Information Security - Information Management Today

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Security Affairs

FEBRUARY 6, 2025

.” The International Civil Aviation Organization (ICAO) is investigating a significant data breach that has raised concerns about the security of its systems and employees data.

Data breaches

Data breaches Information Security Government Access

Why DSPM is Essential for Achieving Data Privacy in 2024

Security Affairs

OCTOBER 23, 2024

He holds a degree of Computer Science from Iqra University and specializes in Information Security & Data Privacy. About Author: Anas Baig With a passion for working on disruptive products, Anas Baig is currently working as a Product Manager at the Silicon Valley based company – Securiti.ai.

Data Privacy

Data Privacy Privacy GDPR Compliance

Elon Musk's Federal Worker Email Sparks 'Security Nightmare'

Data Breach Today

FEBRUARY 25, 2025

Federal Agencies and Experts Alike Say Musk's Email Request Poses Security Threat The Department of Government Efficiency-led effort to assess whether millions of federal jobs are necessary through a bulleted list of weekly activities is causing a major security threat, in addition to mass confusion across the federal government, experts told Information (..)

Security

Security Government Information Security

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Security Affairs

OCTOBER 1, 2024

A spokesperson for Germany’s Federal Office for Information Security (BSI) confirmed that Kimsuky (aka APT43 ) is conducting a broader cyber campaign targeting Germany. The server hosted realistic, German-language login pages mimicking Telekom and GMX, likely aiming to steal login credentials from German users.

Military

Military Manufacturing Phishing Information Security

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The makers of Acunetix, Texas-based application security vendor Invicti Security , confirmed Silent Push’s findings, saying someone had figured out how to crack the free trial version of the software so that it runs without a valid license key.

IT

IT Data breaches Cloud Passwords

News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

The Last Watchdog

DECEMBER 5, 2024

5, 2024, CyberNewswire — One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the 12th annual Cyber Defense Awards by Cyber Defense Magazine (CDM), the industrys leading information security magazine. Alisa Viejo, Calif.,

Cybersecurity

Cybersecurity Access Authentication Marketing

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

CISA updated its Secure by Design guidance, and the EUs Cyber Resilience Act and NIS2 added new requirements. Proactive collaboration and cyber risk quantification are key to ensuring operational resilience and security. Overemphasizing compliance risks diverting resources from advanced security challenges.

Compliance

Compliance Cybersecurity Risk Privacy

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Security Affairs

DECEMBER 5, 2024

Security Operations Center (SOC) analyst burnout is a very real problem. SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and the effectiveness of organizational defenses.

Cybersecurity

Cybersecurity Artificial Intelligence Risk Data collection

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Security Affairs

APRIL 16, 2025

Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024. Since June 2024, Doctor Web researchers found cheap Android phones preloaded with fake WhatsApp and Telegram apps designed to steal crypto via clipping. These clippers swap copied wallet addresses with the attackers own.

Manufacturing

Manufacturing Passwords Security IT

Oracle privately notifies Cloud data breach to customers

Security Affairs

APRIL 6, 2025

Oracle confirms a cloud data breach, quietly informing customers while downplaying the impact of the security breach. Oracle confirms a data breach and started informing customers while downplaying the impact of the incident.

Data breaches

Data breaches Cloud Encryption Communications

A crime ring compromised Italian state databases reselling stolen info

Security Affairs

OCTOBER 28, 2024

Italian police arrested four and are investigating dozens, including Leonardo Maria Del Vecchio, for alleged unauthorized access to state databases. Italian authorities have arrested four individuals as part of an investigation into alleged illegal access to state databases.

Computer and Electronics

Computer and Electronics Access Communications Marketing

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Security Affairs

OCTOBER 31, 2024

Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Interbank , formally the Banco Internacional del Perú Service Holding S.A.A. is a leading Peruvian provider of financial services has over 2 million customers.

Data breaches

Data breaches Financial Services Passwords Security

The source code of Banshee Stealer leaked online

Security Affairs

NOVEMBER 26, 2024

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. The code is now available on GitHub. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more.

Archiving

Archiving Encryption Passwords IT

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OCTOBER 11, 2024

OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and China-linked actors used ChatGPT for planning ICS attacks. OpenAI announced the disruption of over 20 cyber and influence operations this year, involving Iranian and Chinese state-sponsored hackers.

