North Korean IT Worker Network Tied to BeaverTail Phishing Campaign –
BeaverTail malware has been used to target tech job seekers through fake recruiters, Palo Alto Networks’ Unit 42 has found – Read More –
Category: Privacy/Governance Feed
FTC Records 50% Drop in Nuisance Calls Since 2021 –
The US Federal Trade Commission is celebrating a halving of unwanted telemarketing and scam calls since 2021 – Read More –
NCSC Warns UK Shoppers Lost £11.5m Last Christmas –
The UK’s National Cyber Security Centre is urging shoppers to stay safe this Christmas after revealing they lost £11.5m to fraudsters in 2023 – Read More –
Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors –
The security provider has elevated its warning about a vulnerability affecting firewall management interfaces after observing active exploitation – Read More –
Bitfinex Hacker Jailed for Five Years Over Billion Dollar Crypto Heist –
Ilya Lichtenstein hacked into the cryptocurrency exchange in 2016 and stole around 120,000 bitcoins – Read More –
watchTowr Finds New Zero-Day Vulnerability in Fortinet Products –
The new vulnerability was named “FortiJump Higher” due to its similarity with the “FortiJump” vulnerability discovered in October – Read More –
Ransomware Groups Use Cloud Services For Data Exfiltration –
SentinelOne described some of ransomware groups’ favorite techniques for targeting cloud services – Read More –
O2’s AI Granny Outsmarts Scam Callers with Knitting Tales –
Post Content – Read More –
Sitting Ducks DNS Attacks Put Global Domains at Risk –
Over 1 million domains are vulnerable to “Sitting Ducks” attack, which exploits DNS misconfigurations – Read More –
Microsoft Power Pages Misconfiguration Leads to Data Exposure –
Misconfigurations in Microsoft Power Pages granting excessive access permissions expose sensitive data, risking PII to unauthorized users – Read More –
Massive Telecom Hack Exposes US Officials to Chinese Espionage –
The FBI and CISA have confirmed that US officials’ private communications have been compromised – Read More –
API Security in Peril as 83% of Firms Suffer Incidents –
Over 80% of UK organizations suffered an API security incident in the past year, with each costing over £400,000 – Read More –
Bank of England U-turns on Vulnerability Disclosure Rules –
The UK’s financial regulators have discarded plans to force critical suppliers to disclose new vulnerabilities – Read More –
Hive0145 Targets Europe with Advanced Strela Stealer Campaigns –
Hive0145 is targeting Spain, Germany, Ukraine with Strela Stealer malware in invoice phishing tactic – Read More –
AI Threat to Escalate in 2025, Google Cloud Warns –
2025 could see our biggest AI fears materialize, according to a Google Cloud forecast report – Read More –
Lazarus Group Uses Extended Attributes for Code Smuggling in macOS –
Lazarus APT has been found smuggling malware onto macOS devices using custom extended attributes, evading detection – Read More –
Amazon MOVEit Leaker Claims to Be Ethical Hacker –
An individual who posted data allegedly stolen via MOVEit from Amazon and other big-name firms claims not to be malicious – Read More –
Microsoft Fixes Four More Zero-Days in November Patch Tuesday –
Microsoft has addressed four zero-day vulnerabilities this month, two of which have been exploited – Read More –
TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware –
The TA455 phishing campaign used fake job offers on LinkedIn to deploy malware – Read More –
CISOs Turn to Indemnity Insurance as Breach Pressure Mounts –
Panaseer claims 72% of security leaders are taking out personal indemnity insurance as board scrutiny increases – Read More –
Phishing Tool GoIssue Targets Developers on GitHub –
New phishing tool GoIssue targets GitHub, enabling mass phishing, and has been linked to the GitLoker extortion campaign – Read More –
New Citrix Zero-Day Vulnerability Allows Remote Code Execution –
watchTowr has found a flaw in Citrix’s Session Recording Manager that can be exploited to enable unauthenticated RCE against Citrix Virtual Apps and Desktops – Read More –
North Korea Hackers Leverage Flutter to Deliver macOS Malware –
Jamf observed North Korean attackers embedding malware within Flutter applications to target macOS devices, potentially to test a new way of weaponizing malware – Read More –
Energy Giant Halliburton Reveals $35m Ransomware Loss –
Halliburton has reported a $35m loss associated with an August ransomware breach – Read More –
WEF Introduces Framework to Strengthen Anti-Cybercrime Partnerships –
The World Economic Forum has shared recommendations on how to build on the success of existing partnerships to accelerate the disruption of cybercriminal activities – Read More –
New Remcos RAT Variant Targets Windows Users Via Phishing –
