Bronze President spies on Russian targets as Ukraine invasion continues
Bronze President has potentially shifted from Asia to focus on Russia as the invasion of Ukraine continues. Also known as Mustang Panda, TA416, or RedDelta, the Chinese cyberespionage group has
Research points to a Chinese hacking effort targeting a Russian border unit
Written by AJ Vicens Apr 27, 2022 | CYBERSCOOP The Chinese government hacking group seen targeting European governments and non-governmental organizations in early March may have also been going after
Coca-Cola Investigates Hacker Data Theft Allegations
Stormous has been engaging in ransomware attacks against western companies. The gang made its first public appearance in January 2022 with an assault on a French corporation. Following that incident, the
State of Ransomware Report 2022: 66% Organizations Hit in 2021
Around two-thirds (66%) of organizations were hit by a ransomware attack in 2021, surging from 37% in 2020Read More: https://www.infosecurity-magazine.com/news/state-of-ransomware-report-22/
Coca-Cola Investigates Data Breach Claim
Ransomware group Stormous claims it has stolen 161GB of data from the soft drinks giantRead More: https://www.infosecurity-magazine.com/news/coca-cola-investigates-data-breach/
UK Schools Can Sign-Up to Free Government-Grade Security
Web and email security services are provided by GCHQRead More: https://www.infosecurity-magazine.com/news/uk-schools-free-governmentgrade/
Nimbuspwn Linux Bugs Could Provide Root Access
Microsoft-discovered vulnerabilities have now been resolvedRead More: https://www.infosecurity-magazine.com/news/nimbuspwn-linux-bugs-could-provide/
US Offers $10m for Russian NotPetya Sandworm Team
Military officers were indicted for the campaign in 2020Read More: https://www.infosecurity-magazine.com/news/us-10m-russian-notpetya-sandworm/
DJI temporarily suspends operations in Russia and Ukraine
Written by Chris Duckett, APAC Editor Chris Duckett APAC Editor Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer.
Google begins roll out of Play Store data safety section
Google has commenced the roll out of its new data safety section for Android users on the Play Store. The new section will require app developers to inform users on
Critical RCE Vulnerability Reported in Google’s VirusTotal
The vulnerability that existed for the last 8 months allowed attackers to weaponize the VirusTotal platform to achieve remote code execution on an unpatched 3rd party sandboxing machine employing anti-virus
Ransomware Attacks: Everything You Need to Know
Learn everything there is to know about ransomware attacks. We cover the definition, statistics, and ransomware protection. Even though it ends with a ransom, ransomware attacks are a bit different
Data Breach Disrupts UK Army Recruitment
British Army online recruitment system down since March following data breach Read More: https://www.infosecurity-magazine.com/news/data-breach-disrupts-uk-army/
New Scam Utilizing AI-Generated Images to Represent Fake Law Firm
Hackread.com earlier reported a website designed by software engineer Philip Wang that can create realistic faces of people who don’t even exist simply by clicking the Refresh button. Non-Existent People
Emotet Tests New TTPs
Botnet’s operators spotted spring cleaning its delivery tactics, techniques and procedures Read More: https://www.infosecurity-magazine.com/news/emotet-tests-new-ttps/
Siloed Tech Prompts Security Worries
IT leaders fear fragmented tech management could increase cyber risk Read More: https://www.infosecurity-magazine.com/news/siloed-tech-prompts-security/
Quarterly Report: Incident Response trends in Q1 2022
Ransomware continues as the top threat, while a novel increase in APT activity emerges By Caitlin Huey. Ransomware was still the top threat Cisco Talos Incident Response (CTIR) saw in
Firms Push for CVE-Like Cloud Bug System
Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk. Big gaps exist in the 22-year-old Common Vulnerability and Exposures (CVE) system that do not address dangerous
The Emotet botnet is back, and it has some new tricks to spread malware
A prolific botnet has reemerged with new techniques to infect Windows PC with malware. Once described as the most dangerous malware botnet in existence, Emotet helped cyber criminals to distribute
Group behind Emotet botnet malware testing new methods to get around Microsoft security
Written by AJ Vicens Apr 26, 2022 | CYBERSCOOP The hackers behind Emotet — one of the longest-tenured and most prolific malware variants dating back to 2014 — have been
Nation-state Hackers Target Journalists with Goldbackdoor Malware
A campaign by APT37 used a sophisticated malware to steal information about sources , which appears to be a successor to Bluelight. Sophisticated hackers believed to be tied to the
Cyber Reporting: New Legislation Impacts US Banks
As we all learned, cyberattacks on any type of organization can have serious consequences. Cyber incidents that impact computer systems and the theft of personal, financial, or other confidential information
The White House wants more powers to crack down on rogue drones
The White House has laid out its plans to give more authorities the power to respond to nefarious drone activity. The administration says while drones – or unmanned aircraft systems
And the Winner Is… You: How to Apply for Industry Awards to Boost Your Business
One of the most overlooked ways to help your business is to apply for—and hopefully win—awards presented by your partners, community or industry. It’s a great marketing tactic that can
Inside a ransomware incident: How a single mistake left a door open for attackers
A security vulnerability that was left unpatched for three years allowed a notorious cyber-criminal gang to breach a network and plant ransomware. The BlackCat ransomware attack against the undisclosed organisation took
Security Teams Should Be Addressing Quantum Cyber-Threats Now
Organizations should move toward post-quantum cryptography now to counter upcoming quantum cyber-threatsRead More: https://www.infosecurity-magazine.com/news/security-teams-quantum-cyber/
Two More Indicted Over North Korea Sanctions Evasion Plot
Brit and Spaniard face 20 years behind bars if found guiltyRead More: https://www.infosecurity-magazine.com/news/two-indicted-north-korea-sanctions/
French Hospitals Cut Internet Connection After Data Raid
Attackers try to extort healthcare group onlineRead More: https://www.infosecurity-magazine.com/news/french-hospitals-cut-internet/
How Cybersecurity Businesses are Tackling the Ukraine War: CyberNews Exclusive Interview
Copenhagen, April 26, 2022 – To discuss what the war in Ukraine will bring to the cybersecurity industry, Heimdal™ CEO Morten Kjærsgaard sat down with CyberNews, a leading research-based online publication that
Bored Ape Yacht Club Customers Lose $3m in NFT Scam
Seller’s Instagram account was hijacked by fraudstersRead More: https://www.infosecurity-magazine.com/news/bored-ape-yacht-club-3m-nft-scam/
Bored Ape Yacht Club Instagram takeover sees around $3 million in NFTs sail away
Written by Chris Duckett, APAC Editor Chris Duckett APAC Editor Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer.
