Information Security Magazine

NHS England has issued an alert regarding a critical Veeam Backup & Replication vulnerability that is being actively exploited, potentially leading to remote code execution

Access Now announced that the US Customs and Border Protection agency released records on its app following the NGO’s lawsuit

A new Sonatype report reveals a 156% surge in open source malware, with over 704,102 malicious packages identified since 2019, as OSS adoption continues to skyrocket

Russian-backed APT29 has been spying on US and European organizations since at least 2021, a US-UK joint advisory said

Operation MiddleFloor targets Moldova’s October elections, spreading EU disinformation via email

The data breach exposed more than 10m customer conversations from an AI call center platform in the Middle East

The EU's Cyber Resilience Act requires cybersecurity standards for all connected products throughout their entire lifecycle

Marriott will pay $52m to 50 US states for a data breach impacting 131.5 million American customers, and has agreed to implement stronger security practices

The non-profit digital library was also hit by at least two DDoS attacks in two days

Two former RAC employees have been handed suspended prison sentences for trading in personal data

Supply chain victim numbers surge as more than 240 million US residents are impacted by data breaches in Q3 2024

The privacy flaw in Apple’s iPhone mirroring feature enables personal apps on an iPhone to be listed in a company’s software inventory when the feature is used on work computers

New BeaverTail malware targets tech job seekers via fake recruiters on LinkedIn and X

Barracuda researchers have identified a new wave of QR code phishing attacks that evade traditional security measures and pose a significant threat to email security

The UK government’s Cyber Team Competition offer applicants the chance to receive advanced training, mentorship and networking opportunities

The Australian government’s Cyber Security Bill 2024 will mandate cybersecurity standards for smart devices and introduce ransomware reporting requirements

The Appeals Centre Europe is supported by Meta’s Oversight Board Trust and certified by Ireland's media regulator

Ivanti’s Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs

October’s Patch Tuesday saw Microsoft patch over 100 CVEs including five zero-day vulnerabilities

American Water, the largest water utility in the US, discovered a cyber-attack impacting internal systems on October 3