Infosecurity News
US Agencies Failure to Oversee Ransomware Protections Threaten White House Goals
A GAO report found that federal agencies are not assessing whether critical infrastructure sectors are implementing NIST ransomware protection guidance
Interpol-Led Initiative Targets 1300 Suspicious IPs
Global collaborative effort focused on combating the global rise of phishing, malware and ransomware
Pump-and-Dump Schemes Make Crypto Fraudsters $240m
Chainalysis reveals that pump-and-dump schemes made Ethereum market manipulators over $240m in 2023 alone
Google’s Bazel Exposed to Command Injection Threat
Cycode stressed securing software supply chains amid complex dependencies and third-party actions
US Thwarts Volt Typhoon Cyber Espionage Campaign Through Router Disruption
US government agencies took down the botnet of Chinese APT Volt Typhoon, used to target critical infrastructure for nation-state espionage
Ivanti Releases Zero-Day Patches and Reveals Two New Bugs
Ivanti has finally released updates to fix two zero-day bugs and two new high-severity vulnerabilities
Pawn Storm’s Stealthy Net-NTLMv2 Assault Revealed
Trend Micro reported recent attacks focused on government sectors, including foreign affairs, energy, defense and transportation
EU Launches First Cybersecurity Certification for Digital Products
The voluntary scheme aims to encourage ICT providers to boost the cybersecurity of products and services across the EU
US Senators Propose Cybersecurity Agriculture Bill
The Farm and Food Cybersecurity Act has cross-party support and aims enhance the US agriculture sector’s cyber defenses
Sysdig Report Exposes 91% Failure in Runtime Scans
The research also revealed 69% of enterprises have yet to integrate AI into cloud environments
US Sanctions Egyptian IT Experts Aiding ISIS in Cybersecurity
The US said the two Egyptian nationals provided cybersecurity training and support to ISIS leadership and supporters, as well as helping enable the group to use cryptocurrency
Citibank Sued For Failing to Protect Fraud Victims
New York attorney general launches legal case against Citi for failing to reimburse or protect fraud victims
City Cyber Taskforce Launches to Secure Corporate Finance
A new initiative led by the ICAEW and NCSC launches today to improve cybersecurity during deals and investments
Schneider Electric Confirms Data Accessed in Ransomware Attack
Energy firm Schneider Electric said a ransomware incident, reportedly perpetrated by the Cactus group, has led to data being accessed from its Sustainability Business division
Orange España Breach: Dark Web Flooded With Operator Credentials
Resecurity discovered over 1572 compromised customers from RIPE, APNIC, AFRINIC and LACNIC
Alpha Ransomware Group Launches Data Leak Site on the Dark Web
Netenrich analyzed the ransom note pattern saying the group is refining their messages to victims
Rust Payloads Exploiting Ivanti Zero-Days Linked to Sophisticated Sliver Toolkit
After analyzing the 12 Rust payloads exploiting Ivanti ConnectSecure vulnerabilities, Synacktiv found they all enabled a sophisticated post-exploitation toolkit
Ransomware Incidents Hit Record High, But Law Enforcement Takedowns Slow Growth
New data from Corvus found that ransomware incidents rose by 68% in 2023 compared to 2022, but law enforcement takedowns led to a fall in Q4
FBI: Scammers Are Sending Couriers to Collect Cash From Victims
The FBI is warning the public not to fall for scams where they are urged to liquidate assets and hand them to couriers for ‘safekeeping’
UK House of Lords Calls For Legislation on Facial Recognition Tech
The House of Lords has questioned the legal basis for police use of facial recognition and wants parliament to legislate
