Infosecurity News
Ransomware Rising Despite Takedowns, Says Corvus Report
The first quarter of 2024 saw the most ransomware activity ever recorded, Corvus Insurance found in a new analysis
YMCA Fined for Data Breach, ICO Raises Concerns About Privacy for People with HIV
Central YMCA was fined £7,500 for a data breach exposing HIV information of support program participants, prompting the ICO to call for stronger privacy protections for people with HIV
Millions of Malicious Containers Found on Docker Hub
According to JFrog, approximately 25% of all repositories lack useful functionality and serve as vehicles for spam and malware
Disinformation: EU Opens Probe Against Facebook and Instagram Ahead of Election
Meta’s moderation failings could allow coordinated disinformation campaigns to thrive in the run-up to the EU election
Ransom Payments Surge by 500% to an Average of $2m
Sophos found that the average ransom payment was $2m in 2023, with 63% of ransom demands $1m or more
FCC Fines Carriers $200m For Selling User Location Data
Some of America’s biggest wireless carriers illegally sold customer location, says FCC
Google Blocks 2.3 Million Apps From Play Store Listing
Google blocked millions of policy-violating apps from being listed on Play in 2023 and banned 333,000 bad accounts
Study Reveals Alarming Levels of USPS Phishing Traffic
The top malicious domains attracted over 100,000 hits each, according to Akamai Security
Judge0 Sandbox Vulnerabilities Expose Systems to Takeover Risk
Tanto Security uncovered three vulnerabilities which could allow attackers to execute sandbox escapes and gain root permissions on host machines
Voter Registration System Taken Offline in Coffee County Cyber-Incident
Coffee County has discovered malicious cyber-activity on its IT systems, and it reportedly severed its connection to Georgia’s state voter registration system
OpenAI's ChatGPT is Breaking GDPR, Says Noyb
European non-profit Noyb has filed a complaint to the Austrian data protection authority (DSB) over OpenAI’s ChatGPT providing false personal information
New UK Smart Device Security Law Comes into Force
IoT manufacturers, retailers and importers must comply with new security legislation, the PSTI act, from today
Okta Warns Customers of Credential Stuffing Barrage
Okta has issued customers with new advice on how to block mounting credential stuffing attacks
Over 850 Vulnerable Devices Secured Through CISA Ransomware Program
CISA’s RVWP program sent 1754 ransomware vulnerability notifications to government and critical infrastructure entities in 2023, leading to 852 devices being secured
Ring to Pay Out $5.6m in Refunds After Customer Privacy Breach
The US Federal Trade Commission will send $5.6m worth of refunds to the spied-on customers of the Amazon-owned home camera company
US Takes Down Illegal Cryptocurrency Mixing Service Samourai Wallet
The two founders of Samourai Wallet have been charged with money laundering and unlicensed money-transmitting offenses
State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities
An advisory from Cisco Talos has highlighted a sophisticated cyber-espionage campaign targeting government networks globally
DragonForce Ransomware Group Uses LockBit's Leaked Builder
Cyber threat intelligence provider Cyble found that DragonForce was using a ransomware binary based on LockBit Black’s builder
11% of Cybersecurity Teams Have Zero Women
A new ISC2 study highlights the lack of diversity in cybersecurity with only 4% of teams having a majority of women, while 11% have none at all
Online Banking Security Still Not Up to Par, Says Which?
Consumer rights group Which? has found more security gaps in UK banking sites and apps