Information Security Magazine
Sitting Ducks DNS Attacks Put Global Domains at Risk
1 week 6 days ago
Over 1 million domains are vulnerable to “Sitting Ducks” attack, which exploits DNS misconfigurations
Microsoft Power Pages Misconfiguration Leads to Data Exposure
1 week 6 days ago
Misconfigurations in Microsoft Power Pages granting excessive access permissions expose sensitive data, risking PII to unauthorized users
Massive Telecom Hack Exposes US Officials to Chinese Espionage
1 week 6 days ago
The FBI and CISA have confirmed that US officials’ private communications have been compromised
API Security in Peril as 83% of Firms Suffer Incidents
1 week 6 days ago
Over 80% of UK organizations suffered an API security incident in the past year, with each costing over £400,000
Bank of England U-turns on Vulnerability Disclosure Rules
1 week 6 days ago
The UK’s financial regulators have discarded plans to force critical suppliers to disclose new vulnerabilities
Hive0145 Targets Europe with Advanced Strela Stealer Campaigns
2 weeks ago
Hive0145 is targeting Spain, Germany, Ukraine with Strela Stealer malware in invoice phishing tactic
AI Threat to Escalate in 2025, Google Cloud Warns
2 weeks ago
2025 could see our biggest AI fears materialize, according to a Google Cloud forecast report
Lazarus Group Uses Extended Attributes for Code Smuggling in macOS
2 weeks ago
Lazarus APT has been found smuggling malware onto macOS devices using custom extended attributes, evading detection
Amazon MOVEit Leaker Claims to Be Ethical Hacker
2 weeks ago
An individual who posted data allegedly stolen via MOVEit from Amazon and other big-name firms claims not to be malicious
Microsoft Fixes Four More Zero-Days in November Patch Tuesday
2 weeks ago
Microsoft has addressed four zero-day vulnerabilities this month, two of which have been exploited
TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware
2 weeks 1 day ago
The TA455 phishing campaign used fake job offers on LinkedIn to deploy malware
Phishing Tool GoIssue Targets Developers on GitHub
2 weeks 1 day ago
New phishing tool GoIssue targets GitHub, enabling mass phishing, and has been linked to the GitLoker extortion campaign
CISOs Turn to Indemnity Insurance as Breach Pressure Mounts
2 weeks 1 day ago
Panaseer claims 72% of security leaders are taking out personal indemnity insurance as board scrutiny increases
New Citrix Zero-Day Vulnerability Allows Remote Code Execution
2 weeks 1 day ago
watchTowr has found a flaw in Citrix’s Session Recording Manager that can be exploited to enable unauthenticated RCE against Citrix Virtual Apps and Desktops
North Korea Hackers Leverage Flutter to Deliver macOS Malware
2 weeks 1 day ago
Jamf observed North Korean attackers embedding malware within Flutter applications to target macOS devices, potentially to test a new way of weaponizing malware
Energy Giant Halliburton Reveals $35m Ransomware Loss
2 weeks 1 day ago
Halliburton has reported a $35m loss associated with an August ransomware breach
WEF Introduces Framework to Strengthen Anti-Cybercrime Partnerships
2 weeks 2 days ago
The World Economic Forum has shared recommendations on how to build on the success of existing partnerships to accelerate the disruption of cybercriminal activities
New Remcos RAT Variant Targets Windows Users Via Phishing
2 weeks 2 days ago
The new Remcos RAT variant identified in a new phishing campaign exploits CVE-2017-0199 via malicious Excel files
Microsoft Visio Files Used in Sophisticated Phishing Attacks
2 weeks 2 days ago
Researchers have uncovered a surge in phishing attacks using Visio .vsdx files to evade security scans
Checked
2 hours 35 minutes ago