Information Security Magazine

The security provider published mitigation measures to prevent exploitation

Secureworks Counter Threat Unit (CTU) has identified links between North Korean IT workers and fraudulent crowdfunding activities, with the group known as Nickle Tapestry orchestrating scams to support North Korean interests

Patch Tuesday saw Microsoft fix eight zero-days, three of which are being actively exploited

A new Interim Final Rule on Artificial Intelligence Diffusion issued in the US strengthens security, streamlines chip sales and prevents misuse of AI technology

Browser-based cyber-threats surged in 2024, with credential abuse and infostealers on the rise

Barings Law is planning to sue the two tech giants over numerous alleged violations of data misuse, including for AI training

A UK government consultation has proposed banning public sector and critical infrastructure organizations from making ransomware payments to disincentivize attackers from targeting these services

CISA claims US critical infrastructure providers are improving cyber hygiene and remediation activities

The .uk registry Nominet has been breached by a recently disclosed zero-day vulnerability in Ivanti products

A joint government advisory has set out steps critical infrastructure firms should take to ensure any OT products they purchase are secure by design

Diplomatic entities in Kazakhstan and Central Asia have been targeted by UAC-0063 using weaponized Word docs deploying HATVIBE malware

Microsoft confirmed an outage of its multi-factor authentication system impacting access to Microsoft 365, causing login failures and service disruption

Researchers at Check Point said FunkSec operators appear to use AI for malware development

A new WEF report highlighted growing disparities in the cyber capabilities of different types of organizations and regions

Three Russian men have been indicted on money laundering charges connected to cryptocurrency mixers

Telefonica has confirmed a breach of its internal ticketing system exposing more than 236,000 lines of customer data

CrowdStrike warned it had observed a phishing campaign impersonating the firm’s recruitment process to lure victims into downloading cryptominer

A large-scale cyber-attack has targeted the information system of Slovakia’s land registry, impacting the management of land and property records

The US medical billing firm is notifying over 360,000 customers that their personal, financial and medical data may have been exposed

Trend Micro detailed how attackers are using a fake proof-of-concept for a critical Microsoft vulnerability, designed to steal sensitive data from security researchers