Infosecurity News
Security Experts Urge IT to Lock Down GitHub Services
A new Recorded Future report warns of growing abuse of GitHub and recommends blocking risky services
HelloFresh Fined £140K After Sending 80 Million Spam Messages
The ICO has fined HelloFresh £140,000 for breaking privacy laws with a spam marketing campaign
CISA Urges Critical Infrastructure to Patch Urgent ICS Vulnerabilities
CISA’s advisory provides mitigations for vulnerabilities in ICS products used in critical infrastructure industries like energy, manufacturing and transportation
Waiting for Your Pay Raise? Cofense Warns Against HR-Related Scams
Email security provider Cofense outlined some of the most common HR-related scams and phishing campaigns it has observed
Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise
Bitdefender researchers revealed the vulnerability allows an attacker to send commands to the thermostat and replace its firmware
Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
Millions in the UK have had their data compromised because of cyber incidents involving law firms, a recent analysis of IOC data has found
1.3 Million FNF Customers' Data Potentially Exposed in Ransomware Attack
Fidelity National Financial revealed that the ransomware attack last year potentially impacted 1.3 million customers data in an updated SEC filing
Mandiant's X Account Was Hacked in Brute-Force Password Attack
Mandiant has shared its findings following X account hijacking, firm blames misconfigured 2FA and X's policy change
NCSC Publishes Practical Security Guidance For SMBs
The UK’s National Cyber Security Centre has launched a new online security guide to help smaller organizations better manage risk
Two Ivanti Zero-Days Actively Exploited in the Wild
Ivanti has released mitigation steps after reports of active exploitation of Connect Secure and Policy Secure vulnerabilities
Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over
Law enforcement operations on cybercriminal infrastructure have proven efficient at hindering malware activity but are far from being a silver bullet, according to Recorded Future
Cyber Insecurity and Misinformation Top WEF Global Risk List
Cyber-attacks and misinformation top WEF's list of global risks, with cybercrime poised to exploit tech advancements and AI dominance raising concerns about vulnerability
Only 4% of US States Fully Prepared for Cyber-Attacks Targeting Elections
The Arctic Wolf report found that 14.3% of officials believe their state is not prepared at all to deal with election-targeted cyber incidents, including phishing and disinformation campaigns
Cyber Insurance Market to be Worth Over $90bn by 2033
Market.Us found that the global cyber insurance market will be worth $90.6bn by 2033, driven by increasing cyber-threats and growing regulations
Ukrainian “Blackjack” Hackers Take Out Russian ISP
State-backed Ukrainian hacking group Blackjack has launched a destructive attack against a Moscow-based ISP in retaliation for Kyivstar attack
Microsoft Fixes 12 RCE Bugs in January Patch Tuesday
Critical Hyper-V flaw is one of 12 remote code execution vulnerabilities fixed this Patch Tuesday
Flaw in AI Plugin Exposes 50,000 WordPress Sites to Remote Attack
The vulnerability could lead to remote code execution on affected systems
82% of Companies Struggle to Manage Security Exposure
The figure comes from XM Cyber’s 2024 State of Security Posture Report, exploring how organizations approach cybersecurity challenges
Cybersecurity Deals Boom as Investment Dips, Pinpoint Reports
2023 saw an increased number of deals in the cybersecurity industry, but the overall investment in the sector dropped, Pinpoint revealed
New Decryption Key Available for Babuk Tortilla Ransomware Victims
Cisco Talos announced that a decryption key for the Babuk Tortilla ransomware variant is available for victims to download
