New North Korean Hacking Group Identified by Microsoft
Microsoft has revealed the existence of a new North Korean threat actor, dubbed Moonstone Sleet.Previously tracked as Storm-1789, a denomination...
News
New PyPI Malware “Pytoileur” Steals Crypto and Evades Detection
Cybersecurity researchers have uncovered “pytoileur,” a malicious package on the Python Package Index (PyPI). The package, posing as an “API Management...
US-Led Operation Takes Down World’s Largest Botnet
A US-led law enforcement operation has successfully disrupted the 911 S5 botnet, believed to be the world’s largest ever botnet.The...
#Infosec2024: Why Credential-Based Attacks Need Modern Solutions
The evolving and innovative tactics cybercriminals use to steal login credentials highlights the urgent need for organizations to adopt modern...
Advance Fee Fraud Targets Colleges With Free Piano Offers
A malicious email campaign has been discovered leveraging piano-themed messages to perpetrate advance fee fraud (AFF) scams. These campaigns, active since...
First American Reveals Data Breach Impacting 44,000 Individuals
First American, a major insurance company in the US, has confirmed that a ransomware attack led to the loss of...
BBC Pension Scheme Breached, Exposing Employee Data
The BBC has confirmed a breach of its pension scheme, exposing the personal data of many of its employees.The public...
Europol-Led Operation Endgame Hits Botnet, Ransomware Networks
A new operation coordinated by Europol has targeted several significant malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. Dubbed...
#Infosec2024: Why Cybersecurity is Critical for the 2024 Paris Olympics
Events like the upcoming 2024 Paris Olympic Games, taking place from July 26, 2024, provides threat actors with the opportunity...
Ticketmaster Confirms Breach Potentially Impacting 560 Million Users
Ticketmaster parent company Live Nation has confirmed that internal data was exposed in a cyber-attack identified last month, with threat...
#Infosec2024: Conflicts Drive DDoS Attack Surge in EMEA
DDoS attacks have risen sharply in Europe, the Middle East and Africa (EMEA), surpassing North America as the most targeted...
Ransomware Rises Despite Law Enforcement Takedowns
Ransomware activity increased in 2023 compared to 2022, according to Google-owned Mandiant.This is despite broadscale law enforcement operations against prominent...
UK School Forced to Close Following Cyber-Attack
A UK School has been forced to close following a significant cyber-attack, leading to a critical incident being declared.The Billericay...
#Infosec2024: Nearly All of FTSE 100 Exposed to Third and Fourth-Party Breaches
Virtually all of the UK’s most valuable publicly traded firms have suppliers that suffered a breach in the past year,...
Business email compromise: new guidance to protect your organisation
Business email compromise: new guidance to protect your organisation Business email compromise (BEC) occurs when a criminal accesses a work...
Machine learning security principles updated
Machine learning security principles updated The NCSC’s ‘Principles for the security of machine learning’ were originally published in August 2022....
Active Exploitation of High-Severity Vulnerability in Check Point Virtual Private Network (VPN) Products
Check Point has released updates addressing a high severity vulnerability (CVE-2024-24919) affecting their VPN products. The vulnerability is reportedly being...
Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT)...
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a...
Critical Vulnerabilities in FortiSIEM
Fortinet has released updates addressing critical vulnerabilities (CVE-2024-23108 and CVE-2024-23109) affecting their FortiSIEM products. The vulnerabilities have a Common Vulnerability...
US-CERT Vulnerability Summary for the Week of May 20, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Critical Vulnerabilities in Cacti
Cacti has released security updates addressing critical vulnerabilities in their products. The vulnerabilities are:CVE-2024-29895: Successful exploitation of this vulnerability could allow an...
Critical Vulnerability in TP-Link Archer C5400X Gaming Router
TP-Link has released security updates to address a critical vulnerability (CVE-2024-5035) affecting their Archer C5400X gaming router product. The vulnerability...
Active Exploitation of Critical Vulnerability in NextGen Healthcare Mirth Connect
There have been reports of active exploitation of a critical vulnerability (CVE-2023-43208) affecting NextGen Healthcare Mirth Connect. The vulnerability has...