Clarifying Hacking with XSS
Clarifying Hacking with XSS April 26, 2022 Offensive Security This post first appeared on April 17, 2022 and is republished with permission from the author. Disclaimer: The ideas below are
Lapsus$ Strikes Again- Steals T-Mobile’s Source Code and Systems Data
T-Mobile has acknowledged the breach which occurred before police arrested some of the Lapsus$ members last month. The infamous Lapsus$ hacking group managed to steal T-Mobile’s source code in March
Kansas Hospital Discloses Data Breach
Email accounts compromised for nearly a year in breach impacting 52,224 people Read More: https://www.infosecurity-magazine.com/news/kansas-hospital-data-breach/
Costa Rica Refuses to Pay Cyber Ransom
No payment for gang who infected Costa Rican government computer systems with ransomwareRead More: https://www.infosecurity-magazine.com/news/costa-rica-refuses-to-pay-ransom/
VMWare Identity Manager Attack: New Backdoor Discovered
Morphisec is a world leader in preventing evasive polymorphic threats launched from zero-day exploits. On April 14 and 15, Morphisec identified exploitation attempts for a week-old VMware Workspace ONE Access
CSAM Creator Imprisoned for Life
Life sentence for Californian who made child sexual abuse material and shared it online Read More: https://www.infosecurity-magazine.com/news/csam-creator-imprisoned-for-life/
Hack DHS: Homeland Security's first bug bounty turns up 122 vulnerabilities
The US Department of Homeland Security (DHS)’s first bug bounty with external researchers called “Hack DHS” helped discover 122 vulnerabilities. DHS announced the Hack DHS bounty in December and in
Lapsus$ Hackers Target T-Mobile
No government and customer data was accessed. T-Mobile confirmed that the extortion group Lapsus$ gains access to their system “several weeks ago”. The telecom giant responded to a report by
Brazil sees improvement in data breaches
Written by Angelica Mari, Contributing Editor Angelica Mari Contributing Editor Angelica Mari is a Brazil-based technology journalist. She started working at age 15 as a computer instructor and started writing
ATT&CK Goes to v11
Read More: https://medium.com/mitre-attack/attack-goes-to-v11-599a9112a025?source=rss—-6da19bd08fba—4
Crooks Spoofing Credit Unions to Steal Funds and Login Credentials
Email security provider Avanan revealed in a Thursday report that a new phishing campaign exploits local credit unions to steal money and data. According to Avanan’s research, phishing emails are
Researcher Spotlight: Liz Waddell, CTIR practice lead
How this Talos team member’s love of true crime led to a life in cybersecurity By Jon Munshaw. Liz Waddell is usually there on someone’s worst day of their professional
This sneaky phishing attack tries to steal your Facebook password
A sneaky phishing campaign aims to steal passwords from Facebook users – including administrators of company Facebook Pages. Detailed by cybersecurity researchers at Abnormal Security, the attack begins with a
FBI: This ransomware written in the Rust programming language has hit at least 60 targets
The BlackCat ransomware gang, known for being the first to use ransomware written in the Rust programming language, has compromised at least 60 organizations worldwide since March 2022, the Federal
Deep Dive into the Elephant Framework – A New Cyber Threat in Ukraine
At the beginning of the invasion of Ukraine, we released a security advisory with recommendations based on different risk tiers. Since then, our Threat Intelligence (TI) and Managed Detection and
Spanish Ombudsman to Probe Pegasus Spyware Claims
Allegations are government snooped on Catalan politiciansRead More: https://www.infosecurity-magazine.com/news/spanish-ombudsman-probe-pegasus/
FCA: Challenger Banks Failing to Spot Money Launderers
Financial controls lacking in many cases, regulator warnsRead More: https://www.infosecurity-magazine.com/news/fca-challenger-banks-launderers/