Infosecurity News
UK Shoppers Frustrated as Bots Snap Up Popular Christmas Gifts
Almost three quarters of UK consumers believe bad bots are ruining Christmas by buying up popular gifts, forcing many to purchase expensive alternatives, according to Imperva research
Security Flaws in WordPress Woffice Theme Prompts Urgent Update
Two Woffice theme vulnerabilities have been identified that allow attackers to gain unauthorized access and control of unpatched websites
Remcos RAT Malware Evolves with New Techniques
Cyber-attacks involving Remcos RAT surged in Q3 2024, enabling attackers to control victim machines remotely, steal data and carry out espionage
Lookout Discovers New Spyware Deployed by Russia and China
Russian-made spyware BoneSpy and PlainGnome target former Soviet states, while public security bureaus in mainland China use Chinese surveillance tool EagleMsgSpy
Insurance Worker Sentenced After Illegally Accessing Claimants’ Data
An insurance employee has been handed a suspended sentence after illegally accessing personal information
Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge
HP Wolf reveals that 79% of IT security decision makers are lacking in crucial hardware and firmware expertise
Secret Blizzard Targets Ukrainian Military with Custom Malware
Microsoft detailed how Russian espionage group Secret Blizzard is leveraging infrastructure of other threat actors to target the Ukrainian military with custom malware
Sophisticated Scam Targets UAE Residents with Fake Police Fines
Fraudsters in UAE posed as Dubai Police, targeting citizens with fake fines via calls, emails and SMS
Cyber Incident Disrupting Krispy Kreme Online Orders
Krispy Kreme said the incident is likely to materially affect operations and short-term financial performance
South Korea Takes Down Fraudulent Online Trading Network Used to Extort $6.3M
The Korean Financial Security Institute (K-FSI) disrupted a fraudulent network that made $6.3m by stealing money from fake personal trading platforms
Microsoft Azure MFA Flaw Allowed Easy Access Bypass
Microsoft MFA flaw exposed that allowed attackers to bypass security within an hour, putting 400m Office 365 accounts at risk
Operation PowerOFF Takes Down DDoS Boosters
Operation PowerOFF has dismantled a network of 27 DDoS platforms, leading to the arrests of three administrators and the identification of over 300 users
US Sanctions Chinese Firm at Center of Global Firewall Hack
The US government has sanctioned Sichuan Silence and one of its employees for the mass compromise of firewalls which led to the deployment of malware and ransomware
Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day
Microsoft has patched dozens of vulnerabilities in December, including one zero-day being exploited in the wild
Zero Day in Cleo File Transfer Software Exploited En Masse
A zero-day vulnerability in Cleo file transfer software is being exploited in data theft attacks
Snowflake Pledges to Make MFA Mandatory
The multi-cloud data warehousing platform said it will completely phase out single factor authentication with passwords by November 2025
Hackers Exploit Misconfigurations in Public Websites With Improperly Exposed AWS Credentials
Hackers exploited AWS misconfigurations, leaking 2TB of sensitive data, including customer information, credentials and proprietary source code
Utility Companies Face 42% Surge in Ransomware Attacks
The utilities sector saw a 42% surge in ransomware incidents over the past year, with groups like Play focusing on targets with IT and OT systems
New AppLite Malware Targets Banking Apps in Phishing Campaign
New AppLite Banker malware targets Android devices, employing advanced phishing techniques to steal credentials and data
Scottish Parliament TV at Risk of Deepfake Attacks
Researchers found that the broad accessibility of streams of Scottish Parliamentary proceedings make them highly susceptible to deepfake attacks
