Category: AI in news

Aug 29, 2024Ravie LakshmananIoT Security / Vulnerability A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 (CVSS score: 8.7), the vulnerability in question, is a “command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that…

Read More

U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm (formerly Rubidium), Parisite, and UNC757, which it described…

Read More

Angler employed advanced evasion techniques, including checking for virtual machines and sandbox environments to avoid detection by security researchers, leading to its popularity and significance in the cybersecurity community. Angler’s activities ceased abruptly in mid-2016, reportedly, due to law enforcement actions in Russia against cybercriminals allegedly linked to Angler. First charged in 2023 The Belarusian…

Read More

2024 looks set to be the highest-grossing year yet for ransomware gangs, due – in no small part – to emboldened cybercriminals causing costly disruption at larger companies. Read more in my article on the Exponential-e blog. Source link lol

Read More

Hackers who seized control of the official Instagram account of McDonald’s claim that they managed to steal US $700,000 from unsuspecting investors by promoting a fake cryptocurrency. Earlier this month, hackers promoted a worthless cryptocurrency token they dubbed “GRIMACE” to the 5.1 million people following McDonald’s Instagram account. At the same time, tweets from the…

Read More

If you’ve been in cybersecurity for the past five to 10 years, you’ve probably heard the term “threat-informed defense.” Simply stated, a threat-informed defense focuses security teams, technologies, and budgets on those threats most likely to impact a particular organization, industry, geography, etc. The concept basically aligns with the famous (and often referenced) quote from…

Read More

Aug 29, 2024Ravie LakshmananOnline Crime / Privacy French prosecutors on Wednesday formally charged CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russian-born Durov, who is also a French citizen, has been charged with being complicit in the spread…

Read More

Finally in April 2022, the group launched a major attack that crippled 27 Costa Rican government organizations causing disruptions in the country’s customs and taxes platforms, impacting foreign trade and payroll payments. In response, the US State Department put up a $10 million reward for information about the identity or location of Conti’s leaders, as…

Read More

Poortry/BurntCigar, first discovered by Mandiant, is a malicious kernel driver used in conjunction with a loader dubbed Stonestop that attempts to bypasses Microsoft Driver Signature Enforcement. Both the driver and the loader are heavily obfuscated by commercial or open-source packers, such as VMProtect, Themida or ASMGuard. The driver tries to disguise itself by using the…

Read More

Aug 28, 2024Ravie LakshmananVulnerability / Data Security Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL database.…

Read More