Infosecurity News
BreachForums Hacking Marketplace Taken Down Again
The FBI claims to have seized the domain and servers of hacking forum BreachForums
Infosecurity News
NCSC Expands Election Cybersecurity to Safeguard Candidates
The National Cyber Security Centre launches an opt-in Personal Internet Protection service to safeguard individuals from cyber threats during the upcoming election
Infosecurity News
NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stopped
Several software security experts have told Infosecurity that no new vulnerabilities have been added to the US NVD since May 9
Infosecurity News
44% of Cybersecurity Professionals Struggle with Regulatory Compliance
Infosecurity Europe research highlights significant challenges faced by organisations in staying up to speed with increasing compliance requirements
Infosecurity News
Russian Actors Weaponize Legitimate Services in Multi-Malware Attack
Recorded Future details a novel campaign that abuses legitimate internet services to deploy multiple malware variants for credential theft
Infosecurity News
Ascension Ransomware Attack Diverts Ambulances, Delays Appointments
A ransomware attack on US private healthcare provider Ascension has disrupted patient care, with several hospitals currently on diversion
Infosecurity News
Threat Actor Claims Major Europol Data Breach
A threat actor known as IntelBroker claims to be selling confidential Europol data after a May breach
Infosecurity News
#RSAC: Experts Highlight Novel Cyber Threats and Tactics
Well-funded cybercriminals are adopting more sophisticated techniques, creating a need for defenders to stay informed about the evolving threat landscape
Infosecurity News
Why Cybersecurity Professionals Have a Duty to Secure AI
Experts at the RSA Conference urged cyber professionals to lead the way in securing AI systems today and pave the way for AI to solve huge societal challenges
Infosecurity News
RSAC: How CISOs Should Protect Themselves Against Indictments
Experts at the RSA Conference discussed what CISOs can do to protect themselves against legal pressure
Infosecurity News
New 'LLMjacking' Attack Exploits Stolen Cloud Credentials
Sysdig said the attackers gained access to these credentials from a vulnerable version of Laravel
Infosecurity News
AI-Powered Russian Network Pushes Fake Political News
Researchers discover large-scale Russian influence operation using GenAI to influence voters
Infosecurity News
Three Strategies to Boost Open-Source Security
Experts at the RSA Conference discussed how governments, the open-source community and end users can work together to drastically improve the security of open-source software
Infosecurity News
#RSAC: CISA Launches Vulnrichment Program to Address NVD Challenges
CISA launched a new software vulnerability enrichment program to fill the gap left by NIST’s National Vulnerability Database backlog
Infosecurity News
Stephen Khan Receives Infosecurity Europe Hall of Fame Award
The award recognises Khan's outstanding contributions to the field and his role in shaping the cybersecurity industry
Infosecurity News
Two-Thirds of Organizations Failing to Address AI Risks, ISACA Finds
An ISACA survey found that just a third of organizations are adequately addressing security, privacy and ethical risks with AI
Infosecurity News
Decoding US Government Plans to Shift the Software Security Burden
US government officials discussed plans on how to incentivize security by design principles in the software manufacturing process during RSA
Infosecurity News
Ransomware Strikes Wichita, Services Disrupted
Online payment systems, such as those for water bills and court citations, are still offline
Infosecurity News
Three Battle-Tested Tips for Surviving a Cyber-Attack
CISOs share their experience of managing real-life cyber incidents provide their recommendations to survive cyber-attacks
Infosecurity News
#RSAC: Threat Actors Weaponizing Hacktivism for Financial Gain
Recorded Future’s Alexander Leslie highlights the increasingly blurred lines between hacktivism, financial cybercrime and nation-state activities during the RSA Conference 2024
Infosecurity News
70% of Businesses Prioritize Innovation Over Security in Generative AI
An IBM report found that most organizations are exposing themselves to security risks when implementing generative AI tools
Infosecurity News
Infosecurity Europe Keynote: Building Strong Teams and Driving Change
Join Claire Williams at Infosecurity Europe to learn how F1 leadership strategies can inspire cybersecurity leaders
Infosecurity News
Disinformation: EU Opens Probe Against Meta Ahead of Election
Meta’s moderation failings could allow coordinated disinformation campaigns to thrive in the run-up to the EU election
Infosecurity News
High Performance Podcast Duo to Unveil Secrets of Success at Infosec
Jake Humphrey and Professor Damian Hughes, the minds behind the High Performance Podcast, share their top non-negotiable behaviours for success in cybersecurity
Infosecurity News
US Congress Passes Bill to Ban TikTok
The bill that could see TikTok banned in the US has been approved by the House of Representatives and the Senate
Infosecurity News
Leeds Talent Pool Attracts BlueVoyant’s First UK SOC
The proximity of organizations’ headquarters, like Asda’s and NHS England’s, prompted BlueVoyant to choose Leeds as the location for its first UK SOC
Infosecurity News
CISA Urges Immediate Credential Reset After Sisense Breach
The breach affecting business analytics provider Sisense could lead to a wide-scale supply chain attack
Infosecurity News
Women Experience Exclusion Twice as Often as Men in Cybersecurity
A WiCyS report detailed the causes of disparities in the experiences of women working in cybersecurity compared to men, including respect and exclusion
Infosecurity News
Why Identity Management is Key in a Cyber Resilience Strategy
For the fourth edition of Identity Management Day, the Identity Defined Security Alliance shared staggering numbers on the boom of identity-related cyber incidents
Infosecurity News
Deepfake Expert Henry Ajder to Keynote Infosecurity Europe 2024 on AI
Infosecurity Europe 2024 will feature a keynote presentation by deepfake expert Henry Ajder, exploring the implications of generative AI on cybersecurity
SC Magazine
NIST's backlog of vulnerability analysis blamed on lack of support
NIST says it has asked partner agencies for assistance as it works on a long-term solution to keeping the vital CVE database up to date.
