Infosecurity News

  1. Curl Releases Fixes For High-Severity Vulnerability

    The flaw impacts curl and libcurl, causing SOCKS5 proxy handshake to suffer heap buffer overflow

  2. US Government Issues Open-Source Security Guidance for Critical Infrastructure

    The recommendations are designed to reduce the life-safety implications of cyber incidents in ICS environments

  3. Exploitation Accounts For 29% of Education Sector Attacks

    The figures from the latest Critical Start report also suggest 30% come from phishing campaigns

  4. Cyber Professionals Alarmed by Growing Attacker Use of AI

    IT security professionals are concerned about the increasing use of AI in cyber-attacks, particularly deepfakes

  5. October Patch Tuesday Addresses Three Zero-Days

    Microsoft issues updates for over 100 flaws

  6. Air Europa Asks Customers to Cancel Cards After Breach

    Spanish airline did not disclose scale of the attack

  7. Tech Giants Reveal Record-Breaking “Rapid Reset” DDoS Bug

    Zero-day has been exploited to launch largest attacks ever seen

  8. IZ1H9 Botnet Targets IoT Devices With New Exploits

    FortiGuard Labs said the new campaign incorporates 13 distinct payloads

  9. Flagstar Bank MOVEit Breach Affects 800K Customer Records

    The incident occurred between May 27 and 31 2023, before MOVEit Transfer vulnerability was publicly disclosed

  10. #CyberMonth: Google Makes Passkeys Default Sign-In Option

    The tech giant said the move is designed to help efforts to make passwords obsolete

  11. Half of CISOs Now Report to CEO as Influence Grows

    Trend is more pronounced in Europe than America

  12. New Threat Actor “Grayling” Blamed For Espionage Campaign

    Symantec highlights distinctive DLL sideloading technique

  13. Magecart Hackers Hide in 404 Error Pages

    Akamai spots new digital skimming campaign

  14. MGM Resorts Reveals Over $100M in Costs After Ransomware Attack

    In an SEC 8-K filing published last Thursday, the company cited operational disruptions

  15. Google Bug Bounty Program Expands to Chrome V8, Google Cloud

    Google has launched capture the flag (CTF) competitions focused on Chrome’s V8 JavaScript engine and Google Cloud’s kernel-based virtual machine (KVM)

  16. DNA Tester 23andMe Hit By Credential Stuffing Campaign

    Threat actor offers to sell DNA profiles of ‘millions’

  17. Blackbaud Settles Ransomware Breach Case For $49.5m

    Thousands of non-profit customers were affected

  18. Social Dominates as Victims Take $2.7bn Fraud Hit

    Social media is number one channel for fraud, says FTC

  19. AWS to Mandate Multi-Factor Authentication from 2024

    Move is designed to mitigate risk of account takeover

  20. Qakbot Gang Still Active Despite FBI Takedown

    Cisco Talos found new evidence that Qakbot-affiliated actors were still distributing ransomware despite the August FBI takedown of the threat group

Why Not Watch?

  1. Time Is a New Attack Surface: Securing Networks with Trusted Time Synchronization

  2. Revisiting CIA: Developing Your Security Strategy in the SaaS Shared Reality

  3. Securing M365 Data and Identity Systems Against Modern Adversaries

  4. Mastering AI Security With ISACA’s New AAISM Certification

What’s Hot on Infosecurity Magazine?