Information Security - Information Management Today

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Security Affairs

FEBRUARY 6, 2025

.” The International Civil Aviation Organization (ICAO) is investigating a significant data breach that has raised concerns about the security of its systems and employees data.

Data breaches

Data breaches Information Security Government Access

Elon Musk's Federal Worker Email Sparks 'Security Nightmare'

Data Breach Today

FEBRUARY 25, 2025

Federal Agencies and Experts Alike Say Musk's Email Request Poses Security Threat The Department of Government Efficiency-led effort to assess whether millions of federal jobs are necessary through a bulleted list of weekly activities is causing a major security threat, in addition to mass confusion across the federal government, experts told Information (..)

Security

Security Government Information Security

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Krebs on Security

AUGUST 27, 2024

” Those third-party reports came in late June 2024 from Michael Horka , senior lead information security engineer at Black Lotus Labs , the security research arm of Lumen Technologies , which operates one of the global Internet’s largest backbones. victims and one non-U.S. ”

Communications

Communications Information Security Security Cybersecurity

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Security Affairs

OCTOBER 1, 2024

A spokesperson for Germany’s Federal Office for Information Security (BSI) confirmed that Kimsuky (aka APT43 ) is conducting a broader cyber campaign targeting Germany. The server hosted realistic, German-language login pages mimicking Telekom and GMX, likely aiming to steal login credentials from German users.

Military

Military Manufacturing Phishing Information Security

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The makers of Acunetix, Texas-based application security vendor Invicti Security , confirmed Silent Push’s findings, saying someone had figured out how to crack the free trial version of the software so that it runs without a valid license key.

IT

IT Data breaches Cloud Passwords

Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers

Security Affairs

JULY 25, 2024

The flaw was reported by: Peter Girnus (gothburz) of Trend Micro’s Zero Day Initiative with Trend Micro dwbzn with Aura Information Security Dima Lenz and Vlad Stolyarov of Google’s Threat Analysis Group Microsoft addressed the flaw with the release of Patch Tuesday Security updates for February 2024.

Education

Education Security Information Security Cybersecurity

News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

The Last Watchdog

DECEMBER 5, 2024

5, 2024, CyberNewswire — One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the 12th annual Cyber Defense Awards by Cyber Defense Magazine (CDM), the industrys leading information security magazine. Alisa Viejo, Calif.,

Cybersecurity

Cybersecurity Access Authentication Marketing

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Security Affairs

DECEMBER 5, 2024

Security Operations Center (SOC) analyst burnout is a very real problem. SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and the effectiveness of organizational defenses.

Cybersecurity

Cybersecurity Artificial Intelligence Risk Data collection

A crime ring compromised Italian state databases reselling stolen info

Security Affairs

OCTOBER 28, 2024

Italian police arrested four and are investigating dozens, including Leonardo Maria Del Vecchio, for alleged unauthorized access to state databases. Italian authorities have arrested four individuals as part of an investigation into alleged illegal access to state databases.

Computer and Electronics

Computer and Electronics Access Communications Marketing

The source code of Banshee Stealer leaked online

Security Affairs

NOVEMBER 26, 2024

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. The code is now available on GitHub. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more.

Archiving

Archiving Encryption Passwords IT

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. ” reads the alert.

Passwords

Passwords Ransomware Personal data Risk

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware. zip” or “Tracking###.zip”

File names

File names Authentication Access Archiving

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OCTOBER 11, 2024

OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and China-linked actors used ChatGPT for planning ICS attacks. OpenAI announced the disruption of over 20 cyber and influence operations this year, involving Iranian and Chinese state-sponsored hackers.

Phishing

Phishing Passwords Security IT

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Security Affairs

OCTOBER 31, 2024

Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Interbank , formally the Banco Internacional del Perú Service Holding S.A.A. is a leading Peruvian provider of financial services has over 2 million customers.

Data breaches

Data breaches Financial Services Passwords Security

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Quad7 botnet, also known as CovertNetwork-1658 or xlogin, was first spotted in the summer of 2023 by security researcher Gi7w0rm. Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out password-spray attacks and steal credentials.

Passwords

Passwords Access Cloud Government

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment. Cisco confirms that the data posted by IntelBroker on a cybercrime forum was stolen from its DevHub environment.

