Online Pitstop

The use of AI chatbots and AI-enabled manipulation of information by malicious actors is a key threat ahead of the upcoming 2024 elections across the continent, according to the European Union Agency for Cybersecurity (ENISA). The 11th edition of ENISA’s Threat Landscape report, published on October 19, 2023, compiles cyber threats observed by the Agency

The Hoxhunt Challenge has unveiled alarming trends in employee susceptibility to phishing attacks, emphasizing the critical role of engagement in reducing human risk.  The study, published today and conducted in 38 organizations across nine industries and 125 countries, revealed that 22% of phishing attacks in the first weeks of October 2023 used QR codes to

Google has bolstered the security of Android devices with a significant update to Google Play Protect. According to the tech giant, this development is in response to the growing prevalence of cyber-threats targeting mobile devices. Google Play Protect is an existing security feature that scans approximately 125 billion apps daily for malware and unwanted software. 

Cybersecurity experts at Kaspersky have unveiled a covert and highly advanced espionage campaign, codenamed “TetrisPhantom.” The persistent operation has specifically targeted government institutions in the Asia-Pacific region (APAC), utilizing a unique method involving secure USB drives for data infiltration. Kaspersky’s findings are part of their latest quarterly APT threat landscape report. The clandestine campaign, which

Unpatched WS_FTP servers exposed to the internet have become prime targets for ransomware attacks, with threat actors exploiting a critical vulnerability.  Writing on Infosec Exchange last Thursday, Sophos X-Ops’ incident responders described an attempted ransomware attack by the self-proclaimed Reichsadler Cybercrime Group. The attack reportedly utilized a stolen LockBit 3.0 builder to create ransomware payloads. Despite Progress

A new vulnerability in the User Submitted Posts WordPress plugin (versions 20230902 and below) has been discovered by the Patchstack team. With over 20,000 active installations, this popular plugin is used for user-generated content submissions and is developed by Plugin Planet. The vulnerability, discussed by Patchstack security researcher Rafie Muhammad in an advisory published today,

Email security provider Cofense has discovered a new phishing campaign comprising over 800 emails and using LinkedIn Smart Links. The campaign was active between July and August 2023 and involved various subject themes, such as financial, document, security, and general notification lures, reaching users’ inboxes across multiple industries. The financial, manufacturing and energy sectors are

The UK’s financial regulator has fined Equifax Ltd. over £11m ($13.4m) for failing to protect UK consumer data stolen in the notorious 2017 data breach. The Financial Conduct Authority (FCA) announced the financial penalty on October 13, 2023. The FCA stated that Equifax’s UK business failed to take appropriate action to protect the personal data

CISO salary growth has slowed with 20% receiving no raise at all in 2023, according to a new study by IANS Research and Artico Search. The research found an average total compensation increase of 11% over the past 12 months. This represents a reduction of 14% from the previous year. The average base salary increase

In a recent security alert, the team behind the popular open-source tool curl has announced the release of fixes for two vulnerabilities: CVE-2023-38545 and CVE-2023-38546.  Today’s release marks a crucial step in addressing these security concerns. Curl, a command-line tool for data transfer supporting various network protocols, plays a vital role in countless applications, with

Flagstar Bank, a prominent Michigan-based financial services provider, has warned 837,390 of its US customers about a data breach that occurred through a third-party service provider, Fiserv.  The breach exposed the personal information of a substantial number of customers. It was traced back to vulnerabilities in MOVEit Transfer, a file transfer software used by Fiserv

FortiGuard Labs, the research arm of security firm Fortinet, has uncovered a significant evolution in the IZ1H9 Mirai-based DDoS campaign.  Discovered in September and described in an advisory published on Monday, the new campaign has reportedly rapidly updated its arsenal of exploits, incorporating 13 distinct payloads, targeting various vulnerabilities across different Internet of Things (IoT)