Infosys subsidiary named as source of Bank of America data leak

February 13, 2024

Indian tech services giant Infosys has been named as the source of a data leak suffered by the Bank of America. Infosys disclosed the breach in a November 3, 2023, filing [PDF] that revealed its US subsidiary Infosys McCamish Systems LLC (IMS) […]

The ever-present state of cyber security alert

February 9, 2024

As artificial intelligence (AI) technology becomes increasingly complex so do the threats from bad actors. It is like a forever war. Half the time too, we barely know that we’re using AI, largely because it’s getting progressively cheaper and easier […]

FBI Disrupts Chinese Botnet Targeting U.S. Critical Infrastructure

February 1, 2024

The United States continues to grapple with cyber intrusions emanating from sophisticated hacking groups affiliated with the Chinese government. In December 2023, the U.S. government conducted an extensive operation to disrupt a Chinese state-sponsored botnet that was being used to […]

Threats & Malware, Vulnerabilities

Multiple XSS flaws in Joomla can lead to remote code execution

February 22, 2024

Via: Security Affairs

The maintainers of the Joomla! Project released Joomla 5.0.3 and 4.4.3 versions that addressed the following vulnerabilities in the popular content management system (CMS): [20240201] –CVE-2024-21722 Core – Insufficient session expiration in MFA management views: The MFA management features did […]

Data loss, Threats & Malware

LockBit leaks expose nearly 200 affiliates and bespoke data-stealing malware

February 21, 2024

Via: The Register

The latest revelation from law enforcement authorities in relation to this week’s LockBit leaks is that the ransomware group had registered nearly 200 “affiliates” over the past two years. Affiliates are those people who buy into the gang’s ransomware-as-a-service model, […]

Cloud security, Security

Harness the power of security automation

February 21, 2024

Via: The Register

The complexity facing businesses as they make the necessary transition to cloud-native applications and multi-cloud architectures keeps cloud teams firmly on the frontline when it comes to implementing security policies. The constant risks of misconfiguration and malicious attack demand that […]

Cyber warfare, Cyber-crime

Biden asks Coast Guard to create an infosec port in a stormy sea of cyber threats

February 21, 2024

Via: The Register

President Biden has empowered the US Coast Guard (USCG) to get a tighter grip on cybersecurity at American ports – including authorizing yet another incident reporting rule. The White House on Wednesday announced Biden’s intention to sign an executive order […]

Cyber-crime, Malware

U.S., U.K. Authorities Take Down Notorious LockBit Ransomware Operation

February 20, 2024

Via: SecureWorld

In a massive coordinated effort, law enforcement agencies from the United States and United Kingdom have dismantled the infrastructure of the notorious LockBit ransomware gang. LockBit has been linked to more than $100 million in ransom payments from victims across […]

Threats & Malware, Virus & Malware

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

February 20, 2024

Via: Security Affairs

The Cactus ransomware group claims responsibility for pilfering 1.5TB of data from the Energy management and industrial automation giant Schneider Electric. Schneider Electric is a multinational company that specializes in energy management, industrial automation, and digital transformation. In January, BleepingComputer […]

Access control, Security

The double-edged sword of zero trust

February 19, 2024

Via: Help Net Security

In an era defined by relentless cyber threats and evolving attack vectors, traditional security models are proving increasingly inadequate to safeguard sensitive information. Unlike conventional systems that often rely on perimeter defenses, zero trust adopts a more discerning philosophy, treating […]