Category: AI in news
Is there any truth behind the alleged data breach at Fortnite maker Epic Games? Who launched the ransomware attack that caused a fallout at pharmacies? And what’s the latest on the heart-breaking hack of Finnish therapy clinic Vastaamo? All this and much much more is discussed in the latest edition of the “Smashing Security” podcast…
Read More
A new attack campaign is targeting publicly accessible Docker, Hadoop, Confluence, and Redis deployments by exploiting common misconfigurations and known vulnerabilities. The attackers deploy previously unseen payloads including four binaries written in Golang. “Once initial access is achieved, a series of shell scripts and general Linux attack techniques are used to deliver a cryptocurrency miner,…
Read More
[ An analysis conducted by Binary Defense has revealed valuable insights into the workings of MalSync malware, also known as the DuckTail PHP variant. The analysis covers various aspects such as infection vectors, command line usage, malware capabilities, and reverse engineering efforts to decrypt and understand the malware. It also highlights the unique approach of…
Read More
Ukraine claims to have successfully hacked Russian military servers and gained access to highly sensitive information. According to an official statement from the Defence Intelligence of Ukraine, the hack has allowed Ukraine to gain possession of “the information security and encryption software” used by Russia’s Ministry of Defence (Minoborony), as well as secret documents, reports,…
Read More
Mar 06, 2024NewsroomCyber Crime / Ransomware The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. “ALPHV/BlackCat did not get seized. They are exit scamming their affiliates,” security researcher Fabian Wosar said. “It is blatantly obvious when you…
Read More
Operational technology (OT) organizations face increasing challenges when it comes to cybersecurity. Manufacturing in particular has become a bigger target for bad actors; in fact, it was one of the sectors most impacted by extortion attacks, according to Palo Alto Networks’ 2023 Unit 42 Extortion and Ransomware Report. As Industry 4.0 continues to roll out,…
Read More
Apple is advising immediate patching against two critical zero-day vulnerabilities attackers are using to carry out memory corruption attacks on Apple devices. Tracked as CVE-2024-23225 and CVE-2024-23296, the vulnerabilities allow attackers with arbitrary kernel read and write capabilities to bypass kernel memory protections on iOS kernel and RTKit (Apple’s real-time operating system), respectively. “Apple is aware…
Read More
Chinese mini PC manufacturer ACEMAGIC (do I really have to write that in capitals? I hate it when companies name themselves like that…) has made life a bit more interesting for its customers, by admitting that it has also been throwing in free malware with its products. Yup, the PC maker has ‘fessed up to…
Read MoreSurveillance through Push Notifications The Washington Post is reporting on the FBI’s increasing use of push notification data—”push tokens”—to identify people. The police can request this data from companies like Apple and Google without a warrant. The investigative technique goes back years. Court orders that were issued in 2019 to Apple and Google demanded that…
Read More
Mar 06, 2024The Hacker NewsData Security / Cloud Security Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn’t anyone’s fault; it’s inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally. For Security & Risk Management teams,…
Read More