Category: AI in news
Take That’s Gary Barlow chats up a pizza-slinging granny from Essex via Facebook, or does he? And a scam takes a sinister turn – for both the person being scammed and an innocent participant – in Ohio. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans…
Read More
According to the Orca researchers, it is a common practice to store credentials needed by these commands to execute successfully in environment variables in the Linux command-line environments used by these CLIs. The problem is that some of the AWS and Gcloud CLI commands also return these environment variables to stdout (standard output on Unix…
Read More
Apr 17, 2024NewsroomRansomware / Cyber Espionage A previously undocumented “flexible” backdoor called Kapeka has been “sporadically” observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked advanced persistent threat (APT) group tracked as Sandworm (aka…
Read More
They are successful in doing this because the data these organizations exfiltrate are business sensitive to their business owners, and in some instances, impact the operations of those businesses that encourage ransom payment, according to Laudanski. In an analysis of ransomware data over the last three years and isolating incidents that directly involved compromise of…
Read More
The introduction of Open AI’s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers…
Read More
Apr 17, 2024NewsroomVulnerability / Web Application Firewall Cybersecurity researchers have discovered a new campaign that’s exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to…
Read MoreUsing AI-Generated Legislative Amendments as a Delaying Technique Canadian legislators proposed 19,600 amendments—almost certainly AI-generated—to a bill in an attempt to delay its adoption. I wrote about many different legislative delaying tactics in A Hacker’s Mind, but this is a new one. Tags: A Hacker’s Mind, artificial intelligence, laws, LLM, noncomputer hacks Posted on April…
Read More
Apr 17, 2024NewsroomIoT Security / Network Security Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024. “These attacks all appear to be originating from TOR exit nodes and a range of other…
Read More
Rosenquist points to a past client that wanted to replace its human help desk with an AI chatbot for password resets. That bot, he says, would validate the user and reset corporate passwords for the IT department — a huge time-saver, but the system would require administrative access to sensitive credential systems that would be…
Read More
The proposed regulation in the NPRM applies to all organizations that are not considered “small businesses” as defined by the US Small Business Administration, except for small businesses that are considered “high-risk,” such as critical access hospitals in rural areas, owners and operators of nuclear facilities, and central school districts. In its 450-page NPRM, CISA…
Read More