Infosecurity News

  1. Open Source Leaders Warn of XZ Utils-Like Takeover Attempts

    Two open source organizations have revealed attempts to socially engineer project takeovers

  2. Bad Bots Drive 10% Annual Surge in Account Takeover Attacks

    Malicious bots now represent a third of all internet traffic, says Imperva

  3. Russia and Ukraine Top Inaugural World Cybercrime Index

    An international team of researchers published the first-ever index ranking countries by cybercrime threat level

  4. New LockBit Variant Exploits Self-Spreading Features

    Kaspersky also uncovered the use of the SessionGopher script to extract saved passwords

  5. Palo Alto Networks Zero-Day Flaw Exploited in Targeted Attacks

    Designated CVE-2024-3400 and with a CVSS score of 10.0, the flaw enables unauthorized actors to execute arbitrary code on affected firewalls

  6. Chipmaker Giant Nexperia Confirms Cyber-Attack Amid Ransomware Group Claims

    Nexperia confirmed its IT servers were accessed by attackers, with the Dunghill ransomware group claiming to have stolen chip designs and other sensitive documents

  7. FBI Warns of Massive Toll Services Smishing Scam

    The Feds have received thousands of complaints about phishing texts from fake road toll collection services

  8. Police Swoop on €645m Cannabis Investment Fraud Gang

    Nine arrests and millions of euros seized in bid to bust JuicyFields investment scammers

  9. CISA Urges Immediate Credential Reset After Sisense Breach

    The breach affecting business analytics provider Sisense could lead to a wide-scale supply chain attack

  10. Palo Alto Networks Warns About Critical Zero-Day in PAN-OS

    A fix for CVE-2024-3400 is scheduled on April 4, Palo Alto Networks announced

  11. Apple Boosts Spyware Alerts For Mercenary Attacks

    The revision points out companies like NSO Group, known for surveillance tools like Pegasus

  12. Data Breach Exposes 300k Taxi Passengers’ Information

    These records belonged to Dublin-based iCabbi, a dispatch and fleet management technology provider

  13. New Android Espionage Campaign Spotted in India and Pakistan

    A new cyber espionage campaign, called ‘eXotic Visit,’ targeted Android users in South Asia via seemingly legitimate messaging apps

  14. Raspberry Robin Distributed Through Windows Script Files

    Distribution vectors of the Raspberry Robin worm now include Windows Script Files (WSF) alongside other methods like USB drives

  15. Threat Actors Game GitHub Search to Spread Malware

    Checkmarx warns of GitHub search result manipulation designed to promote malicious repositories

  16. US Data Breach Reports Surge 90% Annually in Q1

    The number of publicly reported data breaches and leaks grew 90% in the first three months of the year

  17. Rhadamanthys Malware Deployed By TA547 Against German Targets

    Proofpoint said this is the first time the threat actor has been seen using LLM-generated PowerShell scripts

  18. LG TV Vulnerabilities Expose 91,000 Devices

    The issues identified permit unauthorized access to the TV’s root system by bypassing authorization mechanisms

  19. Women Experience Exclusion Twice as Often as Men in Cybersecurity

    A WiCyS report detailed the causes of disparities in the experiences of women working in cybersecurity compared to men, including respect and exclusion

  20. Windows: New 'BatBadBut' Rust Vulnerability Given Highest Severity Score

    A flaw in the Rust standard library exposes Windows systems to command injection attacks

Why Not Watch?

  1. Audit & Compliance in the Era of AI and Emerging Technology

  2. Time Is a New Attack Surface: Securing Networks with Trusted Time Synchronization

  3. Revisiting CIA: Developing Your Security Strategy in the SaaS Shared Reality

  4. Securing M365 Data and Identity Systems Against Modern Adversaries

What’s Hot on Infosecurity Magazine?