Infosecurity News
US Supreme Court Gives Green Light to TikTok Ban
The Supreme Court has upheld a law that could potentially ban TikTok in the US
Lazarus Group Targets Developers in New Data Theft Campaign
SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments
Star Blizzard Targets WhatsApp in New Campaign
Microsoft highlighted a new Star Blizzard campaign targeting WhatsApp accounts, as the group adapts its TTPs following the takedown of its infrastructure by law enforcement
Noyb Files GDPR Complaints Against TikTok and Five Chinese Tech Giants
AliExpress, Shein, Temu, TikTok, WeChat and Xiaomi are accused of operating unlawful data transfers to China
DORA Takes Effect: Financial Firms Still Navigating Compliance Headwinds
The EU’s DORA regulation is in effect as of January 17, with mixed evidence around compliance levels among financial firms
Middle Eastern Real Estate Fraud Grows with Online Listings
Middle East real estate scams are surging as fraudsters exploit online listings and bypassed due diligence checks
Trump’s Truth Social Users Targeted by Rampant Scams Online
Truth Social, launched by the Trump Media & Technology Group in 2022, has become a hotspot for scams like phishing and investment fraud
Biden Tightens Software Supply Chain Security Requirements Ahead of Trump Takeover
The US President’s second cybersecurity Executive Order will impose stricter security standards on software providers
DORA Compliance Costs Soar Past €1m for Many UK and EU Businesses
Compliance with the Digital Operational Resilience Act (DORA) has cost many businesses over €1 million, according to research from Rubrik
New Hacking Group Leaks Configuration of 15,000 Fortinet Firewalls
The leak likely comes from a zero-day exploit affecting Fortinet’s products
GoDaddy Accused of Serious Security Failings by FTC
A proposed settlement order from the FTC will require GoDaddy to strengthen its security practices following multiple data breaches at the web hosting giant
Hackers Use Image-Based Malware and GenAI to Evade Email Security
HP Wolf highlighted novel techniques used by attackers to bypass email protections, including embedding malicious code inside images and utilizing GenAI
EU To Launch New Support Centre by 2026 to Boost Healthcare Cybersecurity
A new EU action plan will be structured around four pillars: prevention, threat detection and identification, response to cyber-attacks and deterrence
CISA Launches Playbook to Boost AI Cybersecurity Collaboration
CISA launched the JCDC AI Cybersecurity Playbook to enhance collaboration on AI cybersecurity risks
Multi-Cloud Adoption Surges Amid Rising Security Concerns
A new report from Fortinet reveals increased adoption of multi-cloud strategies and hybrid implementations combining on-premises and public cloud infrastructure
Chinese PlugX Malware Deleted in Global Law Enforcement Operation
The FBI deleted Chinese PlugX malware from thousands of devices in the US, using a technique developed by French cybersecurity firm Sekoia.io
Illicit Crypto-Inflows Set to Top $51bn in a Year
Chainalysis estimates threat actors made at least $51bn through crypto crime in 2024
Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls
The security provider published mitigation measures to prevent exploitation
Secureworks Exposes North Korean Links to Fraudulent Crowdfunding
Secureworks Counter Threat Unit (CTU) has identified links between North Korean IT workers and fraudulent crowdfunding activities, with the group known as Nickle Tapestry orchestrating scams to support North Korean interests
Microsoft Patches Eight Zero-Days to Start the Year
Patch Tuesday saw Microsoft fix eight zero-days, three of which are being actively exploited
