Infosecurity News
New SMS Stealer Malware Targets Over 600 Global Brands
Discovered by Zimperium’s zLabs team, the SMS Stealer malware was found in over 105,000 samples
Meta to Pay Texas $1.4bn for Unlawful Biometric Data Capture
Meta has agreed a $1.4bn settlement with the State of Texas for failing to inform Facebook users about its biometric data capturing practices
New PyPI Package Zlibxjson Steals Discord, Browser Data
According to Fortinet, PyPI package Zlibxjson steals Discord tokens and browser data, including passwords and extensive user information
DDoS Attack Triggers New Microsoft Global Outage
A global outage of Microsoft services was triggered by a DDoS attack, with an error Microsoft’s DDoS protection measures amplifying the impact
Cost of a Data Breach Surges 10% on Shadow Data Challenge
IBM reveals a 10% increase in the global cost of a data breach to $4.9m
Researchers Uncover Largest Ever Ransomware Payment of $75m
Zscaler warns of copycat attacks after revealing one ransomware victim paid $75m
Sophisticated Phishing Campaign Targets Microsoft OneDrive Users
The OneDrive campaign uses social engineering to trick users into executing a PowerShell script
Stolen GenAI Accounts Flood Dark Web With 400 Daily Listings
According to eSentire, around 400 GenAI account logins are sold daily on the dark web, including credentials for GPT, Quillbot, Notion and Replit
ICO Slams Electoral Commission for Basic Security Failings
The ICO found that the Electoral Commission did not have appropriate security measures in place, allowing hackers to access the personal details of 40 million UK voters
Just One in 10 Attacks Flagged By Security Tools
Picus Security claims just 12% of simulated attacks trigger an alert
Millions of Spoofed Emails Bypass Proofpoint Security in Phishing Campaign
Guardio Labs found that attackers exploited a configuration setting in Proofpoint’s email protection service, allowing outbound messages to bypass email protections
HealthEquity Breach Hits 4.3 Million Customers
Health savings specialist HealthEquity reveals over four million customers were impacted in a recent breach
Mandrake Spyware Infects 32,000 Devices Via Google Play Apps
Updated Mandrake samples, identified by Kaspersky, displayed enhanced obfuscation and evasion tactics
Walmart Discovers New PowerShell Backdoor Linked to Zloader Malware
Walmart detailed findings about an unknown PowerShell backdoor, which was potentially utilized alongside a new Zloader variant
Hotjar, Business Insider Vulnerabilities Expose OAuth Data Risks
Salt Labs also said XSS combined with OAuth can lead to severe breaches
Less Than Half of European Firms Have AI Controls in Place
Sapio Research claims that fewer than 50% of European companies place usage and other restrictions on AI
US Crypto Exchange Gemini Reveals Breach
Thousands of customers of cryptocurrency exchange Gemini have had personal data compromised
Synnovis Restores Systems After Cyber-Attack, But Blood Shortages Remain
Synnovis has rebuilt “substantial parts” of its systems following the Qilin ransomware attack on June 3, enabling the restoration of core blood supplies to NHS hospitals
Hacktivists Claim Leak of CrowdStrike Threat Intelligence
CrowdStrike has acknowledged the claims by the USDoD hacktivist group, which has provided a link to download the alleged threat actor list on a cybercrime forum
Despite Bans, AI Code Tools Widespread in Organizations
Despite bans on AI code generation tools, widespread use and lack of governance are creating significant security risks for organizations
