Infosecurity News
UK Government Introduces New Data Governance Legislation
The Data (Use and Access) Bill governs digital verification services and the use of personal data in public services, and will revamp the Information Commissioner’s Office
Cybersecurity Teams Largely Ignored in AI Policy Development
A new ISACA study has revealed that cybersecurity professionals are often overlooked in the development of AI policies
UK Government Urges Organizations to Get Cyber Essentials Certified
On the 10th anniversary since Cyber Essentials was introduced, the UK government has highlighted the impact the scheme has had in preventing attacks
New Malware WarmCookie Targets Users with Malicious Links
WarmCookie malware, aka BadSpace, spreads via malspam, malvertising and enables persistent access
Embargo Ransomware Gang Deploys Customized Defense Evasion Tools
The recently discovered Embargo ransomware group is using Rust-based custom tools to overcome victims’ security defenses, ESET researchers have observed
Former British PM Cameron Calls for Tech Engagement with China Despite Cyber Threats
Former UK PM David Cameron called for stronger defenses against Chinese cyber espionage while advocating collaboration with Beijing, coinciding with the BRICS Summit
70% of Leaders See Cyber Knowledge Gap in Employees
70% of leaders see cyber knowledge gap; AI attacks are harder to detect, 60% expect more victims
Internet Archive Secures Zendesk Account, Works Toward Full-Service Restoration
While Internet Archive’s services slowly resume, the data breach reveals the non-profit’s security failures
US Government Pledges to Cyber Threat Sharing Via TLP Protocol
The US government has issued guidance for federal agencies on the use of Traffic Light Protocol, designed to boost intelligence sharing with the cybersecurity community
UK Government Weighs Review of Computer Misuse Act to Combat Cybercrime
The British Minister for Security Dan Jarvis said at Recorded Future’s Predict 2024 that the new government was considering reforming the 1990 legislation
US Energy Sector Vulnerable to Supply Chain Attacks
45% of security breaches in the energy sector in the past year were third-party related, according to a report by Security Scorecard and KPMG
LLMjacking and Open-Source Tool Abuse Surge in 2024 Cloud Attacks
Cloud attacks surged in 2024 as attackers exploited cloud resources at unprecedented levels
SEC Charges Tech Firms Over Misleading SolarWinds Hack Disclosures
Four current and former publicly trading tech companies have agreed to pay civil penalties in relation to the SEC charges
75% of US Senate Campaign Websites Fail to Implement DMARC
75% of US Senate campaign sites lack DMARC, risking cybersecurity and email safety
Phishing Attack Impacts Over 92,000 Transak Users
A phishing attack targeting Transak employees led to a data breach, compromising the information of 92,554 users
Meta to Fight Celeb-Bait Scams with Facial Recognition
Meta is testing facial recognition technology to tackle celeb-bait ad scams and enable the recovery of compromised accounts
Think Tanks Urge Action to Curb Misuse of Spyware and Hack-for-Hire
RUSI and Chatham House recommended global standards to combat commercial cyber tool abuse
AI-Powered Attacks Flood Retail Websites
AI tools are being used to launch over half a million cyber-attacks daily on retailers, according to a new report
Severe Flaws Discovered in Major E2EE Cloud Storage Services
The cryptographic vulnerabilities were found in Sync, pCloud, Icedrive and Seafile by ETH Zurich
Stolen Access Tokens Lead to New Internet Archive Breach
A threat actor claimed to get hold of an exposed GitLab configuration file containing Zendesk API access tokens
