Infosecurity News
Cloud Security Risks Surge as 38% of Firms Face Exposures
Tenable’s latest report reveals 38% of organizations face risks from a “toxic cloud triad” of security gaps
31 New Ransomware Groups Join the Ecosystem in 12 Months
Secureworks reports a 30% increase in active ransomware groups despite law enforcement efforts, with 31 new groups emerging in the past year
US Warns of Foreign Interference in Congressional Races Ahead of Election
Iran is targeting the US presidential race, China the congressional races, and Russia both
Cyber Fraud Cost up to $37bn in Southeast Asia Last Year
A UN report found that organized crime groups in the region have rapidly integrated malware, generative AI and deepfakes to enhance their fraud activities
Global Police Track Human Traffickers in Online Crackdown
Europol claims its EMPACT operation has revealed dozens of human trafficking victims and suspects
MoneyGram Reveals Data Breach After Incident Downed Services
MoneyGram has issued a data breach notification to customers following a security incident
Universal Music Group Admits Data Breach
UMG, a major music corporation, reported a July 2024 data breach affecting 680 US residents
Advanced Threat Group GoldenJackal Exploits Air-Gapped Systems
GoldenJackal targeted air-gapped government systems from May 2022 to March 2024, ESET found
Board-CISO Mismatch on Cyber Responsibility, NCSC Research Finds
The UK NCSC found that there is a lot of confusion between board members and security leaders of who is responsible for cybersecurity within their organizations
ICO Releases New Data Protection Audit Framework
The UK’s ICO said the framework is designed to help businesses build trust and encourage a positive data protection culture
EU Urged to Harmonize Incident Reporting Requirements
Risk managers association FERMA has warned that new EU cyber legislation means there is an inconsistent approach to incident reporting requirements
Tech Professionals Highlight Critical AI Security Skills Gap
A new O’Reilly survey showed a shortage of AI security skills, while AI-enabled security tools become tech professionals’ top priority for the coming year
Fraud Repayment Rules Could Leave Victims Struggling, CTSI Claims
The Chartered Trading Standards Institute is concerned a new cap on fraud reimbursement is too low
Get Safe Online Launches New Scam Detector
A new scam detection tool from Get Safe Online uses AI to help individuals and small businesses protect themselves
How Confidence Between Teams Impacts Cyber Incident Outcomes
Infosecurity recently joined an Immersive Labs Cyber Drill to experience how organizations can enhance their preparedness through training and simulations
New MedusaLocker Ransomware Variant Deployed by Threat Actor
Cisco Talos has observed the financially motivated threat actor targeting organizations globally with a MedusaLocker ransomware variant called “BabyLockerKZ”
Sellafield Fined for Cybersecurity Failures at Nuclear Site
A UK court has fined Sellafield Ltd £332,500 for cybersecurity failings related to the running of the Sellafield nuclear facility
CRI Releases Guidance on Avoiding Ransomware Payments
The Counter Ransomware Initiative has released new guidance discouraging organizations from making ransomware payments
Litespeed Cache Plugin Flaw Allows XSS Attack, Update Now
The new LiteSpeed Cache flaw (CVE-2024-47374) allows unauthenticated code injection across more than six million active installations
Microsoft and US Government Disrupt Russian Star Blizzard Operations
Microsoft and the US government have collectively seized over 100 websites used by Russian nation-state actor Star Blizzard