Phishing

Phishing Passwords Security IT

China-linked APT Mustang Panda upgrades tools in its arsenal

Security Affairs

APRIL 17, 2025

China-linked APT group Mustang Panda deployed a new custom backdoor, MQsTTang, in recent attacks targeting Europe, Asia, and Australia. China-linked APT group Mustang Panda (aka Camaro Dragon , RedDelta or Bronze President ). deployed a new custom backdoor, tracked as MQsTTang, in recent attacks targeting entities in Europe, Asia, and Australia.

IT

IT Archiving Encryption Communications

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Quad7 botnet, also known as CovertNetwork-1658 or xlogin, was first spotted in the summer of 2023 by security researcher Gi7w0rm. Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out password-spray attacks and steal credentials.

Passwords

Passwords Access Cloud Government

South African telecom provider Cell C disclosed a data breach following a cyberattack

Security Affairs

APRIL 13, 2025

Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. Cell C is the fourth-largest mobile network operator in South Africa, , after Vodacom, MTN, and Telkom.

Data breaches

Data breaches Unstructured data Ransomware Cybersecurity

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment. Cisco confirms that the data posted by IntelBroker on a cybercrime forum was stolen from its DevHub environment.

Data breaches

Data breaches Access Cloud Security

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Security Affairs

NOVEMBER 12, 2024

Apple iOS supports a new feature that reboots locked devices after extended inactivity, aiming to enhance data security for users. Apple ‘quietly’ implemented a new security feature that automatically reboots a locked device if it has not been used for several days. at the end of October.

Encryption

Encryption Passwords Security Communications

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. Google researchers analyzed a new malware family called PLAYFULGHOST that supports multiple features, including keylogging, screen and audio capture, remote shell, and file transfer/execution.

File names

File names Archiving Phishing Encryption

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. ” reads the alert.

Passwords

Passwords Ransomware Personal data Risk

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware. zip” or “Tracking###.zip”

File names

File names Authentication Access Archiving

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Security Affairs

OCTOBER 22, 2024

In September, Broadcom released security updates to the vulnerability CVE-2024-38812. VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking contest, for the second time in two months. vCenter Server is a critical component in VMware virtualization and cloud computing software suite.

Government

Government Cloud Access IT

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software.

Archiving

Archiving Phishing Encryption Passwords

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

Multiple vulnerabilities in the infotainment unit Mazda Connect could allow attackers to execute arbitrary code with root access. Trend Micro’s Zero Day Initiative warned of multiple vulnerabilities in the Mazda Connect infotainment system that could allow attackers to execute code with root privileges.

Ransomware

Ransomware Manufacturing Access Risk

Change Healthcare data breach impacted over 100 million people

Security Affairs

OCTOBER 25, 2024

The Change Healthcare data breach in the February 2024 impacted over 100 million, the largest-ever healthcare data breach in the US. UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals.

Data breaches

Data breaches Ransomware Insurance Cybersecurity

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

NOVEMBER 18, 2024

GDPR protects sensitive data like health and financial details, and its enforcement underscores the growing need for stronger data security measures. GDPR: The landscape of data privacy and protection has never been more critical.

GDPR

GDPR Security Compliance Data Privacy

DoubleClickjacking allows clickjacking on major websites

Security Affairs

JANUARY 2, 2025

The “DoubleClickjacking” exploit bypasses protections on major websites, using a double-click sequence for clickjacking and account takeover attacks. DoubleClickjackingis a technique that allows attackers to bypass protections on major websites by leveraging a double-click sequence.

Authentication

Authentication IT Security Access

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world.

Passwords

Passwords Security IT Data breaches

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.”

Archiving

Archiving Data breaches Passwords File names

J-magic malware campaign targets Juniper routers

Security Affairs

JANUARY 24, 2025

Threat actors are targeting Juniper routers with a custom backdoor in a campaign called code-named “J-magic,” attackers are exploiting a Magic Packet flaw.

Encryption

Encryption Access Security IT

Bitdefender released a decryptor for the ShrinkLocker ransomware

Security Affairs

NOVEMBER 13, 2024

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. ShrinkLocker ransomware was first discovered in May 2024 by researchers from Kaspersky.