Infosecurity News
NIST Unveils New Consortium to Manage the NVD
After months of speculation, NIST has finally confirmed its intention to establish an industry consortium to develop the NVD in the future
Infosecurity News
UK Blames China for 2021 Hack Targeting Millions of Voters' Data
The UK’s NCSC assesses that China-backed APT31 was “almost certainly” responsible for hacking the email accounts of UK parliamentarians
Infosecurity News
Three New Critical Vulnerabilities Uncovered in Argo
The flaws, identified by KTrust, enable attackers to bypass rate limits and brute force protection mechanisms
Infosecurity News
NIST NVD Disruption Sees CVE Enrichment on Hold
Vulnerability data has stopped being added to the most widely used software vulnerability database for over a month, putting organizations at risk – and nobody knows why
Infosecurity News
Google to Restrict Election-Related Answers on AI Chatbot Gemini
The new restriction to Google’s AI chatbot was first implemented in India, which holds elections in April, before being rolled across other nations
Infosecurity News
Three-Quarters of Cyber Incident Victims Are Small Businesses
Three-quarters of cyber-incidents Sophos responded to involved small businesses in 2023, with attackers’ main goal being data theft
Infosecurity News
Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign
Darktrace reveals a novel phishing campaign where attackers leveraged legitimate Dropbox infrastructure to steal credentials before bypassing MFA
Infosecurity News
TimbreStealer Malware Targets Mexican Victims with Tax-Related Lures
The maker of the Mispadu Trojan started distributing a new infostealer with financial lures to Mexican users, Cisco Talos found
Infosecurity News
UK Unveils Draft Cybersecurity Governance Code
The UK government provided a preview of its future Cybersecurity Governance Code of Practice, which aims to be the go-to cyber guideline for UK businesses
Infosecurity News
UK ICO Vows to Safeguard Privacy in AI Era
UK Information Commissioner John Edwards explains how the ICO is working to provide clarity around the lawful use of AI
Infosecurity News
Cyber Espionage France’s Top Threat Ahead of 2024 Paris Olympics
Ransomware and destabilization attacks rose in 2023, yet France’s ANSSI is most concerned about a diversification of cyber espionage campaigns
Infosecurity News
Operation Cronos: Who Are the LockBit Admins
Law enforcement agencies involved in Operation Cronos have announced they have been in contact with the LockBit kingpin aka LockbitSupp
Infosecurity News
OWASP Releases Security Checklist Generative AI Deployment
The OWASP Foundation provides new guidelines to deploy secure-by-design LLM use cases
Infosecurity News
Businesses Increase Cybersecurity as Budgets Surge in 2024
Over two-thirds of IT decision-makers increase cybersecurity budgets in 2024, prioritizing cloud security and incident response as cyber threats escalate
Infosecurity News
Exclusive: eSentire Confirms Rhysida Ransomware Victims
Since emerging in May 2023, the group claims to have victimized 77 companies and public institutions
Infosecurity News
LockBit Ransomware Takedown: What You Need to Know about Operation Cro
What businesses should know about Operation Cronos and LockBit, one of the largest ransomware takedowns in history
Infosecurity News
New Ivanti Vulnerability Observed as Widespread Security Concerns Grow
After discovering a new vulnerability impacting its Connect Secure, Policy Secure, and ZTA gateways, Ivanti is under fire for poor security practices
Infosecurity News
GoldPickaxe Trojan Uses Biometric Data and Deepfake Tech to Scam Banks
Group-IB warns of new Trojan GoldPickaxe designed to bypass banking facial recognition with deepfakes
Infosecurity News
Southern Water Notifies Customers and Employees of Data Breach
UK utilities firm Southern Water has informed 5-10% of its customer base that their personal data has been accessed following a ransomware attack in January
Infosecurity News
AI-Powered Robocalls Banned Ahead of US Election
US companies using AI-generated voices during a call without prior consent could receive fines of up to $23,000 per call
Infosecurity News
20 Years of Facebook, but Trust in Social Media Remains Rock Bottom
Facebook and other social media companies struggle with trust, with only 6% globally comfortable sharing personal data, according to a 2024 Thales survey
Infosecurity News
Latest Ivanti Zero Day Exploited By Scores of IPs
Shadowserver Foundation spots 170 distinct IP addresses trying to exploit Ivanti zero-day CVE-2024-21893
Infosecurity News
Wizz Removed from Apple and Google Stores for Sextortion Concerns
The Tinder-like app has countered claims of being a hot spot for sextortion scammers
Infosecurity News
US Thwarts Volt Typhoon Espionage Campaign Through Router Disruption
US government agencies took down the botnet of Chinese APT Volt Typhoon, used to target critical infrastructure for nation-state espionage
DarkReading
Dubai Cyber Force Names First Accredited Companies
The initiative has named the first eight companies approved to cyber-secure the Dubai government.