Data breaches

Data breaches Access Cloud Security

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Security Affairs

NOVEMBER 12, 2024

Apple iOS supports a new feature that reboots locked devices after extended inactivity, aiming to enhance data security for users. Apple ‘quietly’ implemented a new security feature that automatically reboots a locked device if it has not been used for several days. at the end of October.

Encryption

Encryption Passwords Security Communications

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. Google researchers analyzed a new malware family called PLAYFULGHOST that supports multiple features, including keylogging, screen and audio capture, remote shell, and file transfer/execution.

File names

File names Archiving Phishing Encryption

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Security Affairs

OCTOBER 22, 2024

In September, Broadcom released security updates to the vulnerability CVE-2024-38812. VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking contest, for the second time in two months. vCenter Server is a critical component in VMware virtualization and cloud computing software suite.

Government

Government Cloud Access IT

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software.

Archiving

Archiving Phishing Encryption Passwords

DoubleClickjacking allows clickjacking on major websites

Security Affairs

JANUARY 2, 2025

The “DoubleClickjacking” exploit bypasses protections on major websites, using a double-click sequence for clickjacking and account takeover attacks. DoubleClickjackingis a technique that allows attackers to bypass protections on major websites by leveraging a double-click sequence.

Authentication

Authentication IT Security Access

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

Multiple vulnerabilities in the infotainment unit Mazda Connect could allow attackers to execute arbitrary code with root access. Trend Micro’s Zero Day Initiative warned of multiple vulnerabilities in the Mazda Connect infotainment system that could allow attackers to execute code with root privileges.

Ransomware

Ransomware Manufacturing Access Risk

Google fixed the first actively exploited Chrome zero-day since the start of the year

Security Affairs

MARCH 26, 2025

Google has released out-of-band fixes to address a high-severity security vulnerability, tracked as CVE-2025-2783 , in Chrome browser for Windows. Google fixed a flaw in the Chrome browser for Windows that was actively exploited in attacks targeting organizations in Russia.

Libraries

Libraries Communications Security IT

Change Healthcare data breach impacted over 100 million people

Security Affairs

OCTOBER 25, 2024

The Change Healthcare data breach in the February 2024 impacted over 100 million, the largest-ever healthcare data breach in the US. UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals.

Data breaches

Data breaches Ransomware Insurance Cybersecurity

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world.

Passwords

Passwords Security IT Data breaches

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.”

Archiving

Archiving Data breaches Passwords File names

J-magic malware campaign targets Juniper routers

Security Affairs

JANUARY 24, 2025

Threat actors are targeting Juniper routers with a custom backdoor in a campaign called code-named “J-magic,” attackers are exploiting a Magic Packet flaw.

Encryption

Encryption Access Security IT

Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies

Security Affairs

MARCH 8, 2025

A data breach suffered by the Japanese telecom giant NTT exposed information of nearly 18,000 corporate customers. Japanese telecom giant NTT suffered a data breach that exposed information of nearly 18,000 corporate customers. ” reads the data breach notification published by the company.

Data breaches

Data breaches Communications Access IT

Bitdefender released a decryptor for the ShrinkLocker ransomware

Security Affairs

NOVEMBER 13, 2024

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. ShrinkLocker ransomware was first discovered in May 2024 by researchers from Kaspersky.

Ransomware

Ransomware Encryption Passwords Authentication

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Veeam Backup and Replication vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8)

IT

IT Ransomware Authentication Cybersecurity

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption

Encryption File names Phishing Passwords

A cyberattack on gambling giant IGT disrupted portions of its IT systems

Security Affairs

NOVEMBER 23, 2024

A cyberattack on gambling giant IGT disrupted its systems, forcing the company to take certain services offline. International Game Technology (IGT) detected a cyberattack on November 17, the company promptly started its incident response procedures. International Game Technology PLC (IGT), formerly Gtech S.p.A. and Lottomatica S.p.A.,

IT

IT Cybersecurity Communications Ransomware

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

JANUARY 15, 2025

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets.

