Episode 291 of the Transatlantic Cable Podcast kicks off with news around OpenAIs recent decision to reduce the amount of information its sharing about how ChatGPT is trained, causing some to worry that its no longer as open as originally designed. From there discussion moves to a recent story around the DEA (Drug show more ...
A phishing link in the e-mail body is a thing of the past. Mail filters now detect this trick with near 100% efficiency. Thats why cybercriminals are constantly inventing new ways to get their hands on corporate login credentials. We recently came across a rather interesting method that makes use of perfectly show more ...
Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting show more ...
Paul speaks with Steve Orrin, the Federal CTO at Intel Corp about representing Intel and its technologies to Uncle Sam and the impact of the CHIPS Act a massive new federal investment in semiconductors. The post Episode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply Chain Security appeared first on The show more ...
Help the board understand where the business is vulnerable, where controls end, and where exposure begins.
Enterprise storage devices have 14 security weaknesses on average, putting them at risk of compromise by cyberattackers and especially ransomware attacks.
Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services.
Cloud-based System of Trust application now available for test-driving quantitative risk assessment of suppliers of hardware, software, services.
In the triumvirate of identity types, protecting the identity, privacy, and data of carbon-based forms — humans — is key. Safeguards must be in place as AI becomes more interactive.
With shades of the Cambridge Analytica scandal, German political parties skirted consumer data privacy regulations during the country's last parliamentary election, a privacy watchdog warns.
"Nexus" is the latest in a vast and growing array of Trojans targeting mobile banking and cryptocurrency applications.
Open source software continues to pose a challenge for companies. With the proper security practices, you can reduce your open source risk and manage it.
DMARC blocks spam and phishing emails sent from spoofed domains, and it's vastly underutilized, a new report says.
![image for IoT Startup OP[4] La ...](https://eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/blt1df2428853ef6b80/60e2ee09b08e424bfbc4242b/IoT-kerenby-AdobeStock_133171498.jpg)
Op[4]'s firmware security platform detects, prioritizes, and remediates exploitable vulnerabilities Internet of Things and embedded systems.
The North Korean advanced persistent threat (APT) actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help (CHM) files to download additional malware onto targeted machines.
The cybersecurity strategy for health and adult social care sets out a plan to promote cyber resilience across the sector by 2030, protecting services and the patients they support.
“The new variant of the FakeGPT Chrome extension, titled 'Chat GPT For Google,' is once again targeting your Facebook accounts under a cover of a ChatGPT integration for your Browser,” reads the post published by Guardio Labs.
Meta's former security policy manager, who split her time between the US and Greece, is reportedly suing the Hellenic national intelligence service for hacking her phone.
All seven of the externally reported issues are high-severity memory safety bugs, with four of them described as use-after-free vulnerabilities, a type of bug that could lead to arbitrary code execution, data corruption, or denial of service.
The hearing comes as Congress weighs legislation that would empower the Biden administration to ban TikTok along with other foreign apps that many politicians in Washington and around the country say pose a U.S. national security threat.
In the past few months, there have been several Magecart skimmers abusing Google Tag Manager in one way or another. While the Kritec skimmer hangs around the Google Tag Manager script, researchers believe it is not related to other active campaigns.
Cybernews researchers discovered an unprotected 20GB of server logs that contained nearly 30 million entries, with the oldest dated May 2022. The logs exposed subscribers’ IP addresses and user data about devices, operating systems, and web browsers.
The Center's director said the attack could impact about 3,000 employees, though there have been no reports of problems. The Center purchased cybersecurity and insurance coverage for all employees who may be impacted, for three years.
Attackers have been found impersonating legitimate packages via typosquatting to infect .NET developers with cryptocurrency stealers. These malicious packages are delivered through the NuGet repository, with three of them being downloaded over 150,000 times within a month. The malicious packages are designed to show more ...
The Soft Cell threat actor, also tracked by Microsoft as Gallium, is known to target unpatched internet-facing services and use tools like Mimikatz to obtain credentials that allow for lateral movement across the targeted networks.
Remote access provider Splashtop has acquired the server and network access management vendor Foxpass to get better visibility across co-managed and multi-tenant environments.
A new credit card stealing hacking campaign is doing things differently by hiding its malicious code inside the 'Authorize.net' payment gateway module for WooCommerce, allowing the breach to evade detection by security scans.
The Israeli startup said the financing was provided by StageOne Ventures, First Rays Venture Partners, and D. E. Shaw & Co. A roster of prominent security practitioners and entrepreneurs also joined the round.
