Infosecurity News
Phobos Ransomware Family Expands With New FAUST Variant
FortiGuard said the variant was found in an Office document using a VBA script
US Senator Exposes NSA Purchase of Americans’ Internet Records
The call follows an FTC order saying data brokers must secure consent before selling user data
Nigerian 'Yahoo Boys' Behind Social Media Sextortion Surge in the US
Nigeria-based cybercriminals known as Yahoo Boys are the main drivers of a financial sextortion increase on TikTok, Instagram and Snapchat, targeting English-speaking teenagers
Microsoft Provides Defense Guidance After Nation-State Compromise
Microsoft said the Russian nation-state group Midnight Blizzard obfuscated its attack through the use of an OAuth application
Dark Web Drugs Vendor Forfeits $150m After Guilty Plea
Drug trafficker Banmeet Singh made $150m in cryptocurrency from dark web sales
CI/CD at Risk as Exploits Released For Critical Jenkins Bug
Customers are urged to patch now after exploits are released for critical vulnerability in Jenkins
Ukraine Arrests Hacker for Assisting Russian Missile Strikes
Ukraine’s security services said that the IT specialist from Kharkiv targeted government websites and provided intelligence to Russia to carry out missile strikes
New Leaks Expose Web of Iranian Intelligence and Cyber Companies
Recorded Future analyzed leaks describing the close relationship between the Iranian government and Iran-aligned APT groups
Data Privacy Week: Companies are Banning Generative AI Due to Privacy Risks
Cisco found that privacy and data security risks have led to over a quarter of organizations banning generative AI, at least temporarily, while a majority have instituted controls
China-Aligned APT Group Blackwood Unleashes NSPX30 Implant
ESET said Blackwood has been actively engaged in cyber-espionage since at least 2018
Government Security Vulnerabilities Surge By 151%, Report Finds
Bugcrowd’s latest report also recorded a 30% surge in web submissions in 2023
North Korea Hacks Crypto: More Targets, Lower Gains
A global drop in DeFi hacking gains prompted North Korean threat actors to diversify and extend their victim portfolio, Chainalysis found
Data Privacy Week: US Data Breaches Surge, 2023 Sees 78% Increase in Compromises
Over 350 million individuals were impacted by data breaches in the US in 2023 and 11% of all publicly traded companies have been compromised
Southern Water Confirms Data Breach Following Black Basta Claims
Southern Water confirmed a data breach had occurred after the Black Basta ransomware group purportedly published personal information held by the firm
Pwn2Own Contest Unearths Dozens of Zero-Day Vulnerabilities
The Zero Day Initiative’s first Pwn2Own Automotive competition has handed out over $1m for 24 zero-days
HPE Says SolarWinds Hackers Accessed its Emails
Hewlett Packard Enterprise reveals that Russian state APT29 hackers stole data from corporate mailboxes
ChatGPT Cybercrime Surge Revealed in 3000 Dark Web Posts
Kaspersky said cybercriminals are exploring schemes to implement ChatGPT in malware development
Browser Phishing Threats Grew 198% Last Year
Finding comes from Menlo Security’s recently released 2023 State of Browser Security Report
Why Bulletproof Hosting is Key to Cybercrime-as-a-Service
As a critical infrastructure service for cybercriminals, bulletproof hosting should be tracked and blocked by defenders, Intel471 argued in a new blog post
X Makes Passkeys Available for US-Based Users
X (formerly Twitter) has announced that passkeys are available as a login option for US-based users on iOS following a spate of high-profile account hijacks
