Infosecurity News

  1. New Threat Actor “Grayling” Blamed For Espionage Campaign

    Symantec highlights distinctive DLL sideloading technique

  2. Magecart Hackers Hide in 404 Error Pages

    Akamai spots new digital skimming campaign

  3. MGM Resorts Reveals Over $100M in Costs After Ransomware Attack

    In an SEC 8-K filing published last Thursday, the company cited operational disruptions

  4. Google Bug Bounty Program Expands to Chrome V8, Google Cloud

    Google has launched capture the flag (CTF) competitions focused on Chrome’s V8 JavaScript engine and Google Cloud’s kernel-based virtual machine (KVM)

  5. DNA Tester 23andMe Hit By Credential Stuffing Campaign

    Threat actor offers to sell DNA profiles of ‘millions’

  6. Blackbaud Settles Ransomware Breach Case For $49.5m

    Thousands of non-profit customers were affected

  7. Social Dominates as Victims Take $2.7bn Fraud Hit

    Social media is number one channel for fraud, says FTC

  8. AWS to Mandate Multi-Factor Authentication from 2024

    Move is designed to mitigate risk of account takeover

  9. Qakbot Gang Still Active Despite FBI Takedown

    Cisco Talos found new evidence that Qakbot-affiliated actors were still distributing ransomware despite the August FBI takedown of the threat group

  10. CISA and NSA Publish Top 10 Misconfigurations

    Data was compiled from real-world read and blue team engagements

  11. Apple Issues Emergency Patches for More Zero-Day Bugs

    One is being exploited in the wild

  12. CISA and NSA Tackle IAM Security Challenges in New Report

    The document is authored by the Enduring Security Framework

  13. Critical Glibc Bug Puts Linux Distributions at Risk

    Qualys identified and exploited the vulnerability in Fedora 37/38, Ubuntu 22.04/23.04, Debian 12/13

  14. China Poised to Disrupt US Critical Infrastructure with Cyber-Attacks, Microsoft Warns

    Microsoft’s annual digital defense report found a rise in Chinese state-affiliated groups attempting to infiltrate sectors like medical infrastructure and telecommunication

  15. Record Numbers of Ransomware Victims Named on Leak Sites

    A new Secureworks report finds that 2023 is on course to be the biggest year on record for victim naming on ‘name and shame’ sites

  16. Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers

    CloudSEK warns 100,000 victims may have been impacted

  17. US Government Proposes SBOM Rules for Contractors

    Public comment open until December 4

  18. GoldDigger Android Trojan Drains Victim Bank Accounts

    Researchers warn of phishing links leading to spoofed Google Play pages

  19. LightSpy iPhone Spyware Linked to Chinese APT41 Group

    ThreatFabric found evidence that LighSpy is linked to Android spyware DragonEgg, attributed to the Chinese-sponsored group

  20. EvilProxy Phishing Attack Strikes Indeed, Targets Executives

    Menlo Labs brought this discovery to light in an advisory published on Tuesday

Why Not Watch?

  1. Audit & Compliance in the Era of AI and Emerging Technology

  2. Mastering AI Security With ISACA’s New AAISM Certification

  3. Revisiting CIA: Developing Your Security Strategy in the SaaS Shared Reality

  4. How Mid-Market Businesses Can Leverage Microsoft Security for Proactive Defenses

What’s Hot on Infosecurity Magazine?