"Nexus provides all the main features to perform ATO attacks (Account Takeover) against banking portals and cryptocurrency services, such as credentials stealing and SMS interception," Italian cybersecurity firm Cleafy said.
The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced adding more experts to its Cybersecurity Advisory Committee (CSAC) and updating the baseline cybersecurity goals introduced last year.
A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution (BfV) and the National Intelligence Service of the Republic of Korea (NIS) warn about Kimsuky's use of Chrome extensions to steal Gmail emails.
M7 Group’s Czech and Slovak operator Skylink has reportedly fallen victim to a hacker attack. Skylink offers DTH and internet TV services in the Czech Republic and Slovakia.
The number of false claims is at times challenging to debunk. However, despite the inaccuracy of most claims, when hacktivist activity targeting OT becomes commonplace, the likelihood of actual and even substantial OT incidents increases.
Cisco published its semiannual IOS and IOS XE software security advisory bundle, which addresses ten vulnerabilities, including six 'high-severity’ ones. The most important three security bugs can be exploited remotely to cause a DoS condition.
The company revealed that last month's cyberattack directly impacted its employees' information in the annual report filed with the U.S. Securities and Exchange Commission (SEC) on Wednesday.
German and South Korean government agencies warned about a new spear-phishing campaign by the North Korean APT, Kimsuky. The campaign targets experts on issues related to the Korean peninsula. Attackers send a spear-phishing email to the targeted victims, asking them to install a malicious Chrome extension. The other show more ...
Kaspersky researchers have identified cyberattacks targeting government, agriculture, and transportation organizations in Donetsk, Lugansk, and Crimea, conducted by the new Bad Magic APT. The campaign leverages old artifacts created as early as September 2021, along with a previously unseen malicious framework dubbed CommonMagic.
This Metasploit module exploits an arbitrary file upload vulnerability and achieves remote code execution in the Monitorr application. Using a specially crafted request, custom PHP code can be uploaded and injected through endpoint upload.php because of missing input validation. Any user privileges can exploit this show more ...
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on show more ...
Ubuntu Security Notice 5966-1 - Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. Maher Azzouzi discovered a privilege show more ...
Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Ubuntu Security Notice 5967-1 - It was discovered that the set method in object-path could be corrupted as a result of prototype pollution by sending a message to the parent process. An attacker could use this issue to cause object-path to crash.
WordPress plugins Watu Quiz versions 3.3.9 and below, GN Publisher versions 1.5.5 and below, and Japanized For WooCommerce versions 2.5.4 and below suffer from cross site scripting vulnerabilities.
Jelle Wieringa analyzes the differences between HDR and security awareness training and how HDR addresses the security layer of human risk management.
German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser extensions to steal users' Gmail inboxes. The joint advisory comes from Germany's domestic intelligence apparatus, the Federal Office for the Protection of the Constitution (BfV), and South Korea's National Intelligence Service of the Republic of Korea (NIS
Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced in the first quarter of 2023. The intrusion set has been attributed to a Chinese cyber espionage actor associated with a long-running campaign dubbed Operation Soft Cell based on tooling overlaps. "The initial attack phase involves infiltrating Internet-facing Microsoft Exchange servers to deploy
An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications and conduct fraud. "Nexus appears to be in its early stages of development," Italian cybersecurity firm Cleafy said in a report published this week. "Nexus provides all the main features to perform ATO attacks (Account Takeover) against banking portals and
In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage. Meanwhile, corporate security budgets have risen significantly because of the growing sophistication of attacks and the number of cybersecurity solutions introduced into the market. With this rise in threats, budgets, and solutions, how prepared are industries
Google has stepped in to remove a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI's ChatGPT service to harvest Facebook session cookies and hijack the accounts. The "ChatGPT For Google" extension, a trojanized version of a legitimate open source browser add-on, attracted over 9,000 installations since March 14, 2023, prior to its removal. It was originally
It could be a case of aCropalypse now for Google Pixel users, there’s a warning for house buyers, and just why is TikTok being singled out for privacy concerns? All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.
A new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over a period of almost two years, has identified that ransomware has become the prominent threat. Read more in my article on the Tripwire State of Security blog.
The world has gone ChatGPT bonkers. Which makes it an effective lure for cybercriminals who may want to break into accounts...
If you were sent a USB stick anonymously through the post, would you plug it into your computer? Perhaps you'll think twice when you hear what happened to these Ecuadorian journalists. Read more in my article on the Hot for Security blog.
