Infosecurity News
Midnight Blizzard Spearphishing Campaign Targets Thousands with RDP Files
Microsoft has spotted a major spearphishing campaign from the Russian APT29 group using RDP for compromise
New LightSpy Spyware Targets iOS with Enhanced Capabilities
ThreatFabric researchers have discovered significant updates to the LightSpy spyware, featuring plugins designed to interfere with device functionality
Chenlun’s Evolving Phishing Tactics Target Trusted Brands
The phishing campaign targeted users via texts impersonating Amazon, linked to the threat actor Chenlun
Law Enforcement Operation Takes Down Redline and Meta Infostealers
Operation Magnus took down infrastructure used to run the Redline and Meta infostealers, widely used tools in cybercriminal activities
NIS2 Compliance Puts Strain on Business Budgets
A Veeam report found that businesses are prioritizing NIS2 compliance, with 95% of applicable firms diverting funds from other areas of the business
Suspicious Social Media Accounts Deployed Ahead of COP29
Global Witness uncovered a network of 71 suspicious accounts on X supporting the Azeri government
Five Eyes Agencies Launch Startup Security Initiative
The UK has joined forces with its Five Eyes peers to offer cybersecurity guidance to startups
ICO: 55% of UK Adults Have Had Data Lost or Stolen
The UK’s information commissioner claims most adults in the country have had their personal data exposed or compromised
Evasive Panda’s CloudScout Toolset Targets Taiwan
Evasive Panda’s CloudScout uses MgBot to steal session cookies, infiltrating and extracting cloud data from Taiwanese institutions
New Type of Job Scam Targets Financially Vulnerable Populations
The surge in job scams targets vulnerable individuals, mirroring pig butchering fraud tactics
Russian Malware Campaign Targets Ukrainian Recruits Via Telegram
Google researchers have observed Russian threat actor UNC5812 using a malware campaign via Telegram to access the devices of Ukrainian military recruits
Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland
Trend Micro’s Zero Day Initiative hands out over $1m in awards for Pwn2Own competitors, who found more than 70 zero-day flaws
AI-Powered BEC Scams Zero in on Manufacturers
Vipre research reveals that 10% of emails targeting the manufacturing sector are BEC attempts
Change Healthcare Breach Affects 100 Million Americans
Updated figures from the HHS revealed that 100 million patients have been notified that their data was breached in the Change Healthcare ransomware attack
Ukraine Warns of Mass Phishing Campaign Targeting Citizens Data
CERT-UA said the phishing campaign lures victims into downloading malware used to exfiltrate files containing sensitive personal data
Irish Data Protection Watchdog Fines LinkedIn $336m
LinkedIn violated the EU’s GDPR in how it processes its users personal data for behavioral purposes
Inequity Challenges Women in Digital Trust, But Progress is Being Made
A new ISACA study reveals that pay inequity and a lack of female leadership are significant issues noted by women in the digital trust sector
MacOS-Focused Ransomware Attempts Leverage LockBit Brand
An unidentified threat actor has attempted to develop ransomware targeting macOS devices, posing as LockBit
Lazarus Group Exploits Google Chrome Flaw in New Campaign
Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware
Penn State Settles for $1.25M Over Cybersecurity Violations
Penn State will pay $1.25m for failing federal cybersecurity standards in DoD and NASA contracts
