Infosecurity News

  1. Magecart Hackers Hide in 404 Error Pages

    Akamai spots new digital skimming campaign

  2. MGM Resorts Reveals Over $100M in Costs After Ransomware Attack

    In an SEC 8-K filing published last Thursday, the company cited operational disruptions

  3. Google Bug Bounty Program Expands to Chrome V8, Google Cloud

    Google has launched capture the flag (CTF) competitions focused on Chrome’s V8 JavaScript engine and Google Cloud’s kernel-based virtual machine (KVM)

  4. DNA Tester 23andMe Hit By Credential Stuffing Campaign

    Threat actor offers to sell DNA profiles of ‘millions’

  5. Blackbaud Settles Ransomware Breach Case For $49.5m

    Thousands of non-profit customers were affected

  6. Social Dominates as Victims Take $2.7bn Fraud Hit

    Social media is number one channel for fraud, says FTC

  7. AWS to Mandate Multi-Factor Authentication from 2024

    Move is designed to mitigate risk of account takeover

  8. Qakbot Gang Still Active Despite FBI Takedown

    Cisco Talos found new evidence that Qakbot-affiliated actors were still distributing ransomware despite the August FBI takedown of the threat group

  9. CISA and NSA Publish Top 10 Misconfigurations

    Data was compiled from real-world read and blue team engagements

  10. Apple Issues Emergency Patches for More Zero-Day Bugs

    One is being exploited in the wild

  11. CISA and NSA Tackle IAM Security Challenges in New Report

    The document is authored by the Enduring Security Framework

  12. Critical Glibc Bug Puts Linux Distributions at Risk

    Qualys identified and exploited the vulnerability in Fedora 37/38, Ubuntu 22.04/23.04, Debian 12/13

  13. China Poised to Disrupt US Critical Infrastructure with Cyber-Attacks, Microsoft Warns

    Microsoft’s annual digital defense report found a rise in Chinese state-affiliated groups attempting to infiltrate sectors like medical infrastructure and telecommunication

  14. Record Numbers of Ransomware Victims Named on Leak Sites

    A new Secureworks report finds that 2023 is on course to be the biggest year on record for victim naming on ‘name and shame’ sites

  15. Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers

    CloudSEK warns 100,000 victims may have been impacted

  16. US Government Proposes SBOM Rules for Contractors

    Public comment open until December 4

  17. GoldDigger Android Trojan Drains Victim Bank Accounts

    Researchers warn of phishing links leading to spoofed Google Play pages

  18. LightSpy iPhone Spyware Linked to Chinese APT41 Group

    ThreatFabric found evidence that LighSpy is linked to Android spyware DragonEgg, attributed to the Chinese-sponsored group

  19. EvilProxy Phishing Attack Strikes Indeed, Targets Executives

    Menlo Labs brought this discovery to light in an advisory published on Tuesday

  20. Malware-Infected Devices Sold Through Major Retailers

    The BADBOX scheme deploys the Triada malware on various devices like smartphones and tablets

Why not watch?

  1. Auditing AI Risk: Essential Strategies for IT & Compliance Leaders

  2. New Cyber Regulations: What it Means for UK and EU Businesses

  3. Identifying Concentration Risk and Securing the Supply Chain

  4. Navigating Exposures in Energy ICS Environments

What’s hot on Infosecurity Magazine?