Infosecurity News
North Korean IT Workers Holding Data Hostage for Extortion, FBI Warns
A new FBI advisory warned that North Korean IT worker schemes have escalated their activities in recent months to include data extortion
Ransomware Gangs Linked by Shared Code and Ransom Notes
SentinelOne researchers highlighted similarities in the approaches used by the HellCat and Morpheus ransomware groups, suggesting shared infrastructure
Chained Vulnerabilities Exploited in Ivanti Cloud Service Appliances
Threat actors chained Ivanti CSA vulnerabilities for RCE, credential theft & webshell deployment
Bookmakers Ramp Up Efforts to Combat Arbitrage Betting Fraud
Arbitrage betting fraud rises, forcing bookmakers to adopt stricter measures against automated scams
CISOs Dramatically Increase Boardroom Influence but Still Lack Soft Skills
Splunk reveals that 82% of CISOs now report directly to the CEO, but many lack EQ
Cisco Fixes Critical Vulnerability in Meeting Management
The network equipment giant urged customers to patch immediately
New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing
Cybercriminals are selling access to the malicious GenAI chatbot via Telegram, providing rapid assistance for a range of nefarious activities, according to Abnormal Security
Trump Pardons Silk Road Founder Ulbricht
President Trump has pardoned the founder of original dark web marketplace Silk Road
PlushDaemon APT Targeted South Korean VPN Software
PlushDaemon APT hacked South Korean VPN software with SlowStepper backdoor as part of a 2023 espionage campaign
Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures
Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA
73% of UK Education Sector Hit by Cyber-Attacks in Past Five Years
New ESET research reveals that 73% of UK educational institutions experienced at least one cyber-attack or breach in the past five years
Ransomware Attacks Surge to Record High in December 2024
NCC Group observed 574 global ransomware attacks in December, the highest monthly volume it has recorded
Major Cybersecurity Vendors' Credentials Found on Dark Web
Cyble has found thousands of security vendors' credentials on the dark web, likely pulled from infostealer logs
Account Compromise and Phishing Top Healthcare Security Incidents
Netwrix claims 84% of healthcare organizations detected a cyber-attack in the past year
Cloudflare Mitigates Record-Breaking 5.6Tbps DDoS Attack
Cloudflare warns of a surge in hyper-volumetric DDoS after revealing it stopped a massive 5.6Tbps attack
New Mirai Malware Variant Targets AVTECH Cameras, Huawei Routers
Murdoc_Botnet used Mirai malware to exploit IoT vulnerabilities, targeting devices globally
UK’s New Digital IDs Raise Security and Privacy Fears
Security experts have outlined security and privacy concerns around the UK government’s GOV.UK Wallet, which will allow citizens to store all their ID documents in a single place
Phishing Risks Rise as Zendesk Subdomains Facilitate Attacks
A CloudSEK report revealed Zendesk's platform can be exploited for phishing and investment scams
GDPR Fines Total €1.2bn in 2024
Data from DLA Piper showed a 33% year-on-year fall in GDPR fines issued in Europe in 2024, with total penalties reaching €1.2bn
Oracle To Address 320 Vulnerabilities in January Patch Update
Critical flaws include those in Oracle Supply Chain products