Infosecurity News
Spyware Vendors' Nebulous Ecosystem Helps Them Evade Sanctions
The secret web of at least 435 entities across 42 countries making up the spyware landscape facilitates unpunished security and human rights violations, the Atlantic Council found
US and Allies Accuse Russian Military of Destructive Cyber-Attacks
The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyber-attacks against critical infrastructure globally
PyPI Revival Hijack Puts Thousands of Applications at Risk
Revival Hijack Python Package Index supply chain attack threatens 22,000 packages through malicious downloads
Security Budgets Come Under Pressure as “Hypergrowth” Ends
Despite rising threats researchers find a third of firms see flat or falling security budgets and hiring slows
UK Signs Council of Europe AI Convention
The first legally binding international treaty on AI was adopted by all 46 Council of Europe member states in May 2024
Cisco Warns of Critical Vulnerabilities in Smart Licensing Utility
Cisco has urged customers to apply software updates to fix the critical vulnerabilities, which could allow attackers to collect sensitive data or administer services
Researcher Finds Unfixable Yet Tricky to Exploit Flaw in Yubikeys
A security flaw exploiting side channel attacks means some Yubikeys can be cloned
OnlyFans Hackers Targeted With Infostealer Malware
Hackers interested in targeting OnlyFans users have themselves been singled out by an infostealing campaign
Russian Blamed For Mass Disinformation Campaign Ahead of US Election
The DoJ says Russia paid a US company $10m to post disinformation that attracted millions of views online
US Government Set Out to Improve Internet Routing Security
The US White House Office of the National Cyber Director proposes improving internet security by protecting the Border Gateway Protocol
North Korea Targeting Crypto Industry, Says FBI
US law enforcement is tracking aggressive social engineering attacks against cryptocurrency operations
Red Teaming Tool Abused for Malware Deployment
Cisco Talos has assessed that red teaming tool MacroPack is being abused by various threat actors in different geographies to deploy malware
Clearview AI Fined €30.5m by Dutch Watchdog Over Illegal Data Collection
The US-based facial recognition data company may even have to pay up to €5.1m in penalties for non-compliance
Initial Access Brokers Target $2bn Revenue Companies
Cyberint claims that initial access brokers target companies with average revenue of nearly $2bn
APP Fraud Dominates as Scams Hit All-Time High
UK’s Financial Ombudsman warns fraud and scams hit a record high in Q2 2024
Civil Rights Groups Call For Spyware Controls
Civil society and journalists’ organizations in Europe ask the EU to take steps to regulate spyware technologies
Rapid Growth of Password Reset Attacks Boosts Fraud and Account Takeovers
Researchers say password reset attacks have grown fourfold in the last year and one in four password reset attempts are fraudulent
Active Ransomware Groups Surge by 56% in 2024
Searchlight Cyber observed a 56% rise in active ransomware groups in H1 2024, demonstrating the growing fragmentation of the ransomware landscape
Palo Alto's GlobalProtect VPN Spoofed to Deliver New Malware Variant
A variant of the WikiLoader malware was observed being delivered via SEO poisoning and spoofing Palo Alto Networks’ GlobalProtect VPN software
Three Plead Guilty to Running MFA Bypass Site
Three British men are facing jail after pleading guilty to running an MFA bypass site dubbed “OTP Agency”
