Category: Privacy/Governance Feed

A pro-Russian hacktivist collective, CyberVolk, has launched its own ransomware-as-a-service operations, SentinelLabs has found    – Read More  –  

Russia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks    – Read More  –  

The UK’s Nuclear Decommissioning Authority has opened a new hub dedicated to cybersecurity knowledge sharing    – Read More  –  

The Interpol-led Operation Serengeti has resulted in the arrest of 1000 suspects across Africa    – Read More  –  

DDoS campaign by Matrix targets IoT devices and servers, exploiting weak credentials and public scripts    – Read More  –  

Wirral University Teaching Hospital has cancelled outpatient appointments as it responds to a cybersecurity incident    – Read More  –  

Cybercriminals are ramping up scams via darknet marketplaces, selling phishing kits for $100-$1000    – Read More  –  

A Trend Micro analysis of Earth Estries found that the Chinese threat actor is using new backdoors to avoid detection during espionage operations    – Read More  –  

Supply chain management provider Blue Yonder confirmed it was hit by ransomware attack    – Read More  –  

Some 35% of global organizations report challenges monitoring use of non-approved AI tools    – Read More  –  

Cifas figures reveal scammers stole over £11bn from UK consumers in the past 12 months    – Read More  –  

New York State has agreed a $11.3m settlement from two insurance firms following the breach of the personal data of over 120,000 drivers in the state    – Read More  –  

Zscaler’s latest report finds 54.5% of IoT attacks target manufacturing, with the industry suffering more than three times the weekly attacks of other sectors    – Read More  –  

npm package @lottiefiles/lottie-player hacked with malicious code, draining crypto wallets via web3 pop-ups    – Read More  –  

Google’s threat intelligence team uncovered four Chinese PR firms operating networks of inauthentic news sites    – Read More  –  

UK Minister Pat McFadden will say in a speech at a NATO conference that adversaries are looking at using AI on the physical and cyber battlefield    – Read More  –  

Meta has closed down two million accounts it says were used in scams such as pig butchering    – Read More  –  

The UK’s Information Commissioner’s Office argues that regulatory concerns shouldn’t prevent firms sharing data to stop scams    – Read More  –  

Microsoft has seized 240 websites associated with the “ONXX” phishing-as-a-service operation, and has sued the developer of this service    – Read More  –  

Russian-aligned TAG-110 uses custom tools to spy on governments, human rights groups and educational institutions in Europe and Asia    – Read More  –  

Bitdefender found that 77% of Black Friday-themed spam emails in 2024 have been identified as scams, with attackers becoming more creative in their campaigns    – Read More  –  

Corvus Insurance highlighted the growing complexity and competition within the ransomware ecosystem, with the threat level remaining elevated    – Read More  –  

The 25 most dangerous software weaknesses between June 2023 and June 2024 are responsible for almost 32,000 vulnerabilities    – Read More  –  

Phishing attacks, business email compromise and vendor email compromise attacks on manufacturing have surged in the past 12 months    – Read More  –  

New Linux malware WolfsBane and FireWood have been linked to Gelsemium APT, a cyber-espionage group targeting critical systems    – Read More  –  

Group-IB revealed key differences in VietCredCare and DuckTail infostealer malware targeting Facebook Business accounts    – Read More  –  

One of these flaws detected using LLMs was in the widely used OpenSSL library    – Read More  –  

The BianLian ransomware group has shifted exclusively to exfiltration-based extortion and is deploying multiple new TTPs for initial access and persistence    – Read More  –  

Spreading malware via Telegram channels allows threat actors to bypass traditional detection mechanisms and reach a broad, unsuspecting audience    – Read More  –  

Over a fifth of large UK businesses aren’t sure of their compliance responsibilities under the new NIS2 directive    – Read More  –  

Five men have been indicted in connection with crimes committed by the Scattered Spider group    – Read More  –  

Five LPE flaws in Ubuntu’s needrestart utility enable attackers to gain root access in versions prior to 3.8    – Read More  –  

60% of QR code emails are spam according findings from Cisco Talos, who also identified attackers using QR code art to bypass security filters    – Read More  –  

CrowdStrike unveiled a new Chinese-aligned hacking group allegedly spying on telecom providers    – Read More  –  

Apple has urged customers to download the security updates, which address vulnerabilities relating to the JavaScriptCore and WebKit frameworks    – Read More  –  

OWASP has updated its Top 10 list of risks for LLMs and GenAI, upgrading several areas and introducing new categories    – Read More  –  

Aqua Security has observed threat actors using compromised Jupyter servers in a bid to illegally stream sporting events    – Read More  –  

Entrust claims deepfakes are driving a surge in digital identity fraud    – Read More  –  

Ransomware groups are targeting weekends and holidays to exploit understaffed security teams in order to get the best chance of a pay day    – Read More  –  

Easterly and her Deputy Director Nitin Natarajan are expected to leave office before President-elect Trump names a new leadership    – Read More  –  

T-Mobile was hit by Salt Typhoon, a Chinese cyber-espionage group targeting US and global telecom firms    – Read More  –  

Helldown ransomware has expanded its reach to target Linux and VMware systems, exploiting Zyxel firewall vulnerabilities and exfiltrating data    – Read More  –  

Palo Alto advised users to patch urgently as the vulnerability is critical and actively exploited in the wild    – Read More  –  

Ransomware groups are recruiting pen testers from the dark web to expand their operations, as revealed by Cato Network’s Q3 2024 SASE Threat Report    – Read More  –  

A Russian national suspected of involvement in Phobos ransomware has appeared in court in the US    – Read More  –  

Fastly claims global organizations are taking 25% longer than expected to recover from security incidents    – Read More  –  

Switzerland’s National Cyber Security Centre has warned of a new QR code scam in fake MeteoSwiss letters spreading Android malware    – Read More  –  

Proofpoint researchers have observed the growing use of the ClickFix social engineering tactic, which lures people into running malicious content on their computer    – Read More  –  

A phishing email claims to be from the New York Times with a story about an assassination attempt against President-elect Donald Trump    – Read More  –  

Phishing attacks using DocuSign impersonations targeting state agencies have surged 98% since Nov 8    – Read More  –