Security

More than two-thirds (69%) of UK small and medium enterprises (SMEs) lack a cybersecurity policy, according to figures from specialist insurance firm Markel Direct. The research identified a significant lack of basic cybersecurity measures and hygiene in place across these companies. This included 43% admitting that their employees are not trained on best practices and

A series of critical vulnerabilities affecting the widely used WPLMS and VibeBP plugins for WordPress have been identified by security researchers. These plugins are essential components of the WPLMS premium LMS theme, which counts over 28,000 sales. They are primarily used for creating online courses, managing students and selling educational content. The vulnerabilities, now patched,

Security researchers have urged customer-facing businesses to improve their verification checks after discovering a large-scale identity farming operation on the dark web. The unnamed underground group compiled a large collection of identity documents and corresponding facial images in a bid to trick Know Your Customer (KYC) verification checks, according to IProov’s Biometric Threat Intelligence service.

The past year marked a year of “growth and transition” for the US Cybersecurity and Infrastructure Security Agency (CISA), according to its departing Director, Jen Easterly. In the foreword of the Agency’s 2024 Year in Review, Easterly’s final report before she steps down in January, she highlighted how CISA has focused on “working collaboratively to

The Lumma Stealer infostealer malware is increasingly sought after by cybercriminals, according to cybersecurity firm ESET which reported a 369% surge in detections in its telemetry in the second half of 2024. Lumma Stealer first appeared in the wild in 2022, eventually appearing on the list of top ten infostealers detected by ESET products in

A controversial Israeli spyware maker has been found liable for the compromise of hundreds of WhatsApp users, in a historic US court ruling. Judge Phyllis Hamilton said on Friday that NSO Group broke state and federal laws and WhatsApp’s terms of service, by using zero-day exploits in the popular messaging tool to deploy its Pegasus

US and Japanese authorities have attributed a major cryptocurrency heist worth $308m to North Korean hackers. An alert from the FBI, Department of Defense Cyber Crime Center and National Police Agency of Japan said the May 2024 theft from Japan-based crypto firm DMM was carried out by a North Korean threat group tracked as TraderTraitor,

Around 5.6 million individuals have had their sensitive personal, medical and financial information breached as a result of a ransomware attack on US healthcare giant Ascension. The company shared the extent of the data breach in a filing to the Office of the Maine Attorney General on December 19. Following an investigation, Ascension discovered that

The LockBit ransomware group could be making a comeback after months of struggling to maintain its criminal activity following its takedown in February 2024. On December 19, LockBitSupp, the persona allegedly run by the ransom-as-s-service (RaaS) group admins, announced on its website the group would launch a new version of its ransomware, LockBit 4.0. In

Ukraine’s state registers, operated by the Ministry of Justice, have suffered their largest cyber-attack, with the Security Service of Ukraine (SSU) opening a criminal investigation into the incident, which it has attributed to Russia. The SSU has established that a hacker group affiliated with the main intelligence directorate of the general staff of the Russian

The Italian Data Protection Authority (Garante per la protezione dei dati personali) has taken sanctions against OpenAI over data protection failures related to the ChatGPT chatbot. OpenAI must pay a €15m ($15.6m) fine and carry out a six-month public awareness campaign across Italian media. This campaign is aimed to educate the public on how ChatGPT

Despite the ban on Kaspersky products in the US they continue to be actively used by US organizations, including by 19 US government entities. A Bitsight analysis found that 40% of US organizations observed to be using Kaspersky products before the prohibition came into effect on September 29, 2024, still appear to be using the

US federal agencies and departments have been mandated to implement new cybersecurity practices for cloud services. The Cybersecurity and Infrastructure Security Agency (CISA) published Binding Operational Directive 25-01: Implementing Secure Practices for Cloud Services on December 17, which sets out actions federal agencies must take to identify and secure all production or operational cloud tenants

A sophisticated phishing attack targeting a Turkish defense sector organization was recently uncovered by security researchers, shedding light on the evolving tactics of threat actor TA397, also known as “Bitter.”  This campaign, observed by Proofpoint, deployed spear phishing emails containing RAR archives to deliver malware through advanced mechanisms involving NTFS Alternate Data Streams (ADS) and

Internet-exposed Human Machine Interfaces (HMIs) pose significant risks to the Water and Wastewater Systems (WWS) sector, according to a new fact sheet jointly released by the US Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA). Titled Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems and published last week, the

