Information Security Magazine

DoubleClickjacking bypasses X-Frame-Options and SameSite cookies in double-click sequences, exposing UI authentication flaws

The US government has set out proposals to increase security obligations on healthcare providers to protect patient data amid surging cyber-attacks in the sector

The State of Rhode Island has confirmed that cybercriminals have begun publishing data stolen from its social services portal, the RIBridges system

Over 2.5 million end users are at risk as researchers discover 36 compromised Chrome extensions

Chinese hackers appear to have compromised Treasury machines via a trusted third party

Insurance firm Markel Direct found that 69% of UK SMEs lack a cybersecurity policy, with a significant lack of basic cybersecurity measures in place across these firms

The US Cybersecurity and Infrastructure Security Agency’s 2024 Year in Review marks Jen Easterly’s final report before resignation

The vacuum left by RedLine’s takedown will likely lead to a bump in the activity of other a infostealers

A joint US-Japan alert attributed North Korean hackers with a May 2024 crypto heist worth $308m from Japan-based company DMM

A US judge has ruled in favor of WhatsApp in a long-running case against commercial spyware-maker NSO Group

Researchers at iProov have discovered a dark web group compiling identity documents and biometric data to bypass KYC checks

The vulnerabilities, now patched, posed significant risks, including unauthorized file uploads, privilege escalation and SQL injection attacks

US healthcare giant Ascension revealed that 5.6 million individuals have had their personal, medical and financial information breached in a ransomware attack

Cryptomining malware hits popular npm packages rspack and vant, posing risks to open source tools

A new digital operation has enabled Interpol to identify scores of human traffickers operating between South America and Europe

The Information Commissioner’s Office has warned that millions of Brits don’t know how to erase personal data from their old devices

OpenAI must also initiate a six-month public awareness campaign across Italian media, explaining how it processes personal data for AI training

The Security Service of Ukraine has accused Russian-linked actors of perpetrating a cyber-attack against the state registers of Ukraine

The LockBitSupp persona said LockBit 4.0 will be launched in February 2025

The FBI has issued a warning about the Hiatus RAT malware targeting Xiongmai and Hikvision web cameras and DVRs, urging users isolate these devices from networks