Infosecurity News
Citibank Sued For Failing to Protect Fraud Victims
New York attorney general launches legal case against Citi for failing to reimburse or protect fraud victims
Infosecurity News
ChatGPT Cybercrime Surge Revealed in 3000 Dark Web Posts
Kaspersky said cybercriminals are exploring schemes to implement ChatGPT in malware development
Infosecurity News
OpenAI Announces Plans to Combat Misinformation Amid 2024 Elections
OpenAI will implement a provenance standard into DALL-E 3 and link ChatGPT to an authoritative election website in the US
Infosecurity News
75% of Organizations Hit by Ransomware in 2023
Veeam found that 75% of organizations suffered at least one ransomware attack last year, with 26% hit four or more times
Infosecurity News
LastPass Enforces 12-Character Master Passwords
Password manager provider LastPass has started implementing stricter password measures for its customers
Infosecurity News
Healthcare Provider ESO Hit in Ransomware Attack, 2.7 Million Impacted
The breach, which unfolded on September 28, compelled ESO to shut down systems temporarily
Infosecurity News
BlackCat Rises: Infamous Ransomware Gang Defies Law Enforcement
BlackCat ransomware resurfaces after FBI takedown attempt, defying law enforcement takedown
Infosecurity News
Qakbot’s Low-Volume Resurgence Targets Hospitality
Researchers observed malicious files advancing through email, PDF, URL and MSI
Infosecurity News
Cozy Bear Hackers Target JetBrains TeamCity Servers in Global Campaign
The FBI and CISA detected that hackers linked to the Russian foreign intelligence service (SVR) have been targeting a JetBrains TeamCity vulnerability since September 2023
Infosecurity News
Russia Set to Ramp Up Attacks on Ukraine’s Allies This Winter
Russian cyber campaigns aim to disrupt Western allies’ ability and motivation to support Ukraine’s war effort
Infosecurity News
EU Reaches Agreement on AI Act Amid Three-Day Negotiations
The landmark bill will regulate the use of generative AI models like ChatGPT and AI systems used by governments and law enforcement
Infosecurity News
Manufacturing Top Targeted Industry in Record-Breaking Cyber Extortion
Orange Cyberdefense’s Security Navigator listed the manufacturing sector as number one for both detected cyber incidents and confirmed cyber-attacks
Infosecurity News
Booking.com Customers Scammed in Novel Social Engineering Campaign
The sophisticated campaign has led to customers having their money stolen by cybercriminals
Infosecurity News
Deepfake Digital Identity Fraud Surges Tenfold, Sumsub Report Finds
AI-powered tools are among the top fraud techniques used by threat actors in 2023, according to Sumsub’s third annual Identity Fraud Report
Infosecurity News
General Electric Investigates Alleged DARPA Breach
IntelBroker claims to be selling sensitive military data
CyberSecurity Dive
The top cybersecurity events and conferences in 2024, according to security pros
Which security conferences are teams prioritizing in 2024? A new report reveals the 7 most popular events in the cybersecurity calendar.
DataBreaches
Denmark Hit With Largest Cyberattack on Record
Chris Riotta reports: Hackers potentially linked to the Russian GRU Main Intelligence Directorate carried out a series of highly coordinated cyberattacks...
