Infosecurity News
TimbreStealer Malware Targets Mexican Victims with Tax-Related Lures
The maker of the Mispadu Trojan started distributing a new infostealer with financial lures to Mexican users, Cisco Talos found
Biden Bans Mass Sale of Data to Hostile Nations
A new presidential executive order attempts to prevent the mass sales of personal data to countries like China and Russia
FBI Issues Alert on Russian Threats Targeting Ubiquiti Routers
The routers were hijacked to steal credentials, proxy traffic, and host phishing pages and custom tools
34 Million Roblox Credentials Exposed on Dark Web in Three Years
Kaspersky reported a 231% surge in compromised accounts from 4.7 million in 2021 to 15.5 million in 2023
How Security Leaders Can Break Down Barriers to Enable Digital Trust
ISACA's Rob Clyde and Pam Nigro discuss how to advance digital trust in a security context
UK ICO Vows to Safeguard Privacy in AI Era, Rules Out Bespoke Regulation
UK Information Commissioner John Edwards explains how the ICO is working to provide clarity around the lawful use of AI
Over Half of UK Firms Concerned About Insider Threats
Cifas claims that most business decision makers are worried about fraudsters targeting employees
Ads for Zero-Day Exploit Sales Surge 70% Annually
Group-IB research warns of rising use of zero-day threats in targeted attacks
Industrial Cyber Espionage France's Top Threat Ahead of 2024 Paris Olympics
Ransomware and destabilization attacks rose in 2023, yet France’s National Cybersecurity Agency is most concerned about a diversification of cyber espionage campaigns
Four Million WordPress Sites Vulnerable to LiteSpeed Plugin Flaw
The flaw, discovered by Patchstack, stems from a lack of input sanitization and output escaping in the plugin’s code
NIST Releases Final Version of Cybersecurity Framework 2.0
NIST has made further tweaks to Version 2.0 of its Cybersecurity Framework following feedback from the cybersecurity community
Half of IT Leaders Identify IoT as Security Weak Point
The Viakoo study also said 50% firms faced IoT cyber incidents in past year, 44% of which were severe
Most Commercial Code Contains High-Risk Open Source Bugs
Synopsys report reveals 74% of codebases now contain risky open source components
69% of Organizations Infected by Ransomware in 2023
Proofpoint found that 69% of organizations experienced a successful ransomware incident in the past year, with 60% hit on four or more occasions
Business Logic Abuse Dominates as API Attacks Surge
Imperva finds attacks targeting API business logic increased to 27% in 2023
White House Urges Tech Industry to Eliminate Memory Safety Vulnerabilities
A new White House report has urged software and hardware developers to adopt memory safe programming languages, and eliminate one of the most pervasive classes of bugs
CISA Issues Alert on APT29’s Cloud Infiltration Tactics
Known as Midnight Blizzard, the Dukes or Cozy Bear, the group has been identified as a Russian entity likely operating under the SVR
Expert Warns of Growing Android Malware Activity
Kaspersky said that in 2023, the number of mobile attacks soared to nearly 33.8 million
LockBit Takedown: What You Need to Know about Operation Cronos
What businesses should know about Operation Cronos and LockBit, one of the largest ransomware takedowns in history
Avast Faces $16.5m Fine for Unlawfully Selling User Browsing Data
The FTC order found that Avast sold browsing data to advertisers that could reveal highly sensitive insights about users, misleading them about privacy protections in the process