Infosecurity News
Santander Customer Data Compromised Following Third-Party Breach
Santander has warned that customer and employee data has been breached following unauthorized access to a database held by a third-party provider
Current Market Forces Disincentivizing Cybersecurity, Says NCSC CTO
NCSC CTO argues current market rewards prioritize cost over security, hindering the development of secure technology
A Third of CISOs Have Been Dismissed “Out of Hand” by the Board
Trend Micro research claims CISOs are often ignored or dismissed as “nagging” by their board
Microsoft Fixes Three Zero-Days in May Patch Tuesday
Microsoft has released patches for three zero-day vulnerabilities including two actively exploited in the wild
Data Breaches in US Schools Exposed 37.6M Records
Comparitech said 2023 was a record year for breaches with 954 reported, up from 139 in 2022 and 783 in 2021
Ebury Botnet Operators Diversify with Financial and Crypto Theft
The 15-year-old Ebury botnet is more active than ever, as ESET found 400,000 Linux servers compromised for cryptocurrency theft and financial gain
CISA and Partners Unveil Cybersecurity Guide For Civil Society Groups
The guide is designed to provide high-risk communities with actionable steps to bolster their cybersecurity defenses
NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stalled
Several software security experts have told Infosecurity that no new vulnerabilities have been added to the US National Vulnerability Database (NVD) since May 9
China Presents Defining Challenge to Global Cybersecurity, Says GCHQ
GCHQ chief warns China's cyber actions threaten global internet security, while Russia and Iran pose immediate risks
44% of Cybersecurity Professionals Struggle with Regulatory Compliance
Infosecurity Europe research highlights significant challenges faced by organisations in staying up to speed with increasing compliance requirements
Russian Actors Weaponize Legitimate Services in Multi-Malware Attack
Recorded Future details a novel campaign that abuses legitimate internet services to deploy multiple malware variants for credential theft
UK Insurance and NCSC Join Forces to Fight Ransomware Payments
UK insurers and the National Cybersecurity Centre release new guidance to discourage ransomware payments by businesses
Hackers Use DNS Tunneling to Scan and Track Victims
Palo Alto Networks warns threat actors are using DNS tunneling techniques to probe for network vulnerabilities
FCC Names and Shames First Robocall Threat Actor
In a first, the FCC has designated “Royal Tiger” as a malicious robocall threat group
Critical Vulnerabilities in Cinterion Modems Exposed
The flaws include CVE-2023-47610, a security weakness within the modem’s SUPL message handlers
Mallox Ransomware Deployed Via MS-SQL Honeypot Attack
Analyzing Mallox samples, Sekoia identified two distinct affiliates using different approaches
Ascension Ransomware Attack Diverts Ambulances, Delays Appointments
A ransomware attack on US private healthcare provider Ascension has disrupted patient care, with several hospitals currently on diversion
Black Basta Ransomware Victim Count Tops 500
Affiliates of prolific Black Basta ransomware group have breached over 500 global organizations
Threat Actor Claims Major Europol Data Breach
A threat actor known as IntelBroker claims to be selling confidential Europol data after a May breach
UK's AI Safety Institute Unveils Platform to Accelerate Safe AI Development
The UK's open source AI safety evaluation platform, Inspect, is set to empower global collaboration for safer AI development
