Category: AI in news
Most Snowflake customers can heave a sigh of relief: The cloud data platform’s systems do not appear to have been compromised, cybersecurity researchers at Mandiant reported Monday. But they may have to make changes to how they authenticate to Snowflake all the same, as company is considering making multifactor authentication mandatory to access its systems.…
Read More
Secondary threats The exposure of source code held in repositories like this could reveal vulnerabilities that attackers can exploit to launch further attacks, security experts warned. “As well as the potential for risk to individuals through exposed PII [personally identifiable information], the leak also increases the risk to the NYT of further targeted intrusions through…
Read More
Jun 10, 2024NewsroomPhishing Attack / Cybercrime Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024, Canadian cybersecurity firm eSentire disclosed last…
Read More
Google has revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs as part of a coordinated influence operation connected to the People’s Republic of China (PRC). “The coordinated inauthentic network uploaded content in Chinese and English about China and U.S. foreign affairs,” Google Threat Analysis Group (TAG) researcher Billy Leonard said in…
Read More
Staying Sharp: Cybersecurity CPEs Explained Perhaps even more so than in other professional domains, cybersecurity professionals constantly face new threats. To ensure you stay on top of your game, many certification programs require earning Continuing Professional Education (CPE) credits. CPEs are essentially units of measurement used to quantify the time and effort professionals spend on…
Read MoreExploiting Mistyped URLs Interesting research: “Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains“: Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous hyperlinks, a malicious actor can spoof a website or service, impersonating the…
Read More
Morocco as an emerging cybercrime originator Although cybercrime operations are a global phenomenon, most financially motivated cybercriminals operate from a well-understood list of countries, including China, Russia, Ukraine, the US, Romania, and Nigeria. But at this year’s Sleuthcon, a new nation emerged that threatens to break into the ranks of top cybercrime havens: Morocco. Microsoft…
Read More
And in another similarity to conventional attack types, “nation-states are probably one of the biggest risks here because they have the ability and resources to invest in this [type of attack],” says David Youssef a managing director at FTI Consulting and leader of the North America incident response efforts for the firm’s cybersecurity practice. Bad…
Read More
Jun 08, 2024NewsroomVulnerability / Programming Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system. According to…
Read MoreFriday Squid Blogging: Squid Catch Quotas in Peru Peru has set a lower squid quota for 2024. The article says “giant squid,” but that seems wrong. We don’t eat those. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog…
Read More