Information Security Magazine

Microsoft highlighted a new Star Blizzard campaign targeting WhatsApp accounts, as the group adapts its TTPs following the takedown of its infrastructure by law enforcement

AliExpress, Shein, Temu, TikTok, WeChat and Xiaomi are accused of operating unlawful data transfers to China

The EU’s DORA regulation is in effect as of January 17, with mixed evidence around compliance levels among financial firms

Middle East real estate scams are surging as fraudsters exploit online listings and bypassed due diligence checks

Truth Social, launched by the Trump Media & Technology Group in 2022, has become a hotspot for scams like phishing and investment fraud

The US President’s second cybersecurity Executive Order will impose stricter security standards on software providers

Compliance with the Digital Operational Resilience Act (DORA) has cost many businesses over €1 million, according to research from Rubrik

The leak likely comes from a zero-day exploit affecting Fortinet’s products

A proposed settlement order from the FTC will require GoDaddy to strengthen its security practices following multiple data breaches at the web hosting giant

HP Wolf highlighted novel techniques used by attackers to bypass email protections, including embedding malicious code inside images and utilizing GenAI

A new EU action plan will be structured around four pillars: prevention, threat detection and identification, response to cyber-attacks and deterrence

CISA launched the JCDC AI Cybersecurity Playbook to enhance collaboration on AI cybersecurity risks

The FBI deleted Chinese PlugX malware from thousands of devices in the US, using a technique developed by French cybersecurity firm Sekoia.io

A new report from Fortinet reveals increased adoption of multi-cloud strategies and hybrid implementations combining on-premises and public cloud infrastructure

Chainalysis estimates threat actors made at least $51bn through crypto crime in 2024

The security provider published mitigation measures to prevent exploitation

Secureworks Counter Threat Unit (CTU) has identified links between North Korean IT workers and fraudulent crowdfunding activities, with the group known as Nickle Tapestry orchestrating scams to support North Korean interests

Patch Tuesday saw Microsoft fix eight zero-days, three of which are being actively exploited

A new Interim Final Rule on Artificial Intelligence Diffusion issued in the US strengthens security, streamlines chip sales and prevents misuse of AI technology

Browser-based cyber-threats surged in 2024, with credential abuse and infostealers on the rise