Infosecurity News

  1. Universal Music Group Admits Data Breach

    UMG, a major music corporation, reported a July 2024 data breach affecting 680 US residents

  2. Advanced Threat Group GoldenJackal Exploits Air-Gapped Systems

    GoldenJackal targeted air-gapped government systems from May 2022 to March 2024, ESET found

  3. Board-CISO Mismatch on Cyber Responsibility, NCSC Research Finds

    The UK NCSC found that there is a lot of confusion between board members and security leaders of who is responsible for cybersecurity within their organizations

  4. ICO Releases New Data Protection Audit Framework

    The UK’s ICO said the framework is designed to help businesses build trust and encourage a positive data protection culture

  5. EU Urged to Harmonize Incident Reporting Requirements

    Risk managers association FERMA has warned that new EU cyber legislation means there is an inconsistent approach to incident reporting requirements

  6. Tech Professionals Highlight Critical AI Security Skills Gap

    A new O’Reilly survey showed a shortage of AI security skills, while AI-enabled security tools become tech professionals’ top priority for the coming year

  7. Fraud Repayment Rules Could Leave Victims Struggling, CTSI Claims

    The Chartered Trading Standards Institute is concerned a new cap on fraud reimbursement is too low

  8. Get Safe Online Launches New Scam Detector

    A new scam detection tool from Get Safe Online uses AI to help individuals and small businesses protect themselves

  9. How Confidence Between Teams Impacts Cyber Incident Outcomes

    Infosecurity recently joined an Immersive Labs Cyber Drill to experience how organizations can enhance their preparedness through training and simulations

  10. New MedusaLocker Ransomware Variant Deployed by Threat Actor

    Cisco Talos has observed the financially motivated threat actor targeting organizations globally with a MedusaLocker ransomware variant called “BabyLockerKZ”

  11. Sellafield Fined for Cybersecurity Failures at Nuclear Site

    A UK court has fined Sellafield Ltd £332,500 for cybersecurity failings related to the running of the Sellafield nuclear facility

  12. CRI Releases Guidance on Avoiding Ransomware Payments

    The Counter Ransomware Initiative has released new guidance discouraging organizations from making ransomware payments

  13. Litespeed Cache Plugin Flaw Allows XSS Attack, Update Now

    The new LiteSpeed Cache flaw (CVE-2024-47374) allows unauthenticated code injection across more than six million active installations

  14. Microsoft and US Government Disrupt Russian Star Blizzard Operations

    Microsoft and the US government have collectively seized over 100 websites used by Russian nation-state actor Star Blizzard

  15. CeranaKeeper Emerges as New Threat to Thai Government Networks

    China-aligned CeranaKeeper discovered targeting Thai govt institutions using cloud services for data exfiltration

  16. Cybersecurity Spending on the Rise, But Security Leaders Still Feel Vulnerable

    A new report by Red Canary has found that while cybersecurity budgets have risen, many security leaders still feel overwhelmed by the growing threat landscape

  17. Northern Ireland Police Data Leak Sees Service Fined by ICO

    The ICO blamed the Police Service of Northern Ireland for procedural failings that exposed the personal data of 9843 personnel, putting police officers at risk

  18. Crypto-Doubling Scams Surge Following Presidential Debate

    Researchers see an uptick in crypto-doubling investment scams following the first presidential debate

  19. Email Phishing Attacks Surge as Attackers Bypass Security Controls

    Egress found that attackers are becoming more adept at bypassing email security, such as using compromised accounts and the use of commodity campaigns

  20. FIN7 Gang Hides Malware in AI “Deepnude” Sites

    Threat group FIN7 is hiding infostealer malware on sites promising AI deepnude downloads

What’s hot on Infosecurity Magazine?