Ransomware

Ransomware Encryption Passwords Authentication

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Veeam Backup and Replication vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8)

IT

IT Ransomware Authentication Cybersecurity

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption

Encryption File names Phishing Passwords

ASUS routers with AiCloud vulnerable to auth bypass exploit

Security Affairs

APRIL 18, 2025

ASUS warns of an authentication bypass vulnerability in routers with AiCloud enabled that could allow unauthorized execution of functions on the device. ASUS warns of an authentication bypass vulnerability, tracked as CVE-2025-2492 (CVSS v4 score: 9.2), which impacts routers with AiCloud enabled.

Authentication

Authentication Passwords Access Security

A cyberattack on gambling giant IGT disrupted portions of its IT systems

Security Affairs

NOVEMBER 23, 2024

A cyberattack on gambling giant IGT disrupted its systems, forcing the company to take certain services offline. International Game Technology (IGT) detected a cyberattack on November 17, the company promptly started its incident response procedures. International Game Technology PLC (IGT), formerly Gtech S.p.A. and Lottomatica S.p.A.,

IT

IT Cybersecurity Communications Ransomware

Google fixed the first actively exploited Chrome zero-day since the start of the year

Security Affairs

MARCH 26, 2025

Google has released out-of-band fixes to address a high-severity security vulnerability, tracked as CVE-2025-2783 , in Chrome browser for Windows. Google fixed a flaw in the Chrome browser for Windows that was actively exploited in attacks targeting organizations in Russia.

Libraries

Libraries Communications Security IT

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

JANUARY 15, 2025

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets.

Encryption

Encryption Ransomware Authentication Cloud

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Security Affairs

NOVEMBER 16, 2024

Palo Alto Networks confirmed active exploitation of a zero-day in its PAN-OS firewall and released new indicators of compromise (IoCs). Last week, Palo Alto Networks warned customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability (CVSSv4.0 Base Score: 9.3)

Cybersecurity

Cybersecurity Access Communications Security

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

Security Affairs

OCTOBER 29, 2024

Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram. Google TAG and Mandiant observed a Russia-linked group, tracked as UNC5812, targeting Ukraine’s military with Windows and Android malware via the Telegram channel “ Civil Defense.”

Military

Military IT Security Information Security

From Risk Assessment to Action: Improving Your DLP Response

Security Affairs

OCTOBER 25, 2024

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. Data loss prevention (DLP) is a cornerstone of any effective cybersecurity strategy. Protecting sensitive data is what cybersecurity is all about. So, how can you conduct a DLP risk assessment?

Risk

Risk Cybersecurity Cloud Compliance

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. SecurityScorecard researchers discovered a botnet of over 130,000 devices that is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide.

Passwords

Passwords Authentication Access Cybersecurity

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone. In February 2024, Serbian journalist Slavia Milanov was summoned to a police station after a routine traffic stop.

Personal data

Personal data Encryption Security Privacy

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and JetBrains TeamCity servers on a large scale. cyber agencies warned.

Data collection

Data collection Authentication Access Cybersecurity

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Why DSPM is Essential for Achieving Data Privacy in 2024

Webinars

Trending Sources

Elon Musk's Federal Worker Email Sparks 'Security Nightmare'

Webinars

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Oracle privately notifies Cloud data breach to customers

A crime ring compromised Italian state databases reselling stolen info

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

The source code of Banshee Stealer leaked online

Iran and China-linked actors used ChatGPT for preparing attacks

China-linked APT Mustang Panda upgrades tools in its arsenal

Chinese threat actors use Quad7 botnet in password-spray attacks

South African telecom provider Cell C disclosed a data breach following a cyberattack

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

PLAYFULGHOST backdoor supports multiple information stealing features

FBI warns of malicious free online document converters spreading malware

MikroTik botnet relies on DNS misconfiguration to spread malware

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Banshee macOS stealer supports new evasion mechanisms

Mazda Connect flaws allow to hack some Mazda vehicles

Change Healthcare data breach impacted over 100 million people

Increased GDPR Enforcement Highlights the Need for Data Security

DoubleClickjacking allows clickjacking on major websites

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Internet Archive data breach impacted 31M users

J-magic malware campaign targets Juniper routers

Bitdefender released a decryptor for the ShrinkLocker ransomware

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

ASUS routers with AiCloud vulnerable to auth bypass exploit

A cyberattack on gambling giant IGT disrupted portions of its IT systems

Google fixed the first actively exploited Chrome zero-day since the start of the year

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

From Risk Assessment to Action: Improving Your DLP Response

A large botnet targets M365 accounts with password spraying attacks

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Stay Connected