Infosecurity News
CISA Seeks Feedback on Upcoming Product Security Flaws Guidance
CISA is asking for feedback on future guidance outlining bad security practices in product development as part of its Secure by Design initiative
NIS2 Confusion: Concerns Over Readiness as Deadline Reached
NIS2 will be enforced as of October 17, yet many organizations and even EU member states appear completely unprepared for implementation
CISA Urges Improvements in US Software Supply Chain Transparency
CISA released the third edition of SBOM guidelines to enhance software component transparency
Ethical Hackers Embrace AI Tools Amid Rising Cyber Threats
A new Bugcrowd study shows 71% of ethical hackers now see AI boosting hacking value, up from 21% in 2023
Coffee Lovers Warned of New Starbucks Phishing Scam
Phishing emails claiming to be from Starbucks are offering recipients a "free Coffee Lovers Box" in an attempt to steal personal or install malware on devices
Cyber Threats Escalating Beyond Ability to Defend, New NCSC Head Warns
New NCSC CEO Dr Richard Horne warned in a speech that there is a widening gap between escalating threats and society’s ability to defend against them
FIDO Alliance Proposes New Passkey Exchange Standard
The new set of specifications could enable users to securely move passkeys and all other credentials across providers
Experts Play Down Significance of Chinese Quantum “Hack”
DigiCert says imminent crypto threat from quantum computing has been over-hyped
UK Government Launches AI Safety Scheme to Tackle Deepfakes
New government grants for AI safety research are designed to fund work into deepfakes and other cyber risks
New ConfusedPilot Attack Targets AI Systems with Data Poisoning
Researchers have discovered a new cyber-attack method called ConfusedPilot that can manipulate AI-generated responses by injecting malicious content into documents referenced by AI systems
Darknet Activity Increases Ahead of 2024 Presidential Vote
Cyber threats surge ahead of the 2024 election, including phishing, ransomware and Darknet activity
UK: NCSC Offers Education Organizations Free Cyber Services
The service, developed in collaboration with Cloudflare and Accenture, is available for UK schools and most education service providers
Most Organizations Unprepared for Post-Quantum Threat
Most organizations are not prepared for the post-quantum threat, despite the recent publication of NIST's first three finalized post-quantum encryption standards
Microsoft: Nation-States Team Up with Cybercriminals for Attacks
Microsoft has observed nation states ramping up cooperation with cybercriminals to conduct operations in the past year
Cerberus Android Banking Trojan Deployed in New Multi-Stage Malicious Campaign
The sophisticate campaign, ErrorFather, employs keylogging, virtual networks and a domain generation algorithm to target Android users
Insurer Aims to “Clawback” BEC Losses After £1.4m Success
Coalition’s new service aims to mitigate the impact of growing UK corporate fraud losses
Eight Million Users Install 200+ Malicious Apps from Google Play
Zscaler has found more than 200 malicious apps on Google Play with over eight million installs
Telekopye Scammers Target Booking.com and Airbnb Users
Online scammers are targeting Booking.com and Airbnb users with Telekopye, a Telegram-based toolkit
CISA Urges Encryption of Cookies in F5 BIG-IP Systems
CISA urged organizations to tackle security risks from unencrypted cookies in F5 BIG-IP LTM systems
US DoD Tightens Cybersecurity Standards for Defense Contractors
The US DoD has finalized the Cybersecurity Maturity Model Certification (CMMC) Program, which defense contractors must pass to bid for government contracts
