Infosecurity News
GitHub Rotates Credentials and Patches New Bug
GitHub urges customers to apply a new patch and take action if impacted by credential rotation
Phemedrone Stealer Targets Windows Defender Flaw Despite Patch
The malware targets browsers, steals crypto wallet and messaging app data, and collects system information
New Tool Identifies Pegasus and Other iOS Spyware
Kaspersky experts developed the tool after analyzing Shutdown.log, a file retaining reboot information
Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
In its latest Email Security Risk Report, Egress found that businesses were 10% more negatively affected by phishing attacks in 2023 than in 2022
Crypto Heists Surge in 2023, $16.93m Already Stolen in 2024
Comparitech revealed crypto heists increased in volume by 42% last year
Ivanti Zero-Days Exploited By Multiple Actors Globally
Volexity detects 1700 compromised Ivanti VPN devices following publication of two zero-days last week
Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+
Group-IB report lifts the lid on infamous crypto-drainer malware Inferno Drainer
Researchers Uncover Major Surge in Global Botnet Activity
Netscout found a spike from 10,000 to 143,957 devices in scans between December 2023 and early January 2024
Senators Demand Probe into SEC Hack After Bitcoin Price Spike
US senators have accused the SEC of failing to properly secure its social media accounts after hackers comprised its X account and posted a fake Bitcoin announcement
Python-Based Tool FBot Disrupts Cloud Security
Discovered by the SentinelLabs team, FBot targets web servers, cloud services and SaaS platforms
Environmental Websites Hit by DDoS Surge in COP28 Crossfire
Content delivery provider Cloudflare observed a staggering surge in DDoS attacks against environmental services during COP28
British Library Catalogue Back Online After Ransomware Attack
The main British Library catalogue will be back online on Monday, January 15, as the institution continues its technical rebuild following the ransomware attack last year
Security Experts Urge IT to Lock Down GitHub Services
A new Recorded Future report warns of growing abuse of GitHub and recommends blocking risky services
HelloFresh Fined £140K After Sending 80 Million Spam Messages
The ICO has fined HelloFresh £140,000 for breaking privacy laws with a spam marketing campaign
CISA Urges Critical Infrastructure to Patch Urgent ICS Vulnerabilities
CISA’s advisory provides mitigations for vulnerabilities in ICS products used in critical infrastructure industries like energy, manufacturing and transportation
Waiting for Your Pay Raise? Cofense Warns Against HR-Related Scams
Email security provider Cofense outlined some of the most common HR-related scams and phishing campaigns it has observed
Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise
Bitdefender researchers revealed the vulnerability allows an attacker to send commands to the thermostat and replace its firmware
Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
Millions in the UK have had their data compromised because of cyber incidents involving law firms, a recent analysis of IOC data has found
1.3 Million FNF Customers' Data Potentially Exposed in Ransomware Attack
Fidelity National Financial revealed that the ransomware attack last year potentially impacted 1.3 million customers data in an updated SEC filing
Mandiant's X Account Was Hacked in Brute-Force Password Attack
Mandiant has shared its findings following X account hijacking, firm blames misconfigured 2FA and X's policy change
