Infosecurity News

  1. MacOS Native Tools Enable Stealthy Enterprise Attacks

    macOS LOTL techniques bypass detection using native tools and metadata abuse

  2. NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors from Cyber-Attacks

    The UK’s cybersecurity agency said the devices will be available for purchase by organizations around the world

  3. UK Commits £90m for Cybersecurity and Pushes for ‘Resilience Pledge’

    UK unveils £90m cybersecurity funding at CYBERUK to boost SME resilience, promote Cyber Essentials and a new Cyber Resilience Pledge, sparking industry debate

  4. Surge in Silent Subject Phishing Attacks Targets VIP Users

    Null subject phishing campaigns bypass filters and target VIPs with QR code and RMM abuse

  5. Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang

    A former ransomware negotiator has pleaded guilty to abusing his position by working with noted cybercrime group BlackCat

  6. Researchers Uncover ProxySmart Software Powering 90+ SIM Farms

    Infrawatch says ProxySmart platform enables SIM farm activity at “industrial scale”

  7. UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns

    The convergence of global tensions and rapid technological change is driving a new era of cyber risk, the NCSC warns

  8. Trojanized Android App Fuels New Wave of NFC Fraud

    NGate malware abuses HandyPay app to steal NFC card data and PINs in Brazil

  9. The Gentlemen Ransomware Expands With Rapid Affiliate Growth

    Gentlemen RaaS expands quickly with multi-platform attacks and SystemBC-linked infections

  10. Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms

    Data exposure, operational disruption and financial losses among issues faced by businesses struggling with the rapid rise of AI agents, warns Cloud Security Alliance report

  11. Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool

    Cloud app developer Vercel appears to have suffered a security breach

  12. North Korea Blamed for $290m KelpDAO Crypto Heist

    North Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAO

  13. ZionSiphon Malware Targets Water Infrastructure Systems

    ZionSiphon malware targets OT water systems with sabotage and ICS scanning capabilities

  14. Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection

    Formbook attacks use combination of DLL Side-Loading and Obfuscated JavaScript to stay hidden, researchers at WatchGuard have uncovered

  15. Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet

    FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices

  16. NCSC Outlines Coordinated Plan to Boost NHS Cyber Resilience

    The National Cyber Security Centre has shared an update of its resilience-building efforts for the NHS

  17. Crypto Exchange Grinex Blames Western Spies for $13m Theft

    Russian crypto-exchange Grinex claims Western intelligence agencies were behind a $13m heist

  18. Commercial AI Models Show Rapid Gains in Vulnerability Research

    AI models are making rapid gains in vulnerability research and exploit development, raising new cybersecurity risks, a Forescout study finds

  19. DDoS-For-Hire Services Disrupted by International Police Action in ‘Operation PowerOff’

    Coordinated action by FBI, Europol and others seizes infrastructure, makes arrests – and sends warning letters to known DDoS service users

  20. US Nationals Jailed for Operating Fake Remote Worker Laptop Farms for North Korea

    US authorities jail two Americans for aiding North Korean laptop farm scams that infiltrated over 100 firms

Why Not Watch?

  1. Securing M365 Data and Identity Systems Against Modern Adversaries

  2. How To Enhance Security Operations with AI-Powered Defenses

  3. How Trusted Time Strengthens Network Security

  4. How to Recover From a Cyber-Attack: A Step-by-Step Playbook

What’s Hot on Infosecurity Magazine?