Infosecurity News
ICO: 55% of UK Adults Have Had Data Lost or Stolen
The UK’s information commissioner claims most adults in the country have had their personal data exposed or compromised
Evasive Panda’s CloudScout Toolset Targets Taiwan
Evasive Panda’s CloudScout uses MgBot to steal session cookies, infiltrating and extracting cloud data from Taiwanese institutions
New Type of Job Scam Targets Financially Vulnerable Populations
The surge in job scams targets vulnerable individuals, mirroring pig butchering fraud tactics
Russian Malware Campaign Targets Ukrainian Recruits Via Telegram
Google researchers have observed Russian threat actor UNC5812 using a malware campaign via Telegram to access the devices of Ukrainian military recruits
Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland
Trend Micro’s Zero Day Initiative hands out over $1m in awards for Pwn2Own competitors, who found more than 70 zero-day flaws
AI-Powered BEC Scams Zero in on Manufacturers
Vipre research reveals that 10% of emails targeting the manufacturing sector are BEC attempts
Change Healthcare Breach Affects 100 Million Americans
Updated figures from the HHS revealed that 100 million patients have been notified that their data was breached in the Change Healthcare ransomware attack
Ukraine Warns of Mass Phishing Campaign Targeting Citizens Data
CERT-UA said the phishing campaign lures victims into downloading malware used to exfiltrate files containing sensitive personal data
Irish Data Protection Watchdog Fines LinkedIn $336m
LinkedIn violated the EU’s GDPR in how it processes its users personal data for behavioral purposes
Inequity Challenges Women in Digital Trust, But Progress is Being Made
A new ISACA study reveals that pay inequity and a lack of female leadership are significant issues noted by women in the digital trust sector
MacOS-Focused Ransomware Attempts Leverage LockBit Brand
An unidentified threat actor has attempted to develop ransomware targeting macOS devices, posing as LockBit
Lazarus Group Exploits Google Chrome Flaw in New Campaign
Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware
Penn State Settles for $1.25M Over Cybersecurity Violations
Penn State will pay $1.25m for failing federal cybersecurity standards in DoD and NASA contracts
White House Issues AI National Security Memo
The National Security Memorandum on AI sets out actions for the federal government to ensure the safe, secure and trustworthy development of AI
Fortinet Confirms Exploitation of Critical FortiManager Zero-Day Vulnerability
This high-severity flaw, dubbed FortiJump by security researcher Kevin Beaumont, has been added to CISA’s KEV catalog
UK Government Introduces New Data Governance Legislation
The Data (Use and Access) Bill governs digital verification services and the use of personal data in public services, and will revamp the Information Commissioner’s Office
Cybersecurity Teams Largely Ignored in AI Policy Development
A new ISACA study has revealed that cybersecurity professionals are often overlooked in the development of AI policies
UK Government Urges Organizations to Get Cyber Essentials Certified
On the 10th anniversary since Cyber Essentials was introduced, the UK government has highlighted the impact the scheme has had in preventing attacks
New Malware WarmCookie Targets Users with Malicious Links
WarmCookie malware, aka BadSpace, spreads via malspam, malvertising and enables persistent access
Embargo Ransomware Gang Deploys Customized Defense Evasion Tools
The recently discovered Embargo ransomware group is using Rust-based custom tools to overcome victims’ security defenses, ESET researchers have observed