Ransomware claims reached an all-time high in November 2024, with Corvus Insurance reporting 632 victims claimed on ransomware groups’ data leak sites (DLS). More than double the monthly average of 307 victims, the November count exceeds the previous peak of 527 victims recorded in May 2024. According to a December 11 report by Corvus, these

Threat actors’ abuse of legitimate Microsoft tools rose by 51% in the first half of 2024 compared to 2023, according to Sophos’ latest Active Adversary Report. The researchers observed 187 unique Microsoft Living Off the Land Binaries (LOLbins) used by threat actors in 190 cyber incidents analyzed in H1 2024. Over a third of them

The US Government has offered a $5m reward for information that leads to the disruption of financial mechanisms of persons engaged in a fake IT worker scheme targeting US firms that support the Democratic People’s Republic of Korea (DPRK).  The conspirators, some of whom were ordered by their superiors to earn at least $10,000 per

Two significant security vulnerabilities in the popular Woffice WordPress theme that could allow attackers to gain unauthorized control or access have been patched. The Woffice theme, a premium product developed by Xtendify with over 15,000 sales, provides team and project management functionality for WordPress.  According to a report by Patchstack, the first vulnerability is a privilege

Russian state threat actor Secret Blizzard has leveraged resources and tools used by other cyber groups to support the Kremlin’s military efforts in Ukraine, according to Microsoft. These campaigns have consistently led to the download of Secret Blizzard’s custom malware on devices associated with the Ukrainian military. The analysis is the second part of research

A significant cyber operation exploiting vulnerabilities in improperly configured public websites has been linked to the Nemesis and ShinyHunters hacking groups, exposing sensitive data, including customer information, infrastructure credentials and proprietary source code. According to independent cybersecurity researchers Noam Rotem and Ran Locar, the attackers orchestrated a large-scale internet scan targeting vulnerable endpoints within Amazon Web Services

A federal appeals court has upheld a law that could see TikTok banned across the US unless its Chinese parent company, ByteDance, divests its ownership. The decision was issued by a three-judge panel from the US Court of Appeals for the District of Columbia Circuit on Friday, marking a significant setback for the video-sharing platform

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish the data it had stolen earlier this week. However, despite the claims, a Deloitte spokesperson told Infosecurity that its investigation indicates that the allegations relate to a single client’s system which sits outside of the Deloitte network. “No Deloitte systems have

A propaganda campaign conducted primarily on TikTok boosted a far-right candidate who topped the votes in the first round of Romania’s presidential election, according to Romanian authorities. Cǎlin Georgescu, a far-right candidate with pro-Kremlin views, was predicted to receive minimal support in the country’s presidential election, with only 1% of the vote in pre-election polls

The US Federal Communications Commission (FCC) is looking to expanding cybersecurity requirements for US telecommunications firms following the Salt Typhoon cyber-attack which impacted at least eight US communications firms. As part of its “decisive action” the FCC has released a Notice of Rulemaking in which communications firms could be subject to an annual certification requirement

Two severe vulnerabilities in Veeam Service Provider Console (VSPC) software have been patched, including one with a near-maximum CVSS score of 9.9. The issues, designated as CVE-2024-42448 and CVE-2024-42449, were identified during internal testing by Veeam. Both flaws pose significant risks to system integrity, requiring immediate attention from affected service providers. Details of the Vulnerabilities

The Federal Trade Commission (FTC) has banned data brokers Gravy Analytics and Mobilewalla from collecting, using or selling sensitive location data that reveals Americans’ visits to places like healthcare facilities, military bases and religious institutions. The settlements, announced on Tuesday, also require both companies to delete previously collected data and impose strict controls to prevent future

Houston-based ENGlobal Corporation, a contractor specializing in engineering and automation services for the energy sector and US government, announced Monday that a ransomware attack has disrupted its operations. The company disclosed the incident on Monday in aregulatory filing with the US Securities and Exchange Commission (SEC). The breach was identified on November 25 2024, prompting ENGlobal

A new report by a French government agency has accused Azerbaijan of manipulating online users in France’s overseas constituencies and Corsica. In a new report published on December 2, France’s technical agency responsible for monitoring foreign digital interference, VIGINUM, released findings about the Baku Initiative Group (BIG), a state-sponsored organization based in Azerbaijan. From July

UK cybercrime victims are being failed by the justice system, with perpetrators hardly ever facing charges and convictions, according to a report by The Cyber Helpline, a charity supporting individuals impacted by cybercrime and other online harms. The analysis The Funnel of Justice, found that victims of cybercrime in England and Wales are seven-times less