Infosecurity News

  1. Vulnerability Exploitation on the Rise as Attackers Ditch Phishing

    Mandiant’s latest M-Trends report found that vulnerability exploitation was the most common initial infection vector in 2023, making up 38% of intrusions

  2. Russian Sandworm Group Hit 20 Ukrainian Energy and Water Sites

    Notorious APT44 group Sandworm launched a major campaign against Ukrainian critical infrastructure in March

  3. Russian APT28 Group in New “GooseEgg” Hacking Campaign

    Microsoft has warned of a long-running credential stealing campaign from Russia’s APT28

  4. Fraudsters Exploit Telegram’s Popularity For Toncoin Scam

    The scheme was uncovered by Kaspersky and has been operational since November 2023

  5. Dependency Confusion Vulnerability Found in Apache Project

    This occurs when a private package fetches a similar public one, leading to exploit due to misconfigurations in package managers

  6. CrushFTP File Transfer Vulnerability Lets Attackers Download System Files

    CrushFTP is urging customers to download v11 of its file transfer platform, with attackers actively exploiting a vulnerability that allows them to download system files

  7. NSA Launches Guidance for Secure AI Deployment

    The new document is the first release from NSA’s Artificial Intelligence Security Center (AISC), in partnership with other government agencies in the US and other Five Eyes countries

  8. NCSC Announces PwC’s Richard Horne as New CEO

    The UK’s National Cyber Security Centre will see Richard Horne take over as its new boss in the autumn

  9. MITRE Reveals Ivanti Breach By Nation State Actor

    Non-profit MITRE says a sophisticated state group breached its network via two chained Ivanti zero-days

  10. Alarming Decline in Cybersecurity Job Postings in the US

    This drop represents a direct threat to US national cybersecurity infrastructure, said CyberSN representatives in their report

  11. Akira Ransomware Group Rakes in $42m, 250 Organizations Impacted

    A joint advisory from Europol and US and Dutch government agencies estimated that Akira made around $42m in ransomware proceeds from March 2023 to January 2024

  12. Quishing Attacks Jump Tenfold, Attachment Payloads Halve

    The figures come from Egress’s latest report, which also suggests secure email gateways lag behind tech advancements

Why not watch?

  1. Adapting to Tomorrow's Threat Landscape: AI's Role in Cybersecurity and Security Operations in 2024

  2. Navigating the Evolving Cybersecurity Compliance Landscape in 2024

  3. How to Optimize Third-Party Risk Management Programs Through NIST CSF 2.0

  4. Uncovering DDoS Vulnerabilities with Simulation Testing: A Case Study

What’s hot on Infosecurity Magazine?