Infosecurity News
Billbug Espionage Group Deploys New Tools in Southeast Asia
Billbug, a China-linked espionage group, has been observed targeting critical sectors in Southeast Asia with new tools
New Cryptojacking Malware Targets Docker with Novel Mining Technique
Darktrace and Cado said the new campaign highlights a shift towards alternative methods of mining cryptocurrencies
Scalllywag Ad Fraud Network Generates 1.4 Billion Bid Requests Daily
Security firm Human lifts the lid on prolific new ad fraud scheme dubbed “scallywag”
$40bn Southeast Asian Scam Sector Growing “Like a Cancer”
The UN has warned that Southeast Asian fraud groups are expanding their operations
Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure
Russian state actor Midnight Blizzard is using fake wine tasting events as a lure to spread malware for espionage purposes, according to Check Point
NTLM Hash Exploit Targets Poland and Romania Days After Patch
An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild
Senators Urge Cyber-Threat Sharing Law Extension Before Deadline
Bipartisan support grows in Congress to extend Cybersecurity Information Sharing Act for 10 years
Identity Attacks Now Comprise a Third of Intrusions
IBM warns of infostealer surge as attackers automate credential theft and adopt AI to generate highly convincing phishing emails en masse
Microsoft Thwarts $4bn in Fraud Attempts
Microsoft has blocked fraud worth $4bn as threat actors ramp up AI use
CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension
MITRE will be able to keep running the CVE program for at least the next 11 months
Network Edge Devices the Biggest Entry Point for Attacks on SMBs
Sophos found that compromise of network edge devices, such as VPN appliances, accounted for 30% of incidents impacted SMBs in 2024
ICO Issues Merseyside-Based Law Firm £60,000 Fine After Cyber-Attack
A UK Law firm has been fined £60,000 after data stolen during a 2022 cyber-attack was published on the dark web
Hertz Data Breach Exposes Customer Information in Cleo Zero-Day Attack
Hertz has confirmed a data breach exposing customer data after a zero-day attack targeting file transfer software from Cleo Communications
China-Backed Hackers Exploit BRICKSTORM Backdoor to Spy on European Businesses
NVISO discovered new variants of the BRICKSTORM backdoor, initially designed for Linux, on Windows systems
92% of Mobile Apps Found to Use Insecure Cryptographic Methods
Study reveals 92% of mobile apps use insecure cryptographic methods, exposing millions to data risks
Scalper Bots Fueling DVSA Driving Test Black Market
DataDome warns that DYI bots are snapping up driving test places en masse
Chaos Reigns as MITRE Set to Cease CVE and CWE Operations
Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database
North Korean Hackers Exploit LinkedIn to Infect Crypto Developers with Infostealers
Posing as potential employers, Slow Pisces hackers conceal malware in coding challenges sent to cryptocurrency developers on LinkedIn
Compliance Now Biggest Cyber Challenge for UK Financial Services
Regulatory compliance and data protection were the biggest cybersecurity challenges cited by UK financial organizations, according to a Bridewell survey
Bot Traffic Overtakes Human Activity as Threat Actors Turn to AI
Thales report reveals bots now account for 51% of all web traffic, surpassing human activity
