Shruti Jain Journalist Profile

Articles

Navigating 2025: Emerging Security Trends and AI Challenges for CISOs

Jan 15, 2025 | cysecurity.news | Shruti Jain

Security teams have always needed to adapt to change, but 2025 is poised to bring unique challenges, driven by advancements in artificial intelligence (AI), sophisticated cyber threats, and evolving regulatory mandates. Chief Information Security Officers (CISOs) face a rapidly shifting landscape that requires innovative strategies to mitigate risks and ensure compliance.
Cyberattacks and Technology Disruptions: Leading Threats to Business Growth

Jan 15, 2025 | cysecurity.news | Shruti Jain

The global average cost of a data breach soared to nearly $4.9 million in 2024, marking a 10% increase compared to the previous year, according to a report by IBM. In late October, UnitedHealth disclosed that a significant cyberattack on its Change Healthcare subsidiary earlier in 2024 might have exposed the data of 100 million individuals. This incident is regarded as the largest healthcare data breach ever reported to federal regulators, as first reported by Healthcare Dive.
This Phishing Trend is Exploiting YouTube URLs Through O365 Expiry Themes

Jan 13, 2025 | cysecurity.news | Shruti Jain

A recent surge in phishing campaigns has revealed attackers leveraging cleverly obfuscated URLs and Microsoft 365 password expiry warnings to trick users into surrendering their credentials. Here's a breakdown of the latest findings:The phishing emails consistently use subject lines formatted as: “ACTION Required - [Client] Server SecurityID:[random string]”.
This New Malware Exploits VPN Apps to Hijack Devices

Jan 10, 2025 | cysecurity.news | Shruti Jain

PLAYFULGHOST is primarily delivered through phishing emails or SEO poisoning techniques, which distribute trojanized VPN applications. Once executed, it establishes persistence using four methods: the run registry key, scheduled tasks, Windows startup folder, and Windows services. This persistence allows the malware to collect a vast array of data, including keystrokes, screenshots, system metadata, clipboard content, and QQ account details, as well as information on installed security products.
Malicious Chrome Extension Mimics Popular Tool, Poses Threat to Users’ Data

Jan 6, 2025 | cysecurity.news | Shruti Jain

Cybersecurity concerns are growing as malicious browser extensions target unsuspecting users. One such case involves the removal of the popular EditThisCookie extension, which had over 3 million downloads, from the Chrome Web Store due to its reliance on the outdated Manifest v2 framework. In its place, a new extension named EditThisCookie® has emerged. Built using the updated Manifest v3 framework, this replacement mimics the original's name and design but contains harmful code.
RBI Report Highlights Rising Fraud Incidents and Financial Impact

Jan 2, 2025 | cysecurity.news | Shruti Jain

The Reserve Bank of India (RBI) has revealed a significant rise in bank fraud cases during the first half of the current fiscal year. According to the Report on Trend and Progress of Banking in India 2023-24, fraud cases from April to September reached 18,461, involving a staggering ₹21,367 crore. This reflects a sharp increase compared to 14,480 cases amounting to ₹2,623 crore during the same period last year.
New Two-Step Phishing Attack Exploits Microsoft Visio and SharePoint

Dec 31, 2024 | cysecurity.news | Shruti Jain

A novel two-step phishing strategy is targeting Microsoft Visio files (.vsdx) and SharePoint, signaling a new trend in cyber deception, according to experts. Researchers at Perception Point have noted a significant rise in attacks leveraging these previously uncommon .vsdx files. These files act as delivery tools, directing victims to phishing pages that replicate Microsoft 365 login portals, aiming to steal user credentials.
75% of Ransomware Attacks Target Healthcare on Holidays: Expert Insights

Dec 28, 2024 | cysecurity.news | Shruti Jain

Approximately 75% of ransomware attacks on the healthcare sector over the past year occurred during weekends or holidays, highlighting the urgency for organizations to strengthen their staffing and security measures during these high-risk periods. Jeff Wichman, director of incident response at security firm Semperis, emphasized the need for proactive preparation. "In reality, we should be staffing up because if the attackers know for a fact that on weekends we, as citizens, take time off.
Trio of SQL Injection Vulnerabilities Found in Amazon Redshift Drivers: Update Now

Dec 27, 2024 | cysecurity.news | Shruti Jain

Three severe SQL injection vulnerabilities have been identified in specific Amazon Redshift drivers, posing a significant risk of privilege escalation and data compromise. The vulnerabilities, labeled as CVE-2024-12744, CVE-2024-12745, and CVE-2024-12746, each hold a CVSS severity score of 8.0, emphasizing the need for immediate remediation.
Clop Ransomware Gang Threatens 66 Companies with Data Leak After Cleo Breach

Dec 26, 2024 | cysecurity.news | Shruti Jain

The Clop ransomware gang has intensified its extortion tactics following a data theft attack targeting Cleo software. On its dark web portal, the group revealed that 66 companies have been given 48 hours to meet their ransom demands. According to Clop, the affected companies are being contacted directly with links to secure chat channels for negotiating ransom payments. Additionally, the hackers have provided email addresses for victims to initiate communication.