Category: AI in news
Other Attempts to Take Over Open Source Projects After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique: The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to…
Read More
Incident response plan The healthcare industry has proven to be a high-value target for cybercriminals, with organizations in possession of sensitive data such as patients’ medical information, hospital bills, and other financial documents. Healthcare organizations must adopt a comprehensive incidence response plan to defend against growing ransomware threats, advised Azeem Aleem, MD of the UK…
Read More
Cybersecurity is still a relatively new profession that has battled to be heard and respected, she says, driving some cyber pros to feel insecure and overcompensate with arrogant, “messiah complex” antics. She says security is often viewed within the business as “a tax”, which chips away at the morale of cyber teams and their leaders.…
Read More
Apr 18, 2024NewsroomMalvertising / Endpoint Security A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. “The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search…
Read More
Take That’s Gary Barlow chats up a pizza-slinging granny from Essex via Facebook, or does he? And a scam takes a sinister turn – for both the person being scammed and an innocent participant – in Ohio. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans…
Read More
According to the Orca researchers, it is a common practice to store credentials needed by these commands to execute successfully in environment variables in the Linux command-line environments used by these CLIs. The problem is that some of the AWS and Gcloud CLI commands also return these environment variables to stdout (standard output on Unix…
Read More
Apr 17, 2024NewsroomRansomware / Cyber Espionage A previously undocumented “flexible” backdoor called Kapeka has been “sporadically” observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked advanced persistent threat (APT) group tracked as Sandworm (aka…
Read More
They are successful in doing this because the data these organizations exfiltrate are business sensitive to their business owners, and in some instances, impact the operations of those businesses that encourage ransom payment, according to Laudanski. In an analysis of ransomware data over the last three years and isolating incidents that directly involved compromise of…
Read More
The introduction of Open AI’s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers…
Read More
Apr 17, 2024NewsroomVulnerability / Web Application Firewall Cybersecurity researchers have discovered a new campaign that’s exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to…
Read More