Schneier on Security

DECEMBER 22, 2023

Interesting attack on a LLM: In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents. We show that attackers can prepare websites that, when a user adds them as a source, manipulate the LLM into sending private information to the attacker or perform other malicious activities.

304

304

Tech Republic Security

DECEMBER 22, 2023

ESET's latest report highlights the abuse of the ChatGPT name, the rise of the Lumma Stealer malware and the Android SpinOk SDK spyware.

Threat Reports 178

Threat Reports Spyware Malware Artificial Intelligence 178

Schneier on Security

DECEMBER 22, 2023

Ben Rothke chose A Hacker’s Mind as “the best information security book of 2023.

Information Security 199

Information Security 199

Security Affairs

DECEMBER 22, 2023

The Akira ransomware group announced it had breached the network of Nissan Australia, the Australian branch of the car maker giant. The Akira ransomware gang claimed to have breached Nissan Australia and to have stolen around 100GB of files from the carmaker giant. The company refused to pay the ransom and the ransomware gang threatened to leak the alleged stolen documents, including project data, clients’ and partners’ info, and NDAs. “We’ve obtained 100 GB of data of N

Ransomware 142

Ransomware Data breaches Financial Services Scams 142

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

DECEMBER 22, 2023

Three malicious Chrome extensions posing as VPN (Virtual Private Networks) infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers. [.

VPN 136

VPN Hacking 136

Tech Republic Security

DECEMBER 22, 2023

Here's a list of the 20 most popular articles published by TechRepublic in 2023.

Artificial Intelligence 174

Artificial Intelligence 174

Security Boulevard

DECEMBER 22, 2023

A hospital situated near Kansas City, Missouri, has encountered significant challenges in delivering patient care this week following a cyberattack that severely impacted its systems. Liberty Hospital provided an update Read More The post Kansas City Hospital Ransomware Attack Consequences appeared first on Axio. The post Kansas City Hospital Ransomware Attack Consequences appeared first on Security Boulevard.

Ransomware 119

Ransomware Cyber Risk Healthcare Risk 119

Security Affairs

DECEMBER 22, 2023

A member of the Lapsus$ cyber extortion group, Arion Kurtaj, has been sentenced to an indefinite hospital order. The UK Southwark Crown Court has sentenced Arion Kurtaj , a prominent member of the international cyber extortion gang Lapsus$ , to an indefinite hospital order. Over the years, the Lapsus$ gang compromised many high-profile companies such as NVIDIA , Samsung , Ubisoft , Mercado Libre, Vodafone , Microsoft , Okta , and Globant.

Hacking 128

Hacking Mobile Cybercrime Information Security 128

Bleeping Computer

DECEMBER 22, 2023

Europol has notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases. [.

Hacking 113

Hacking 113

Security Boulevard

DECEMBER 22, 2023

In this blog, Cavelo CEO James Mignacca and cybersecurity strategist Mark Sangster talk through cybersecurity obligations and best practices for law firms. The post How Cybersecurity for Law Firms has Changed appeared first on Security Boulevard.

Cybersecurity 109

Cybersecurity 109

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

DECEMBER 22, 2023

The digital realm is no stranger to ingenious exploits, and the latest breakthrough in cybersecurity research is no exception. Researchers have unveiled “Mayhem,” a formidable attack technique that targets the very heart of computing... The post CVE-2023-42465: SUDO Affected by Stack/Register Flaw, OpenSSH, OpenSSL, and MySQL are Vulnerable appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Cybersecurity 111

Heimadal Security

DECEMBER 22, 2023

Citrix bugs caused a lot of problems throughout the year, and as we’re closing down 2023, it seems it’s not over. This time, Xfinity, Comcast’s cable television and internet division has been the victim of a data breach caused by the Citrix bug. Almost every customer of Xfinity was impacted, as attackers accessed tens of […] The post Comcast’s Xfinity Breached: Data of 36 Million Users Exposed appeared first on Heimdal Security Blog.

Data breaches 101

Data breaches Internet Internet 101

Penetration Testing

DECEMBER 22, 2023

PEnetration TEsting Proxy PETEP (PEnetration TEsting Proxy) is an open-source Java application for creating proxies for traffic analysis & modification. The main goal of PETEP is to provide a useful tool for performing penetration tests... The post PEnetration TEsting Proxy: open-source Java application for traffic analysis & modification appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Security Boulevard

DECEMBER 22, 2023

Dozens of banks around the word are in the crosshairs of a threat group using JavaScript web injections to steal users’ bank account credentials. The campaign, which the hackers have been preparing for since December 2022 and which emerged in March, has targeted 40 banks in North and South America, Europe, and Japan, and has. The post Web Injection Campaign Targets 40 Banks, 50,000 Users appeared first on Security Boulevard.

Banking 95

Banking Accountability Malware Cybersecurity 95

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

DECEMBER 22, 2023

Ubisoft is investigating whether it suffered a breach after images of the company's internal software and developer tools were leaked online.