Infosecurity News
New Kamran Spyware Targets Urdu-Speaking Users in Pakistan
ESET said the attack affects Android users accessing the Urdu version of the Hunza News website
Infosecurity News
The People Hacker: AI a Game-Changer in Social Engineering Attacks
Jenny Radcliffe talks to Infosecurity about the changing nature of social engineering scams and the threats posed by AI
Infosecurity News
AI Safety Summit: OWASP Urges Governments to Agree on AI Standards
The OWASP Foundation has released a call to action ahead of the UK’s AI Safety Summit
Infosecurity News
Cyber Skills Gap Reaches 4 Million, Layoffs Hit Security Teams
ISC2’s CEO says the c-suite appears to be more concerned with economic risk than cyber risk
Infosecurity News
Generative AI A Boon for Organizations Despite the Risk
Experts highlighted the ways generative AI tools can help security teams, and how to mitigate the risks they pose
Infosecurity News
CISO Best Practices for Managing Cyber Risk
Two leading CISOs provide best practice tips for CISOs on undertaking a sustainable cyber risk management program
Infosecurity News
Humans Need to Rethink Trust in the Wake of Generative AI
Generative AI poses a high risk of misinformation and disinformation, according to ISACA survey, with 77% of professionals saying it is the top concern
Infosecurity News
AI to Create Demand for Digital Trust Professionals, ISACA Survey Find
Most digital trust professionals believe AI will have a positive impact on their jobs, and 23% think the number of jobs could increase because of AI
Infosecurity News
ICC: September Breach Was Espionage Raid
War crimes court warns of persistent attacks
Infosecurity News
ISACA CEO Hails Europe as a Lighthouse of Capability
ISACA's new CEO highlights growth of its European membership as the Association works on an aggressive growth strategy
Infosecurity News
Rising AI-Fueled Phishing Drives Demand for Password Alternatives
FIDO Alliance’s Online Authentication Barometer showed that AI-powered phishing is prompting users to switch passwords for MFA
Infosecurity News
Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict
Hacktivists claim DDoS attacks against Israeli websites as cybersecurity experts urge caution in believing these cyber-criminals’ claims
Infosecurity News
European Police Hackathon Hunts Down Traffickers
Many recruit victims on social media, says Europol
Infosecurity News
Air Europa Asks Customers to Cancel Cards After Breach
Spanish airline did not disclose scale of the attack
Infosecurity News
Google Bug Bounty Program Expands to Chrome V8, Google Cloud
Google has launched capture the flag (CTF) competitions focused on Chrome’s V8 JavaScript engine and Google Cloud’s kernel-based virtual machine (KVM)
Infosecurity News
Qakbot Gang Still Active Despite FBI Takedown
Cisco Talos found new evidence that Qakbot-affiliated actors were still distributing ransomware despite the August FBI takedown of the threat group
DataBreaches
Record Numbers of Ransomware Victims Named on Leak Sites
James Coker reports: The number of victims named on ransomware leak sites reached “unprecedented levels” in the four months from March to June 2023,...
DataBreaches
The First Judicial Circuit of Florida dealing with significant infosecurity incident
As seen on the website of The First Judicial Circuit of Florida: The First Judicial Circuit has experienced an information technology security event that is...
Infosecurity News
Data Theft Overtakes Ransomware as Top Concern for IT Decision Makers
A recent survey conducted by Integrity 360 shows that data theft has overtaken ransomware as a top concern for some IT decision makers
Infosecurity News
Leading CISO Creates Model for Ransomware Payment Decisions
Lorraine Dryland discusses how to help executives make fast and informed decisions when presented with a ransomware demand
Infosecurity News
Web3 Platform Mixin Network Hit by $200m Crypto Hack
The decentralized finance network has suspended deposits and withdrawals after what could be one of the biggest cyber-attacks on cryptocurrency projects
DataBreaches
Audits of New York schools and the State Education Department reveal ongoing significant concerns
In May, the NYS Comptroller’s Office released an audit conducted to determine if the New York State Education Department (SED) consistently follows all...
Infosecurity News
#mWISE: Why Zero Days Are Set for Highest Year on Record
Experts at the mWISE conference discussed who is behind the surge in zero-day exploits
Infosecurity News
UK-US Confirm Agreement for Personal Data Transfers
The agreement, which represents an extension to the EU-US Data Privacy Framework, will enable the free flow of personal data between the UK and US
Infosecurity News
#mWISE: US to Implement Game-Changing Cyber Mandates on Medical Device
A new legal requirement for medical devices in the US will introduce the first-ever SBOM mandate for the consumer market
Infosecurity News
#mWISE: Chinese Cyber Power Bigger Than the Rest of the World Combined
China is sponsoring not just ever more highly sophisticated espionage campaigns, but also venturing into cybercrime and disinformation
Infosecurity News
Threat Actor Claims Major TransUnion Customer Data Breach
Database compromise dates back to March 2022
Loading more articles....