Infosecurity News
North Korean Group Kimsuky Exploits DMARC and Web Beacons
Proofpoint confirmed Kimsuky has directly contacted foreign policy experts since 2023 through seemingly benign email conversations
US Government and OpenSSF Partner on New SBOM Management Tool
OpenSSF, in collaboration with the US Government, has developed Protobom, a open source tool designed to simplify SBOM management for organizations
EU Election: Pro-Russian Propaganda Exploits Meta's Failure to Moderate Political Ads
This year’s EU election will be a stress test to see whether the newly adopted Digital Services Act can efficiently mitigate misinformation threats
Ivanti Patches Two Critical Avalanche Flaws in Major Update
Ivanti has fixed two critical vulnerabilities in its Avalanche MDM product which could lead to remote code execution
Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites
Cifas reveals 14% rise in dishonest employees, driven mainly by financial necessity last year
Russian Sandworm Group Using Novel Backdoor to Target Ukraine and Allies
WithSecure researchers said it is likely Russian state group Sandworm has added a novel backdoor dubbed ‘Kapeka’ to its arsenal
Report Suggests 93% of Breaches Lead to Downtime and Data Loss
According to Pentera, firms are allocating 13% of their total IT security budgets to pentesting
LeakyCLI Flaw Exposes AWS and Google Cloud Credentials
Orca Security said the issue mirrors a previously identified vulnerability in Azure CLI
Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation
An open letter signed by 50 cybersecurity practitioners requires the US Congress to support NIST in restoring operations at the National Vulnerability Database
Microsoft Most Impersonated Brand in Phishing Scams
New Check Point data found Microsoft was impersonated in 38% of all brand phishing attacks in Q1 2024, up from 33% in Q4 2024
Open Source Leaders Warn of XZ Utils-Like Takeover Attempts
Two open source organizations have revealed attempts to socially engineer project takeovers
Bad Bots Drive 10% Annual Surge in Account Takeover Attacks
Malicious bots now represent a third of all internet traffic, says Imperva
Russia and Ukraine Top Inaugural World Cybercrime Index
An international team of researchers published the first-ever index ranking countries by cybercrime threat level
New LockBit Variant Exploits Self-Spreading Features
Kaspersky also uncovered the use of the SessionGopher script to extract saved passwords
Palo Alto Networks Zero-Day Flaw Exploited in Targeted Attacks
Designated CVE-2024-3400 and with a CVSS score of 10.0, the flaw enables unauthorized actors to execute arbitrary code on affected firewalls
Chipmaker Giant Nexperia Confirms Cyber-Attack Amid Ransomware Group Claims
Nexperia confirmed its IT servers were accessed by attackers, with the Dunghill ransomware group claiming to have stolen chip designs and other sensitive documents
FBI Warns of Massive Toll Services Smishing Scam
The Feds have received thousands of complaints about phishing texts from fake road toll collection services
Police Swoop on €645m Cannabis Investment Fraud Gang
Nine arrests and millions of euros seized in bid to bust JuicyFields investment scammers
CISA Urges Immediate Credential Reset After Sisense Breach
The breach affecting business analytics provider Sisense could lead to a wide-scale supply chain attack
Palo Alto Networks Warns About Critical Zero-Day in PAN-OS
A fix for CVE-2024-3400 is scheduled on April 4, Palo Alto Networks announced
