Infosecurity News
US Border Agency Under Fire for App's Handling of Personal Data
Access Now announced that the US Customs and Border Protection agency released records on its app following the NGO’s lawsuit
Sonatype Reports 156% Increase in OSS Malicious Packages
A new Sonatype report reveals a 156% surge in open source malware, with over 704,102 malicious packages identified since 2019, as OSS adoption continues to skyrocket
Russia's SVR Targets Zimbra, TeamCity Servers for Cyber Espionage
Russian-backed APT29 has been spying on US and European organizations since at least 2021, a US-UK joint advisory said
Disinformation Campaign Targets Moldova Ahead of EU Referendum
Operation MiddleFloor targets Moldova’s October elections, spreading EU disinformation via email
Over 10m Conversations Exposed in AI Call Center Hack
The data breach exposed more than 10m customer conversations from an AI call center platform in the Middle East
EU Adopts Cyber Resilience Act for Connected Devices
The EU's Cyber Resilience Act requires cybersecurity standards for all connected products throughout their entire lifecycle
Marriott Agrees $52m Settlement for Massive Data Breach
Marriott will pay $52m to 50 US states for a data breach impacting 131.5 million American customers, and has agreed to implement stronger security practices
Internet Archive Breached, 31 Million Records Exposed
The non-profit digital library was also hit by at least two DDoS attacks in two days
Former RAC Employees Get Suspended Sentence for Data Theft
Two former RAC employees have been handed suspended prison sentences for trading in personal data
Over 240 Million US Breach Victims Recorded in Q3
Supply chain victim numbers surge as more than 240 million US residents are impacted by data breaches in Q3 2024
Apple’s iPhone Mirroring Flaw Exposes Employee Privacy Risks
The privacy flaw in Apple’s iPhone mirroring feature enables personal apps on an iPhone to be listed in a company’s software inventory when the feature is used on work computers
New BeaverTail Malware Targets Job Seekers via Fake Recruiters
New BeaverTail malware targets tech job seekers via fake recruiters on LinkedIn and X
New Generation of Malicious QR Codes Uncovered by Researchers
Barracuda researchers have identified a new wave of QR code phishing attacks that evade traditional security measures and pose a significant threat to email security
UK Launches New Competition to Spur Cybersecurity Careers
The UK government’s Cyber Team Competition offer applicants the chance to receive advanced training, mentorship and networking opportunities
Australia Introduces First Standalone Cybersecurity Law
The Australian government’s Cyber Security Bill 2024 will mandate cybersecurity standards for smart devices and introduce ransomware reporting requirements
New EU Body to Centralize Complaints Against Facebook, TikTok, YouTube
The Appeals Centre Europe is supported by Meta’s Oversight Board Trust and certified by Ireland's media regulator
Ivanti: Three CSA Zero-Days Are Being Exploited in Attacks
Ivanti’s Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs
Microsoft Fixes Five Zero-Days in October Patch Tuesday
October’s Patch Tuesday saw Microsoft patch over 100 CVEs including five zero-day vulnerabilities
American Water Hit by Cyber-Attack, Billing Systems Disrupted
American Water, the largest water utility in the US, discovered a cyber-attack impacting internal systems on October 3
Cloud Security Risks Surge as 38% of Firms Face Exposures
Tenable’s latest report reveals 38% of organizations face risks from a “toxic cloud triad” of security gaps