The new Remcos RAT variant identified in a new phishing campaign exploits CVE-2017-0199 via malicious Excel files – Read More –
Microsoft Visio Files Used in Sophisticated Phishing Attacks –
Researchers have uncovered a surge in phishing attacks using Visio .vsdx files to evade security scans – Read More –
EU Ramps Up Cyber Resilience with Major Crisis Simulation Exercise –
This year’s Blue OLEx cyber-attack drill was hosted in Italy and benefited from the new EU-CyCLONe for the first time – Read More –
Pensioners Warned Over Winter Fuel Payment Scam Texts –
The UK Regional Organised Crime Unit (ROCU) Network has urged the elderly to be on the lookout for scam texts offering a winter fuel subsidy – Read More –
Man Gets 12.5 Years for Running Bitcoin Fog Crypto Mixer –
Swedish-Russian national Roman Sterlingov has been jailed for 12 years and six months for operating notorious cryptocurrency mixer Bitcoin Fog – Read More –
Pro-Russian Hacktivists Target South Korea as North Korea Joins Ukraine War –
South Korea warned that pro-Russian groups have attacked government and private sector websites following the deployment of North Korean soldiers in Ukraine – Read More –
Major Oilfield Supplier Hit by Ransomware Attack –
International energy solution provider Newpark Resources has confirmed it was hit by a ransomware attack that disrupted critical systems – Read More –
North Korean Actor Deploys Novel Malware Campaign Against Crypto Firms –
SentinelLabs observed the North Korean group BlueNoroff targeting crypto firms via a multi-stage malware campaign which utilizes a novel persistence mechanism – Read More –
Interlock Ransomware Targets US Healthcare, IT and Government Sectors –
Interlock employs both “big-game hunting” and double extortion tactics against its victims – Read More –
Androxgh0st Botnet Adopts Mozi Payloads, Expands IoT Reach –
Androxgh0st botnet has expanded, integrating Mozi IoT payloads and targeting web server vulnerabilities – Read More –
UK Regulator Urges Stronger Data Protection in AI Recruitment Tools –
An ICO audit of AI recruitment tools found numerous data privacy issues that may lead to jobseekers being discriminated against and privacy compromised – Read More –
NCSC Publishes Tips to Tackle Malvertising Threat –
The UK’s National Cyber Security Centre has released malvertising guidance for brands and their ad partners – Read More –
Canada Orders Shutdown of Local TikTok Branch Over Security Concerns –
TikTok Technology Canada, Inc, the subsidiary of Chinese group ByteDance, will have to cease its operations in Canada – Read More –
UK Cybersecurity Wages Soar Above Inflation as Stress Levels Rise –
CIISec report reveals the average wage for UK security professionals is now over £87,000 – Read More –
Defenders Outpace Attackers in AI Adoption –
Trend Micro’s Robert McArdle says cybercriminals use of AI is far more limited than many realize, and pales in comparison to defenders’ use of the technology – Read More –
Cyber-Attack on Microlise Disrupts DHL and Serco Tracking Services –
A cyber-attack targeting telematics provider Microlise has disrupted tracking services for key clients like DHL and Serco – Read More –
IRISSCON: Organizations Still Falling Victim to Predictable Cyber-Attacks –
Organizations remain unprepared to defend against known and predictable attacks like ransomware – Read More –
Massive Nigerian Cybercrime Bust Sees 130 Arrested –
The Nigerian police have arrested 113 foreign individuals and their 17 Nigerian collaborators for their alleged involvement in high-level cybercrimes – Read More –
Winos4.0 Malware Found in Game Apps, Targets Windows Users –
Winos4.0 malware, derived from Gh0strat, targets Windows users via game-related applications, enabling remote control of affected systems – Read More –
Google Cloud to Mandate Multifactor Authentication by 2025 –
Google wants to ensure a smooth transition towards required MFA across all Google Cloud accounts with a phased rollout running throughout 2025 – Read More –
Global Operation Takes Down 22,000 Malicious IPs –
Interpol claims an international policing operation has shuttered 22,000 IPs connected with cybercrime – Read More –
Snowflake Hacking Suspect Arrested in Canada –
A man suspected of breaching hundreds of Snowflake accounts has been arrested – Read More –
ToxicPanda Malware Targets Banking Apps on Android Devices –
ToxicPanda malware targets banking apps on Android, spreading through Italy, Portugal and Spain – Read More –
ClickFix Exploits Users with Fake Errors and Malicious Code –
ClickFix exploits fake error messages across multiple platforms, such as Google Meet and Zoom – Read More –
US Voters Urged to Use Official Sources for Election Information –
A joint US government advisory warned about increasing foreign influence efforts designed to undermine the legitimacy of the Presidential Election – Read More –