Software 106

Software 106

The Hacker News

DECEMBER 22, 2023

Threat hunters have discovered a rogue WordPress plugin that's capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri.

101

101

Bleeping Computer

DECEMBER 22, 2023

Today, the Akira ransomware gang claimed that it breached the network of Nissan Australia, the Australian division of Japanese car maker Nissan. [.

Ransomware 104

Ransomware 104

Heimadal Security

DECEMBER 22, 2023

ESO Solutions, a key software provider for healthcare and emergency services, was the victim of a ransomware attack. This cyberattack led to unauthorized data access and encryption of various company systems. The breach, initially identified on September 28th, marked the start of a detailed investigation to understand its full impact. Extent of data exposure During […] The post Major Data Breach at ESO Solutions Affects 2.7 Million Patients appeared first on Heimdal Security Blog.

Data breaches 90

Data breaches Healthcare Encryption Ransomware 90

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

DECEMBER 22, 2023

Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. [.

Ransomware 84

Ransomware Hacking 84

Penetration Testing

DECEMBER 22, 2023

In the ever-evolving world of cyber threats, a new player has emerged in the Android ecosystem, known as “Android/Xamalicious.” This backdoor, discovered by the McAfee Mobile Research Team, represents a new wave of sophisticated... The post Android/Xamalicious Malware Hijacks 327K+ Android Devices appeared first on Penetration Testing.

Penetration Testing 97

Penetration Testing Malware Cyber threats Mobile 97

The Hacker News

DECEMBER 22, 2023

Indian government entities and the defense sector have been targeted by a phishing campaign that's engineered to drop Rust-based malware for intelligence gathering. The activity, first detected in October 2023, has been codenamed Operation RusticWeb by enterprise security firm SEQRITE.

Government 90

Government Malware Engineering Encryption 90

WIRED Threat Level

DECEMBER 22, 2023

Members of the US Congress touted improvements to children’s privacy protections as an urgent priority. So why didn’t they do anything about it?

90

90

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

DoublePulsar

DECEMBER 22, 2023

I monitor (in an amateur, clueless way) ransomware groups in my spare time, to see what intelligence can be gained from looking at victim orgs and what went wrong. Basically, I’m a giant big dork with too much free time. I’ve discovered two organisations with ransomware incidents, where the entry point appears to have been Exchange Server 2013 with Outlook Web Access enabled, where all available security updates were applied.

Ransomware 79

Ransomware Internet Internet Software 79

The Hacker News

DECEMBER 22, 2023

A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language.

Malware 98

Malware Engineering Phishing 98

Heimadal Security

DECEMBER 22, 2023

The National Security Agency (NSA) has unveiled its ‘2023 Cybersecurity Year in Review’ This document highlights the agency’s achievements in enhancing national security through cybersecurity. It emphasizes the value of NSA’s collaborations with U.S. government agencies, international allies, and the Defense Industrial Base, underlining the collective effort in facing sophisticated cybersecurity threats.

Cybersecurity 77

Cybersecurity Government 77

We Live Security

DECEMBER 22, 2023

How cybercriminals take advantage of the popularity of ChatGPT and other tools of its ilk to direct people to sketchy sites, plus other interesting findings from ESET's latest Threat Report

Threat Reports 76

Threat Reports 76

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Boulevard

DECEMBER 22, 2023

Recent attacks have demonstrated a significant growth in Zero Days and Remote Code Execution. Kratikal has observed that threat actors have placed a special focus on Web Apps, IoT, and Open-Source tools. In this blog, we will discuss a recently found Remote Code Execution attack in Apache Struts2. Apache Struts helps developers to create web applications […] The post Impact of Apache Struts2 Code Execution Vulnerability appeared first on Kratikal Blogs.

IoT 75

IoT Cyber Attacks Cybersecurity Network Security 75

WIRED Threat Level

DECEMBER 22, 2023

I tried to sell a futon on Facebook Marketplace and nearly all I got were scammers.

Hacking 111

Hacking 111

Security Boulevard

DECEMBER 22, 2023

Codenotary added machine learning algorithms to the search engine it provides for its Trustcenter platform for generating and managing SBOMs. The post Codenotary Adds Machine Learning Algorithms to SBOM Search Tool appeared first on Security Boulevard.

Engineering 75

Engineering Software Risk Government 75

NopSec

DECEMBER 22, 2023

Happy Holidays! As we close out 2023 we do it with a bit of deja vu (depending on how sharp your memory is). This month we cover an Apache Struts 2 vulnerability that could result in remote command execution (RCE). If that sounds familiar it’s because the Equifax breach of 2017 was a result of an Apache Struts vulnerability. We also dive into a JetBrains TeamCity authentication bypass vuln that results in trivial command execution.

Authentication 59

Authentication Risk Engineering Encryption 59

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government