Infosecurity News
MacOS-Focused Ransomware Attempts Leverage LockBit Brand
An unidentified threat actor has attempted to develop ransomware targeting macOS devices, posing as LockBit
Lazarus Group Exploits Google Chrome Flaw in New Campaign
Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware
Penn State Settles for $1.25M Over Cybersecurity Violations
Penn State will pay $1.25m for failing federal cybersecurity standards in DoD and NASA contracts
White House Issues AI National Security Memo
The National Security Memorandum on AI sets out actions for the federal government to ensure the safe, secure and trustworthy development of AI
Fortinet Confirms Exploitation of Critical FortiManager Zero-Day Vulnerability
This high-severity flaw, dubbed FortiJump by security researcher Kevin Beaumont, has been added to CISA’s KEV catalog
UK Government Introduces New Data Governance Legislation
The Data (Use and Access) Bill governs digital verification services and the use of personal data in public services, and will revamp the Information Commissioner’s Office
Cybersecurity Teams Largely Ignored in AI Policy Development
A new ISACA study has revealed that cybersecurity professionals are often overlooked in the development of AI policies
UK Government Urges Organizations to Get Cyber Essentials Certified
On the 10th anniversary since Cyber Essentials was introduced, the UK government has highlighted the impact the scheme has had in preventing attacks
New Malware WarmCookie Targets Users with Malicious Links
WarmCookie malware, aka BadSpace, spreads via malspam, malvertising and enables persistent access
Embargo Ransomware Gang Deploys Customized Defense Evasion Tools
The recently discovered Embargo ransomware group is using Rust-based custom tools to overcome victims’ security defenses, ESET researchers have observed
Former British PM Cameron Calls for Tech Engagement with China Despite Cyber Threats
Former UK PM David Cameron called for stronger defenses against Chinese cyber espionage while advocating collaboration with Beijing, coinciding with the BRICS Summit
70% of Leaders See Cyber Knowledge Gap in Employees
70% of leaders see cyber knowledge gap; AI attacks are harder to detect, 60% expect more victims
Internet Archive Secures Zendesk Account, Works Toward Full-Service Restoration
While Internet Archive’s services slowly resume, the data breach reveals the non-profit’s security failures
US Government Pledges to Cyber Threat Sharing Via TLP Protocol
The US government has issued guidance for federal agencies on the use of Traffic Light Protocol, designed to boost intelligence sharing with the cybersecurity community
UK Government Weighs Review of Computer Misuse Act to Combat Cybercrime
The British Minister for Security Dan Jarvis said at Recorded Future’s Predict 2024 that the new government was considering reforming the 1990 legislation
US Energy Sector Vulnerable to Supply Chain Attacks
45% of security breaches in the energy sector in the past year were third-party related, according to a report by Security Scorecard and KPMG
LLMjacking and Open-Source Tool Abuse Surge in 2024 Cloud Attacks
Cloud attacks surged in 2024 as attackers exploited cloud resources at unprecedented levels
SEC Charges Tech Firms Over Misleading SolarWinds Hack Disclosures
Four current and former publicly trading tech companies have agreed to pay civil penalties in relation to the SEC charges
75% of US Senate Campaign Websites Fail to Implement DMARC
75% of US Senate campaign sites lack DMARC, risking cybersecurity and email safety
Phishing Attack Impacts Over 92,000 Transak Users
A phishing attack targeting Transak employees led to a data breach, compromising the information of 92,554 users
