Month: August 2024
Protecting emails that contain sensitive data is crucial. The loss of confidential information or customer details can lead to hefty fines, negative publicity, and a significant erosion of customer trust. Unfortunately, email is often a primary target for cyberattacks such as phishing, business email compromise (BEC), and data breaches. Despite the advancements in security technologies,…
Read More
In episode 12 of The AI Fix, Mark and Graham meet an LLM having an existential crisis, ChatGPT speaks Welsh for no reason, Graham does an impression of a water spout, Eric Schmidt shares a new and unexpected take on “do no evil”, and our hosts feel like David Attenborough as they witness herds of…
Read MoreIranian cyberespionage group deploys new BlackSmith malware in sophisticated spear-phishing campaign
A known Iranian APT group has revamped its malware arsenal in a campaign against a prominent Jewish religious figure, security researchers have found. The new toolset, dubbed BlackSmith, bundles most features from the group’s previous tools with a new malware loader and PowerShell-based trojan, and it is likely being used as part of a larger…
Read More
Taiwanese hardware vendor QNAP has added a Security Center with ransomware protection capabilities to the latest version of its QTS operating system for network-attached storage (NAS) devices. The new Security Center in QTS 5.2 monitors for suspicious file operations to detect and block ransomware threats. If any unusual activity is detected, customers can choose to…
Read More
“I have given extensive consideration to the question of whether the OAIC should invest further resources in scrutinizing the actions of Clearview AI, a company that has already been investigated by the OAIC and which has found itself the subject of regulatory investigations in at least three jurisdictions around the world as well as a…
Read More
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. LiteSpeed Cache is open-source and the most popular WordPress site acceleration plugin, with over 5 million active installations and support for WooCommerce, bbPress, ClassicPress, and Yoast SEO. The unauthenticated privilege escalation vulnerability (CVE-2024-28000)…
Read More
Aug 21, 2024Ravie LakshmananCyber Espionage / Malware A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign. Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level…
Read MoreAccess Denied You don’t have permission to access “http://cybersecurity.att.com/blogs/security-essentials/cybersecurity-compliance-as-a-service-your-ticket-to-saving-money-time-and-sanity-with-cybersecurity-compliance” on this server. Reference #18.c5d7ce17.1724258600.b510715 https://errors.edgesuite.net/18.c5d7ce17.1724258600.b510715 Source link lol
Read More
In this blogpost we discuss an uncommon type of phishing campaign targeting mobile users and analyze a case that we observed in the wild that targeted clients of a prominent Czech bank. This technique is noteworthy because it installs a phishing application from a third-party website without the user having to allow third-party app installation.…
Read More
Aug 21, 2024Ravie LakshmananSoftware Security / Vulnerability Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft’s Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (SSRF) attack. “An authenticated attacker can…
Read More