Infosecurity News
CISA Strengthens Software Procurement Security With New Tool
CISA has launched a new Software Acquisition Guide Web Tool to enhance security in software procurement
Researchers Discover First Reported AI-Powered Ransomware
While still in development, PromptLock is described as the “first known AI-powered ransomware” by ESET researchers
Nevada “Network Security Incident” Shuts Down State Offices and Services
The Office of the Governor of Nevada revealed that the incident has shut down in-person State services, while government phone lines and websites are offline
ShadowSilk Campaign Targets Central Asian Governments
A series of cyber-attacks against government organizations in Central Asia and Asia- Pacific has been linked to the ShadowSilk threat cluster
Citrix Patches Three NetScaler Zero Days as One Sees Active Exploitation
Citrix customers are urged to patch their vulnerable NetScaler appliances, but “patching alone won’t cut it,” experts said
ENISA to Coordinate €36m EU-Wide Incident Response Scheme
EU security agency ENISA is being handed €36m to operate the EU Cybersecurity Reserve
New Data Theft Campaign Targets Salesforce via Salesloft App
Google is warning of a new credential theft campaign targeting Salesforce customers via Salesloft Drift
New Phishing Campaign Abuses ConnectWise ScreenConnect to Take Over Devices
Abnormal AI said the campaign, which lures victims into downloading legitimate RMM software, marks a major evolution in phishing tactics
New Android Trojan Variant Expands with Ransomware Tactics
A new version of the Hook Android banking Trojan features 107 remote commands, including ransomware overlays
Phishing Campaign Uses UpCrypter to Deploy Remote Access Tools
A global phishing campaign has been identified using personalized emails and fake websites to deliver malware via UpCrypter
US: Maryland Confirms Cyber Incident Affecting State Transport Systems
All previously scheduled mobility trips across Maryland for this week will be honored, said the state’s transportation administration
CIISec: Most Security Professionals Want Stricter Regulations
A new CIISec poll finds the majority of industry professionals would prefer more rigorous cybersecurity laws
Tech Manufacturer Data I/O Hit by Ransomware
Data I/O has revealed operational disruption following a ransomware breach that forced it to take some systems offline
Fake macOS Help Sites Seek to Spread Infostealer in Targeted Campaign
A variant of the Atomic macOS Stealer (AMOS) targets macOS users via fake support sites in malvertising campaign
Chinese Developer Jailed for Deploying Malicious Code at US Company
A Chinese developer has been sentenced to four years in prison after being found to deploy malicious code in his employer’s network, including a “kill switch”
CISA Seeks Biden Era's SBOM Minimum Requirements Guideline Change
The US Cybersecurity and Infrastructure Security Agency is planning to launch an update to a 2021 guideline for SBOM requirements
Interpol-Led African Cybercrime Crackdown Leads to 1209 Arrests
Operation Serengeti 2.0 operators helped recover $97.4m stolen by cybercriminals
Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts
Darktrace observed a coordinated campaign on customer SaaS accounts, all of which involved logins from IP addresses linked to VPS providers
Apple Releases Patch for Likely Exploited Zero-Day Vulnerability
All Apple users are encouraged to update their iPhones, iPads and macOS devices
Microsoft to Make All Products Quantum Safe by 2033
Microsoft has set out a roadmap to complete transition to PQC in all its products and services by 2033, with roll out beginning by 2029
