FISA

Infosecurity Europe, the premier information security event, will take place at ExCeL London from 4-6 June 2024. The event has unveiled further insights from its 2024 Cybersecurity Trends, Obstacles and Opportunities report, emphasising the growing concern among cybersecurity leaders regarding ransomware and AI-generated attacks.   Nearly 40% of respondents indicated that these threats are driving increased investment in cyber defences. Rising threats prompt increased cybersecurity investment The latest findings highlight the urgency for organisations to stay ahead of evolving cyber threats. With attacks becoming more frequent, complex, and damaging, businesses are ramping up their resources to bolster defences and enhance resilience. This heightened investment underscores the critical role of cybersecurity in protecting sensitive data, preserving customer trust, and ensuring business continuity. Ransomware: A persistent threat Ransomware remains a significant concern, and this year’s

The Cybersecurity and Infrastructure Security Agency, an arm of the Department of Homeland Security, is rolling out a program that warns organizations about potential ransomware attacks, CyberScoop reports. The program is currently running as a pilot and will be fully operational by the end of 2024. About 7,000 organizations have signed up for the pilot. So far, CISA has issued 2,049 warnings since the pilot was launched in January 2023. “The warning pilot is focused on reducing the prevalence of ransomware by using our vulnerability scanning tools to let businesses know if they have vulnerabilities that need to be patched,” CISA Director Jen Easterly told CyberScoop. To get alerts, organizations need to sign up for CISA’s cyber hygiene scanning tool. According to CISA’s FAQ page for the program, the tool “[e]valuates external network presence by executing continuous scans of public, static IPv4s for accessible services and vulnerabilities. This service provides weekly vulnerability r

  Attackers are once again abusing  Google Ads  to target people with info-stealing malware, this time using an ad-tracking feature to lure corporate users with fake ads for popular collaborative groupware such as Slack and Notion. Researchers from AhnLab Security Intelligence Center (ASEC) discovered  a malicious campaign  that uses a statistical feature to embed URLs that distribute malware, including the Rhadamanthys stealer, they revealed in a blog post published this week. The feature lets advertisers insert external analytic website addresses into ads to collect and use their visitors' access-related data to calculate ad traffic. However, instead of inserting a URL for an external statistics site, attackers are abusing the feature to enter sites for  distributing malicious code , the researchers found. Ads related to the campaign have already been deleted. But when they were still active, "clicking on the banner would take unsuspecting users to the address that would tri

A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has  infected more than 3,900 sites  over the past three weeks. "These attacks are orchestrated from domains less than a month old, with registrations dating back to February 12th, 2024," security researcher Puja Srivastava  said  in a report dated March 7. Infection sequences involve the exploitation of CVE-2023-6000, a security vulnerability in Popup Builder that could be exploited to create rogue admin users and install arbitrary plugins. The shortcoming was exploited as part of a  Balada Injector campaign  earlier this January, compromising no less than 7,000 sites. The latest set of attacks lead to the injection of malicious code, which comes in two different variants and is designed to redirect site visitors to other sites such as phishing and scam pages. WordPress site owners are recommended

  The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom. The ransomware attack  targeting medical firm Change Healthcare  has been one of the most disruptive in years, crippling pharmacies across the US—including those in hospitals—and leading to serious snags in the delivery of prescription drugs nationwide for 10 days and counting. Now, a dispute within the criminal underground has revealed a new development in that unfolding debacle: One of the partners of the hackers behind the attack points out that those hackers, a group known as AlphV or BlackCat, received a $22 million transaction that looks very much like a large ransom payment. On March 1, a Bitcoin address connected to AlphV received 350 bitcoins in a single transaction, or close to $22 million based on exchange rates at the time. Then, two days later, someone describing themselves as an affiliate of AlphV—one of the hackers