Category: AI in news
Jul 09, 2024NewsroomVulnerability / Network Security Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity checks under certain circumstances. “The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks,” InkBridge…
Read More
Jul 09, 2024Newsroom Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo. The campaign, believed to have commenced as early as October 2019, has been attributed to a Houthi-aligned threat actor based on the application lures, command-and-control (C2) server logs, targeting footprint,…
Read More
“Typically, after successful initial access APT40 focuses on establishing persistence to maintain access on the victim’s environment,” said the advisory. “However, as persistence occurs early in an intrusion, it is more likely to be observed in all intrusions regardless of the extent of compromise or further actions taken.” A concerning trend identified in the advisory…
Read More
Jul 09, 2024NewsroomCyber Espionage / Threat Intelligence Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about a China-linked cyber espionage group called APT40, warning about its ability to co-opt exploits for newly disclosed security flaws within hours or days of public release.…
Read More
Pass the CRISC exam Adhere to the CRISC Code of Professional Ethics Demonstrate the required minimum work experience As noted, CRISC is intended as a relatively high-level cert; as such its holders must demonstrate real-world experience. To be certified, you must have at least three years of work experience performing tasks involved in two of the…
Read More
“The State of Fake Traffic 2024,” a report from security tech company CHEQ, shows just how big the problem is getting. According to its research, 17.9% of all observed traffic in 2023 was automated or invalid, a 58% increase from the 11.3% identified as such by CHEQ in the previous year. (Others that count all…
Read MoreOn the CSRB’s Non-Investigation of the SolarWinds Attack ProPublica has a long investigative article on how the Cyber Safety Review Board failed to investigate the SolarWinds attack, and specifically Microsoft’s culpability, even though they were directed by President Biden to do so. Tags: cyberattack, cyberespionage, DHS, Microsoft, national security policy, Russia Posted on July 8,…
Read More
Jul 08, 2024NewsroomCyber Espionage / Cloud Security A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration. Cybersecurity firm Kaspersky, which discovered the activity in May 2024, the tradecraft adopted by the threat actor bears similarities with that…
Read More
Jul 08, 2024NewsroomDark Web / Cyber Crime An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material (CSAM), indicating how such information could be used to combat serious crimes. “Approximately 3,300 unique users were found with accounts on known CSAM…
Read More
Is it only a few weeks since OpenAI announced its new app for macOS computers? To much fanfare, the makers of ChatGPT revealed a desktop version that allowed Mac users to ask questions directly rather than via the web. “ChatGPT seamlessly integrates with how you work, write, and create,” bragged OpenAI. What could possibly go…
Read More