Encryption

Encryption Ransomware Authentication Cloud

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Security Affairs

NOVEMBER 16, 2024

Palo Alto Networks confirmed active exploitation of a zero-day in its PAN-OS firewall and released new indicators of compromise (IoCs). Last week, Palo Alto Networks warned customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability (CVSSv4.0 Base Score: 9.3)

Cybersecurity

Cybersecurity Access Communications Security

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. SecurityScorecard researchers discovered a botnet of over 130,000 devices that is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide.

Passwords

Passwords Authentication Access Cybersecurity

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone. In February 2024, Serbian journalist Slavia Milanov was summoned to a police station after a routine traffic stop.

Personal data

Personal data Encryption Security Privacy

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

Security Affairs

OCTOBER 29, 2024

Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram. Google TAG and Mandiant observed a Russia-linked group, tracked as UNC5812, targeting Ukraine’s military with Windows and Android malware via the Telegram channel “ Civil Defense.”

Military

Military IT Security Information Security

From Risk Assessment to Action: Improving Your DLP Response

Security Affairs

OCTOBER 25, 2024

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. Data loss prevention (DLP) is a cornerstone of any effective cybersecurity strategy. Protecting sensitive data is what cybersecurity is all about. So, how can you conduct a DLP risk assessment?

Risk

Risk Cybersecurity Cloud Compliance

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and JetBrains TeamCity servers on a large scale. cyber agencies warned.

Data collection

Data collection Authentication Access Cybersecurity

Authentication bypass CVE-2025-22230 impacts VMware Windows Tools

Security Affairs

MARCH 26, 2025

Broadcom released security updates to address a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230 (CVSS score 9.8), impacting VMware Tools for Windows. Broadcom addressed a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230, in VMware Tools for Windows.

Authentication

Authentication Cloud Access Security

Citrix addressed NetScaler console privilege escalation flaw

Security Affairs

FEBRUARY 20, 2025

Citrix released security updates to address a high-severity security vulnerability, tracked as CVE-2024-12284 (CVSS score of 8.8) Citrix addressed a high-severity privilege escalation vulnerability impacting NetScaler Console and NetScaler Agent under certain conditions. ” reads the advisory.

Authentication

Authentication Cloud Access Security

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Security Affairs

OCTOBER 14, 2024

Dutch police dismantled Bohemia/Cannabia, two major dark web markets for illegal goods, drugs, and cybercrime services. The Dutch police have announced the success of a new joint law enforcement operation that led to the shutdown of the dual dark web marketplace Bohemia/Cannabia.

Marketing

Marketing IT Information Security Security

Black Basta ransomware gang hit BT Group

Security Affairs

DECEMBER 4, 2024

BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack. British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack.

Ransomware

Ransomware Blockchain Insurance Data breaches

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Security Affairs

NOVEMBER 8, 2024

Palo Alto Networks warns customers to restrict access to their next-generation firewalls because of a potential RCE flaw in the PAN-OS management interface. Palo Alto Networks warns customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability in PAN-OS.

Authentication

Authentication Cybersecurity Access Communications

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Elon Musk's Federal Worker Email Sparks 'Security Nightmare'

Webinars

Trending Sources

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Webinars

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers

News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

A crime ring compromised Italian state databases reselling stolen info

The source code of Banshee Stealer leaked online

FBI warns of malicious free online document converters spreading malware

MikroTik botnet relies on DNS misconfiguration to spread malware

Iran and China-linked actors used ChatGPT for preparing attacks

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Chinese threat actors use Quad7 botnet in password-spray attacks

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

PLAYFULGHOST backdoor supports multiple information stealing features

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Banshee macOS stealer supports new evasion mechanisms

DoubleClickjacking allows clickjacking on major websites

Mazda Connect flaws allow to hack some Mazda vehicles

Google fixed the first actively exploited Chrome zero-day since the start of the year

Change Healthcare data breach impacted over 100 million people

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Internet Archive data breach impacted 31M users

J-magic malware campaign targets Juniper routers

Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies

Bitdefender released a decryptor for the ShrinkLocker ransomware

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

A cyberattack on gambling giant IGT disrupted portions of its IT systems

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

A large botnet targets M365 accounts with password spraying attacks

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

From Risk Assessment to Action: Improving Your DLP Response

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Authentication bypass CVE-2025-22230 impacts VMware Windows Tools

Citrix addressed NetScaler console privilege escalation flaw

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Black Basta ransomware gang hit BT Group

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Stay Connected