safe programming languages, and eliminate one of the most pervasive classes of bugs
CISA Issues Alert on APT29’s Cloud Infiltration Tactics
Known as Midnight Blizzard, the Dukes or Cozy Bear, the group has been identified as a Russian entity likely operating under the SVR
Expert Warns of Growing Android Malware Activity
Kaspersky said that in 2023, the number of mobile attacks soared to nearly 33.8 million
LockBit Takedown: What You Need to Know about Operation Cronos
What businesses should know about Operation Cronos and LockBit, one of the largest ransomware takedowns in history
Avast Faces $16.5m Fine for Unlawfully Selling User Browsing Data
The FTC order found that Avast sold browsing data to advertisers that could reveal highly sensitive insights about users, misleading them about privacy protections in the process
NCSC to Offer Cyber Governance Guidance to Boards
The UK’s National Cyber Security Centre is preparing a new cyber governance training pack for boards
U-Haul Informs Customers of Major Data Breach
Moving giant U-Haul has revealed that 67,000 customers were caught in a data breach last year
Operation Cronos: Who Are the LockBit Admins?
Law enforcement agencies involved in Operation Cronos have announced they have been in contact with the LockBit kingpin aka LockbitSupp
ICO Bans Serco Leisure's Use of Facial Recognition for Employee Attendance
The UK’s ICO has ruled Serco Leisure’s use facial recognition technology and fingerprint scanning to monitor employee attendance is in breach of data protection law
78% of Organizations Suffer Repeat Ransomware Attacks After Paying
Cybereason found that 78% of organizations who paid a ransom demand were hit by a second ransomware attack, often by the same threat actor
SMBs at Risk From SendGrid-Focused Phishing Tactics
Kaspersky explained the fraudulent emails prompted recipients to enable two-factor authentication
Change Healthcare Cyber-Attack Leads to Prescription Delays
The incident has impacted numerous Change Healthcare applications, including pharmacy, medical records
Russian-Aligned Network Doppelgänger Targets German Elections
SentinelLabs and ClearSky said the group leverage a substantial network of social media accounts
