Author: nlqip
LLMs’ Data-Control Path Insecurity Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That became his…
Read More
The Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its emergence in April 2022. In a joint advisory published by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services…
Read More
May 13, 2024NewsroomVulnerability / IoT Security Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. “These vulnerabilities include critical flaws that permit remote code execution and unauthorized privilege escalation, posing substantial risks to integral communication networks and…
Read More
May 13, 2024The Hacker NewsThreat Detection / SoC / SIEM In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time…
Read More
The 2024 RSA Conference has officially wrapped, and this year’s event served as the perfect backdrop for us to make our re-introduction to the industry. Introducing LevelBlue, the Trusted Cybersecurity Advisors On day one of RSA, we officially announced the launch of LevelBlue, formerly known as AT&T Cybersecurity. Signifying an exciting new start for the…
Read More
May 13, 2024NewsroomSoftware Security / Malware Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control (C2) framework within a PNG image of the project’s logo. The package employing this steganographic trickery is requests-darwin-lite, which…
Read More
Aside from the lack of password security, NTLM has several other behaviors that make it a hacker’s paradise. First, it doesn’t require any local connection to a Windows Domain. Also, it is needed when using a local account and when you don’t know who the intended target server is. On top of these weaknesses, it…
Read More
The English-speaking actor named IntelBroker claimed that she gained access to Zscaler and that this access information was for sale in Breachforums. Allegedly, the actor has SMTP, certificate and many other access. BreachForums, also known as Breached, was a notorious English-language hacking forum launched in March 2022 as a successor to RaidForums. It gained notoriety…
Read More
‘While we expect this process will take time to complete, we are making progress and systems are being restored in a coordinated manner at each of our care sites,’ Ascension said in an update over the weekend. Days after a reported ransomware attack paralyzed Ascension health system, shutting down its electronic health records system and…
Read More
A recent investigation by Recorded Future, a threat intelligence firm, has raised alarms about the use of Large Language Models (LLMs) as a powerful tool in information warfare. The company uncovered a network called CopyCop, allegedly linked to Russia, which has been leveraging LLMs to manipulate news from mainstream media outlets and spread disinformation. While…
Read More