Infosecurity News
Why Bulletproof Hosting is Key to Cybercrime-as-a-Service
As a critical infrastructure service for cybercriminals, bulletproof hosting should be tracked and blocked by defenders, Intel471 argued in a new blog post
X Makes Passkeys Available for US-Based Users
X (formerly Twitter) has announced that passkeys are available as a login option for US-based users on iOS following a spate of high-profile account hijacks
Exploit Code Released For Critical Fortra GoAnywhere Bug
Researchers have released exploit code for a critical bug in managed file transfer software Fortra GoAnywhere
AI Set to Supercharge Ransomware Threat, Says NCSC
The National Cyber Security Centre claims in a new report that AI will increase volume and impact of ransomware attacks
Malicious npm Packages Used to Target GitHub Developer SSH Keys
ReversingLabs noted a 1300% surge in harmful open-source packages between 2020 and 2023
Hackers Target Atlassian Confluence With RCE Exploits
Shadowserver reported over 39,000 exploitation attempts from 600 unique IP addresses, mainly Russian
New Cybersecurity Governance Code Puts Cyber Risks on Boardroom Agenda
The UK government has published a draft code that aims to establish cybersecurity as a key focus for business leaders, on par with financial and legal risks
French Watchdog Slams Amazon with €32m Fine for Spying on Workers
The French CNIL has fined Amazon France Logistique $35m for an "excessively intrusive" surveillance system set up to monitor the performance of its staff
Australia Sanctions Russian Hacker Behind Medibank Breach
The Australian government has sanctioned Russian national Aleksandr Ermakov for his role in the Medibank data breach
SEC Confirms SIM Swap Attack Behind X Account Takeover
The Securities and Exchange Commission says hackers hijacked its X account in a SIM swap attack after MFA was disabled
Mega-Breach Database Exposes 26 Billion Records
A haul of 26 billion records found online was compiled from historic breaches
LoanDepot Data Breach Hits 16.6 Million Customers
The US loan giant confirmed 16.6 million customers had “sensitive personal” information stolen in a cyber-attack
Thai Court Blocks 9near.org to Avoid Exposure of 55M Citizens
Thailand’s data breaches fell in 2022-2023, but Resecurity is warning of rising cyber-threats
New macOS Malware Targets Cracked Apps
Kaspersky said the malware targeted macOS Ventura 13.6 and newer versions
Data Privacy Week: Lack of Understanding, Underfunding Threaten Data Privacy and Compliance
According to ISACA, two-thirds of professionals don’t fully understand the privacy regulations their organization needs to comply with
CISA Emergency Directive Demands Action on Ivanti Zero-Days
US security agency CISA orders all civilian federal agencies to take immediate steps to mitigate two Ivanti zero-day flaws
Russian Spies Brute Force Senior Microsoft Staff Accounts
Russian intelligence hackers compromise emails of senior Microsoft leadership with simple password spray attacks
Russian Coldriver Hackers Deploy Malware to Target Western Officials
Google has warned that the Russia-linked Coldriver has expanded its targeting of Western officials by deploying malware to exfiltrate sensitive data
Experts Urge Clearer Direction in South Africa's Cyber Strategy
South Africa’s cyber defenses have been lacking direction and resources for too long, researchers from the Carnegie Endowment for International Peace argued
TA866 Resurfaces in Targeted OneDrive Campaign
Proofpoint said it thwarted a large-scale campaign on January 11 primarily targeting North America
