Infosecurity News
MacOS Native Tools Enable Stealthy Enterprise Attacks
macOS LOTL techniques bypass detection using native tools and metadata abuse
NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors from Cyber-Attacks
The UK’s cybersecurity agency said the devices will be available for purchase by organizations around the world
UK Commits £90m for Cybersecurity and Pushes for ‘Resilience Pledge’
UK unveils £90m cybersecurity funding at CYBERUK to boost SME resilience, promote Cyber Essentials and a new Cyber Resilience Pledge, sparking industry debate
Surge in Silent Subject Phishing Attacks Targets VIP Users
Null subject phishing campaigns bypass filters and target VIPs with QR code and RMM abuse
Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang
A former ransomware negotiator has pleaded guilty to abusing his position by working with noted cybercrime group BlackCat
Researchers Uncover ProxySmart Software Powering 90+ SIM Farms
Infrawatch says ProxySmart platform enables SIM farm activity at “industrial scale”
UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns
The convergence of global tensions and rapid technological change is driving a new era of cyber risk, the NCSC warns
Trojanized Android App Fuels New Wave of NFC Fraud
NGate malware abuses HandyPay app to steal NFC card data and PINs in Brazil
The Gentlemen Ransomware Expands With Rapid Affiliate Growth
Gentlemen RaaS expands quickly with multi-platform attacks and SystemBC-linked infections
Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms
Data exposure, operational disruption and financial losses among issues faced by businesses struggling with the rapid rise of AI agents, warns Cloud Security Alliance report
Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool
Cloud app developer Vercel appears to have suffered a security breach
North Korea Blamed for $290m KelpDAO Crypto Heist
North Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAO
ZionSiphon Malware Targets Water Infrastructure Systems
ZionSiphon malware targets OT water systems with sabotage and ICS scanning capabilities
Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection
Formbook attacks use combination of DLL Side-Loading and Obfuscated JavaScript to stay hidden, researchers at WatchGuard have uncovered
Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet
FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices
NCSC Outlines Coordinated Plan to Boost NHS Cyber Resilience
The National Cyber Security Centre has shared an update of its resilience-building efforts for the NHS
Crypto Exchange Grinex Blames Western Spies for $13m Theft
Russian crypto-exchange Grinex claims Western intelligence agencies were behind a $13m heist
Commercial AI Models Show Rapid Gains in Vulnerability Research
AI models are making rapid gains in vulnerability research and exploit development, raising new cybersecurity risks, a Forescout study finds
DDoS-For-Hire Services Disrupted by International Police Action in ‘Operation PowerOff’
Coordinated action by FBI, Europol and others seizes infrastructure, makes arrests – and sends warning letters to known DDoS service users
US Nationals Jailed for Operating Fake Remote Worker Laptop Farms for North Korea
US authorities jail two Americans for aiding North Korean laptop farm scams that infiltrated over 100 firms
