Infosecurity News
Chinese State Actor APT40 Exploits N-Day Vulnerabilities “Within Hours”
A joint government advisory warned that the Chinese state-sponsored actor APT40 is capable of immediately exploiting newly public vulnerabilities in widely used software
Avast Provides DoNex Ransomware Decryptor to Victims
Researchers at Avast found a flaw in the cryptographic schema of the DoNex ransomware and have been sending out decryptor keys to victims since March 2024
Just a Fifth of Manufacturers Have Strongest Anti-Phishing Protection
Study confirms most manufacturers with DMARC don’t have it configured to most secure policy
Ticketmaster Extortion Continues, Threat Actor Claims New Ticket Leak
Tickets to Foo Fighters, Aerosmith, Pink and Usher gigs have been leaked by a threat actor trying to extort Ticketmaster
New APT CloudSorcerer Malware Hits Russian Targets
The malware issues commands via a hardcoded charcode table and Microsoft COM object interfaces
Mekotio Trojan Targets Latin American Banking Credentials
Trend Micro said the trojan has been observed masquerading as communications from tax agencies
Cisco Warns regreSSHion Vulnerability Impacts Multiple Products
Cisco has told customers that 42 of its products are impacted by the OpenSSH regreSSHion vulnerability, with a further 51 products being investigated
Russia Blocks VPN Services in Information Crackdown
The ban comes from Russian communication watchdog Roskomnadzor, likely in a bid to control the flow of information to Russian citizens
Crypto Thefts Double to $1.4 Billion, TRM Labs Finds
Higher average token prices are the likely cause of the surge rather than a change in the crypto threat landscape
10 Billion Passwords Leaked on Hacking Forum
A Cybernews investigation found that nearly 10 billion unique passwords have been posted on a popular hacking forum, putting users worldwide at risk of account compromises
Vinted Fined €2.3m Over Data Protection Failure
The Lithuanian data protection authority has imposed a fine of almost $2.5m on second-hand specialist Vinted for breaching GDPR
EU Opens Applications for Cybersecurity and Digital Skills Funding
The EU’s Digital Europe Programme (DEP) will provide over €210m in funding for cybersecurity and digital skills projects
Europol Warns of Home Routing Challenges For Lawful Interception
Law Enforcement Agencies can’t intercept communications without an agreement disabling PET in home routing
Meta Faces Suspension of AI Data Training in Brazil
The action comes in response to concerns over the company’s updated privacy policy
Over $1bn in Cryptocurrency Lost to Web3 Cyber Incidents in 2024
Certik observed the loss of $1.1bn worth of cryptocurrency across Web3 platforms in the first half of 2024, with phishing the most common vector
Gamers' Data Exposed in RPG Platform Roll20 Breach
Roll20 confirmed its administrative website account was accessed by a “bad actor,” leaving its users’ personal information exposed
New Ransomware Group Phones Execs to Extort Payment
Researchers claim the Volcano Demon ransomware group personally phone victims to pressure them into paying
UK’s NCA Leads Major Cobalt Strike Takedown
Global law enforcers have share intelligence leading to the takedown of hundreds of IP addresses hosting Cobalt Strike
WordPress Plugins at Risk From Polyfill Library Compromise
The attack exploits the polyfill.io domain, which was recently acquired by Funnull, a China-based entity
Microsoft Uncovers Major Flaws in Rockwell PanelView Plus
The vulnerabilities stem from manipulable custom classes in PanelView Plus