Infosecurity News

  1. New Cyber-Threat MadMxShell Exploits Typosquatting and Google Ads

    Zscaler also confirmed MadMxShell uses DLL sideloading and DNS tunneling for C2 communication

  2. US Election Officials Told to Prepare for Nation-State Influence Campaigns

    A US government advisory sets out actions election officials need to take to mitigate the impact of nation-state influence campaigns ahead of the November elections

  3. Trust in Cyber Takes a Knock as CNI Budgets Flatline

    Bridewell report reveals critical infrastructure firms are losing faith in their defensive tooling

  4. UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost

    The Metropolitan Police and partners have disrupted the prolific LabHost phishing-as-a-service platform

  5. Linux Cerber Ransomware Variant Exploits Atlassian Servers

    The attacks exploit CVE-2023-22518, a critical flaw in Atlassian Confluence Data Center and Server

  6. North Korean Group Kimsuky Exploits DMARC and Web Beacons

    Proofpoint confirmed Kimsuky has directly contacted foreign policy experts since 2023 through seemingly benign email conversations

  7. US Government and OpenSSF Partner on New SBOM Management Tool

    OpenSSF, in collaboration with the US Government, has developed Protobom, a open source tool designed to simplify SBOM management for organizations

  8. EU Election: Pro-Russian Propaganda Exploits Meta's Failure to Moderate Political Ads

    This year’s EU election will be a stress test to see whether the newly adopted Digital Services Act can efficiently mitigate misinformation threats

  9. Ivanti Patches Two Critical Avalanche Flaws in Major Update

    Ivanti has fixed two critical vulnerabilities in its Avalanche MDM product which could lead to remote code execution

  10. Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

    Cifas reveals 14% rise in dishonest employees, driven mainly by financial necessity last year

  11. Russian Sandworm Group Using Novel Backdoor to Target Ukraine and Allies

    WithSecure researchers said it is likely Russian state group Sandworm has added a novel backdoor dubbed ‘Kapeka’ to its arsenal

  12. Report Suggests 93% of Breaches Lead to Downtime and Data Loss

    According to Pentera, firms are allocating 13% of their total IT security budgets to pentesting

  13. LeakyCLI Flaw Exposes AWS and Google Cloud Credentials

    Orca Security said the issue mirrors a previously identified vulnerability in Azure CLI

  14. Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

    An open letter signed by 50 cybersecurity practitioners requires the US Congress to support NIST in restoring operations at the National Vulnerability Database

  15. Microsoft Most Impersonated Brand in Phishing Scams

    New Check Point data found Microsoft was impersonated in 38% of all brand phishing attacks in Q1 2024, up from 33% in Q4 2024

  16. Open Source Leaders Warn of XZ Utils-Like Takeover Attempts

    Two open source organizations have revealed attempts to socially engineer project takeovers

  17. Bad Bots Drive 10% Annual Surge in Account Takeover Attacks

    Malicious bots now represent a third of all internet traffic, says Imperva

  18. Russia and Ukraine Top Inaugural World Cybercrime Index

    An international team of researchers published the first-ever index ranking countries by cybercrime threat level

  19. New LockBit Variant Exploits Self-Spreading Features

    Kaspersky also uncovered the use of the SessionGopher script to extract saved passwords

  20. Palo Alto Networks Zero-Day Flaw Exploited in Targeted Attacks

    Designated CVE-2024-3400 and with a CVSS score of 10.0, the flaw enables unauthorized actors to execute arbitrary code on affected firewalls

What’s hot on Infosecurity Magazine?