Category: Privacy/Governance Feed

New Linux malware WolfsBane and FireWood have been linked to Gelsemium APT, a cyber-espionage group targeting critical systems    – Read More  –  

Group-IB revealed key differences in VietCredCare and DuckTail infostealer malware targeting Facebook Business accounts    – Read More  –  

One of these flaws detected using LLMs was in the widely used OpenSSL library    – Read More  –  

The BianLian ransomware group has shifted exclusively to exfiltration-based extortion and is deploying multiple new TTPs for initial access and persistence    – Read More  –  

Spreading malware via Telegram channels allows threat actors to bypass traditional detection mechanisms and reach a broad, unsuspecting audience    – Read More  –  

Over a fifth of large UK businesses aren’t sure of their compliance responsibilities under the new NIS2 directive    – Read More  –  

Five men have been indicted in connection with crimes committed by the Scattered Spider group    – Read More  –  

Five LPE flaws in Ubuntu’s needrestart utility enable attackers to gain root access in versions prior to 3.8    – Read More  –  

60% of QR code emails are spam according findings from Cisco Talos, who also identified attackers using QR code art to bypass security filters    – Read More  –  

CrowdStrike unveiled a new Chinese-aligned hacking group allegedly spying on telecom providers    – Read More  –  

Apple has urged customers to download the security updates, which address vulnerabilities relating to the JavaScriptCore and WebKit frameworks    – Read More  –  

OWASP has updated its Top 10 list of risks for LLMs and GenAI, upgrading several areas and introducing new categories    – Read More  –  

Aqua Security has observed threat actors using compromised Jupyter servers in a bid to illegally stream sporting events    – Read More  –  

Entrust claims deepfakes are driving a surge in digital identity fraud    – Read More  –  

Ransomware groups are targeting weekends and holidays to exploit understaffed security teams in order to get the best chance of a pay day    – Read More  –  

Easterly and her Deputy Director Nitin Natarajan are expected to leave office before President-elect Trump names a new leadership    – Read More  –  

T-Mobile was hit by Salt Typhoon, a Chinese cyber-espionage group targeting US and global telecom firms    – Read More  –  

Helldown ransomware has expanded its reach to target Linux and VMware systems, exploiting Zyxel firewall vulnerabilities and exfiltrating data    – Read More  –  

Palo Alto advised users to patch urgently as the vulnerability is critical and actively exploited in the wild    – Read More  –  

Ransomware groups are recruiting pen testers from the dark web to expand their operations, as revealed by Cato Network’s Q3 2024 SASE Threat Report    – Read More  –  

A Russian national suspected of involvement in Phobos ransomware has appeared in court in the US    – Read More  –  

Fastly claims global organizations are taking 25% longer than expected to recover from security incidents    – Read More  –  

Switzerland’s National Cyber Security Centre has warned of a new QR code scam in fake MeteoSwiss letters spreading Android malware    – Read More  –  

Proofpoint researchers have observed the growing use of the ClickFix social engineering tactic, which lures people into running malicious content on their computer    – Read More  –  

A phishing email claims to be from the New York Times with a story about an assassination attempt against President-elect Donald Trump    – Read More  –  

Phishing attacks using DocuSign impersonations targeting state agencies have surged 98% since Nov 8    – Read More  –  

BeaverTail malware has been used to target tech job seekers through fake recruiters, Palo Alto Networks’ Unit 42 has found    – Read More  –  

The US Federal Trade Commission is celebrating a halving of unwanted telemarketing and scam calls since 2021    – Read More  –  

The UK’s National Cyber Security Centre is urging shoppers to stay safe this Christmas after revealing they lost £11.5m to fraudsters in 2023    – Read More  –  

The security provider has elevated its warning about a vulnerability affecting firewall management interfaces after observing active exploitation    – Read More  –  

Ilya Lichtenstein hacked into the cryptocurrency exchange in 2016 and stole around 120,000 bitcoins    – Read More  –  

The new vulnerability was named “FortiJump Higher” due to its similarity with the “FortiJump” vulnerability discovered in October    – Read More  –  

SentinelOne described some of ransomware groups’ favorite techniques for targeting cloud services    – Read More  –  

Post Content    – Read More  –  

Over 1 million domains are vulnerable to “Sitting Ducks” attack, which exploits DNS misconfigurations    – Read More  –  

Misconfigurations in Microsoft Power Pages granting excessive access permissions expose sensitive data, risking PII to unauthorized users    – Read More  –  

The FBI and CISA have confirmed that US officials’ private communications have been compromised    – Read More  –  

Over 80% of UK organizations suffered an API security incident in the past year, with each costing over £400,000    – Read More  –  

The UK’s financial regulators have discarded plans to force critical suppliers to disclose new vulnerabilities    – Read More  –  

Hive0145 is targeting Spain, Germany, Ukraine with Strela Stealer malware in invoice phishing tactic    – Read More  –  

2025 could see our biggest AI fears materialize, according to a Google Cloud forecast report    – Read More  –  

Lazarus APT has been found smuggling malware onto macOS devices using custom extended attributes, evading detection    – Read More  –  

An individual who posted data allegedly stolen via MOVEit from Amazon and other big-name firms claims not to be malicious    – Read More  –