Infosecurity News
SAP Fixes Critical Vulnerability After Evidence of Exploitation
A maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors
M&S Shuts Down Online Orders Amid Ongoing Cyber Incident
British retailer M&S continues to tackle a cyber incident with online orders now paused for customers
Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input
Researchers have found a Chrome extension that can act on the user’s behalf by using a popular AI agent orchestration protocol
US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures
Panaseer's latest cybersecurity study revealed that US companies have paid $155M in data breach lawsuit settlements over just six months
Popular LLMs Found to Produce Vulnerable Code by Default
Backslash Security found that naïve prompts resulted in code vulnerable to at least four of the of the 10 most common vulnerabilities across popular LLMs
ELENOR-corp Ransomware Targets Healthcare Sector
ELENOR-corp ransomware, a new version of Mimic, is targeting healthcare organizations using advanced capabilities
Blue Shield of California Data Breach Affects 4.7 Million Members
A misconfigured tracking tool has exposed protected health information of 4.7 million Blue Shield members to Google Ads
Highest-Risk Security Flaw Found in Commvault Backup Solutions
A critical path traversal vulnerability in Commvault’s backup and replication solutions has been reported
Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks
While the Verizon annual report showed that ransomware is rising, it also found that ransom payments are in decline
Ransomware Attacks Fall Sharply in March
NCC Group found that ransomware attacks fell by 32% in March compared to February, but described this finding as a “red herring”
ETSI Unveils New Baseline Requirements for Securing AI
ETSI’s says new technical specification for securing AI models and systems sets international benchmark
Ofcom Lays Down the Law with Child Safety Rules for Tech Giants
Ofcom’s Protection of Children Codes and Guidance lists 40 new child safety measures for tech firms
Verizon's DBIR Reveals 34% Jump in Vulnerability Exploitation
After a 180% rise in last year’s report, the exploitation of vulnerabilities continues to grow, now accounting for 20% of all breaches
FBI Reveals “Staggering” $16.6bn Lost to Cybercrime in 2024
The FBI found that cybercrime losses climbed by 33% compared to 2023, driven by tactics like investment fraud and BEC
Vulnerability Exploitation and Credential Theft Now Top Initial Access Vectors
Mandiant’s M-Trends report found that credential theft rose significantly in 2024, driven by the growing use of infostealers
US Data Breach Victim Count Surges 26% Annually
The latest ITRC data finds breach volumes remained flat in Q1 but victim numbers increased 26% annually
M&S Grapples with Cyber Incident Affecting In-Store Services
Marks and Spencer has confirmed that it has been managing a cyber incident for the past few days which affected its contactless payments and click and collect services
Dutch Warn of “Whole of Society” Russian Cyber-Threat
Dutch intelligence report warns of growing Russian aggression with hybrid warfare
UK Romance Scams Spike 20% as Online Dating Grows
Barclays found that romance scam victims lost £8000 on average in 2024, a significant increase from the previous year
Microsoft Reports 92% Adoption Rate for Phishing-Resistant MFA Among Corporate Users
The tech giant has released its second Secure Future Initiative (SFI) progress report, showcasing its ongoing efforts to improve cybersecurity
