Infosecurity News
Data Privacy Week: Companies are Banning Generative AI Due to Privacy Risks
Cisco found that privacy and data security risks have led to over a quarter of organizations banning generative AI, at least temporarily, while a majority have instituted controls
China-Aligned APT Group Blackwood Unleashes NSPX30 Implant
ESET said Blackwood has been actively engaged in cyber-espionage since at least 2018
Government Security Vulnerabilities Surge By 151%, Report Finds
Bugcrowd’s latest report also recorded a 30% surge in web submissions in 2023
North Korea Hacks Crypto: More Targets, Lower Gains
A global drop in DeFi hacking gains prompted North Korean threat actors to diversify and extend their victim portfolio, Chainalysis found
Data Privacy Week: US Data Breaches Surge, 2023 Sees 78% Increase in Compromises
Over 350 million individuals were impacted by data breaches in the US in 2023 and 11% of all publicly traded companies have been compromised
Southern Water Confirms Data Breach Following Black Basta Claims
Southern Water confirmed a data breach had occurred after the Black Basta ransomware group purportedly published personal information held by the firm
Pwn2Own Contest Unearths Dozens of Zero-Day Vulnerabilities
The Zero Day Initiative’s first Pwn2Own Automotive competition has handed out over $1m for 24 zero-days
HPE Says SolarWinds Hackers Accessed its Emails
Hewlett Packard Enterprise reveals that Russian state APT29 hackers stole data from corporate mailboxes
ChatGPT Cybercrime Surge Revealed in 3000 Dark Web Posts
Kaspersky said cybercriminals are exploring schemes to implement ChatGPT in malware development
Browser Phishing Threats Grew 198% Last Year
Finding comes from Menlo Security’s recently released 2023 State of Browser Security Report
Why Bulletproof Hosting is Key to Cybercrime-as-a-Service
As a critical infrastructure service for cybercriminals, bulletproof hosting should be tracked and blocked by defenders, Intel471 argued in a new blog post
X Makes Passkeys Available for US-Based Users
X (formerly Twitter) has announced that passkeys are available as a login option for US-based users on iOS following a spate of high-profile account hijacks
Exploit Code Released For Critical Fortra GoAnywhere Bug
Researchers have released exploit code for a critical bug in managed file transfer software Fortra GoAnywhere
AI Set to Supercharge Ransomware Threat, Says NCSC
The National Cyber Security Centre claims in a new report that AI will increase volume and impact of ransomware attacks
Malicious npm Packages Used to Target GitHub Developer SSH Keys
ReversingLabs noted a 1300% surge in harmful open-source packages between 2020 and 2023
Hackers Target Atlassian Confluence With RCE Exploits
Shadowserver reported over 39,000 exploitation attempts from 600 unique IP addresses, mainly Russian
New Cybersecurity Governance Code Puts Cyber Risks on Boardroom Agenda
The UK government has published a draft code that aims to establish cybersecurity as a key focus for business leaders, on par with financial and legal risks
French Watchdog Slams Amazon with €32m Fine for Spying on Workers
The French CNIL has fined Amazon France Logistique $35m for an "excessively intrusive" surveillance system set up to monitor the performance of its staff
Australia Sanctions Russian Hacker Behind Medibank Breach
The Australian government has sanctioned Russian national Aleksandr Ermakov for his role in the Medibank data breach
SEC Confirms SIM Swap Attack Behind X Account Takeover
The Securities and Exchange Commission says hackers hijacked its X account in a SIM swap attack after MFA was disabled
