Infosecurity News
NIST Scraps Passwords Complexity and Mandatory Changes in New Guidelines
The institute no longer requires regular password changes unless the authenticator has been compromised
Malicious Ads Hide Infostealer in League of Legends ‘Download’
Bitdefender is warning League of Legends fans not to fall for a phishing campaign designed to spread Lumma Stealer malware
82% of Phishing Sites Now Target Mobile Devices
82% of all phishing sites target mobile devices, with 76% using HTTPS to appear secure
US House Bill Addresses Growing Threat of Chinese Cyber Actors
House GOP unveiled a bill to combat Chinese cyber threats to US infrastructure, led by CISA and FBI
CrowdStrike Apologizes for IT Outage, Defends Microsoft Kernel Access
Adam Meyers, CrowdStrike VP for counter-adversary operations, appeared before a US congressional committee to answer questions about its July faulty software update
Thousands of US Congress Emails Exposed to Takeover
Some 3191 email addresses for congressional staff are available on the dark web
Critical Ivanti Authentication Bypass Bug Exploited in Wild
CISA adds critical Ivanti bug to its Known Exploited Vulnerabilities catalog
Threat Actors Shift to JavaScript-Based Phishing Attacks
Cybercriminals are increasingly prioritizing script-based phishing techniques over one based on traditional malicious documents
Cybersecurity Incident Affects Arkansas City Water Treatment Facility
Arkansas City’s water treatment facility faced a cyber incident on Sunday and has since switched to manual operations
New Octo2 Malware Variant Threatens Mobile Banking Security
Cybercriminals have been observed disguising Octo2 as legitimate apps like Google Chrome and NordVPN
14 Million Patients Impacted by US Healthcare Data Breaches in 2024
SonicWall found that data breaches caused by malware attacks on US healthcare organizations have affected 14 million people so far in 2024
#GartnerSEC: Zero Failure Tolerance, A Cybersecurity Myth Holding Back Organizations
Cybersecurity leaders should prioritize response and recovery over prevention to effectively navigate the ever-evolving threat landscape, according to Gartner analysts
US Mulls Ban on Russian, Chinese Parts in Connected Vehicles
The US Commerce Department wants to prohibit the sale or import of connected vehicles with Russian or Chinese-made hardware and software
Telegram Boss Agrees to Closer Police Cooperation
Pavel Durov says he will share details of “bad actors” and clean up Telegram’s search function
Europol: GenAI Offers “Treasure Trove of Possibilities”
A new Europol report argues that AI tools could revolutionize policing across the region
Kryptina Ransomware Resurfaces in Enterprise Attacks By Mallox
Kryptina, a free Ransomware-as-a-Service tool available on dark web forums, is now being used by Mallox ransomware affiliates
Vulnerabilities Found in Popular Houzez Theme and Plugin
The flaws are dangerous as the Houzez theme and Login Register plugin could allow privilege escalation by unauthenticated users
Russian Cyber-Attacks Home in on Ukraine’s Military Infrastructure
An overall rise in cyber incidents coming from Russian-aligned adversaries in 2024 was accompanied by a decrease in high and critical-severity incidents
LinkedIn Pauses GenAI Training Following ICO Concerns
The Information Commissioner’s Office says it’s pleased that LinkedIn has temporarily suspended its generative AI model training
German Police Shutter 47 Criminal Crypto Exchanges
Officers in Germany have shut down 47 cryptocurrency exchanges they accused of facilitating cybercrime
