Category: AI in news
May 13, 2024The Hacker NewsThreat Detection / SoC / SIEM In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time…
Read More
Aside from the lack of password security, NTLM has several other behaviors that make it a hacker’s paradise. First, it doesn’t require any local connection to a Windows Domain. Also, it is needed when using a local account and when you don’t know who the intended target server is. On top of these weaknesses, it…
Read More
The English-speaking actor named IntelBroker claimed that she gained access to Zscaler and that this access information was for sale in Breachforums. Allegedly, the actor has SMTP, certificate and many other access. BreachForums, also known as Breached, was a notorious English-language hacking forum launched in March 2022 as a successor to RaidForums. It gained notoriety…
Read More
A recent investigation by Recorded Future, a threat intelligence firm, has raised alarms about the use of Large Language Models (LLMs) as a powerful tool in information warfare. The company uncovered a network called CopyCop, allegedly linked to Russia, which has been leveraging LLMs to manipulate news from mainstream media outlets and spread disinformation. While…
Read More
The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. “The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall Street Journal, Workable, and…
Read More
Sixty-eight technology companies have joined the Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC). This public-private partnership aims to bolster the nation’s cyber defenses by fostering collaboration between government agencies and private sector organizations. This significant move comes in response to the increasing frequency and sophistication of cyberattacks targeting critical infrastructure and…
Read More
Some of the biggest names in the tech industry signed onto a public pledge, backed by the US Cybersecurity and Infrastructure Security Agency, promising to implement important software security measures in their products. The CISA “Secure By Design” pledge outlines seven areas in which signatories are expected to make significant improvements. Multifactor authentication should be…
Read MoreFriday Squid Blogging: Squid Mating Strategies Some squids are “consorts,” others are “sneakers.” The species is healthiest when individuals have different strategies randomly. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Tags: squid Posted on…
Read More
Spyware vendors are responsible for most exploits In a March report, researchers from Google’s Threat Analysis Group (TAG) and Mandiant, a Google subsidiary, counted 97 zero-day exploits being used in attacks during 2023. Commercial surveillance vendors that sell spyware to government customers were responsible for over 60% of the 37 exploits impacting browsers and mobile…
Read MoreNew Attack Against Self-Driving Car AI This is another attack that convinces the AI to ignore road signs: Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line…
Read More