Ars Technica
Amazon unleashes Q, an AI assistant for the workplace
Aimed at the office, Amazon Q can summarize docs and assist with programming tasks.
Bleeping Computer
Popular Q&A app Curious Cat loses domain, posts bizarre tweets
Popular social networking and anonymous Q&A app, Curious Cat has lost control of its domain. Soon after the platform announced losing control of their domain, a series of bizarre events and support responses have confused the app users who are now unable to trust Curious Cat.
SecurityWeek
Insider Q&A: CIA’s Chief Technologist’s Cautious Embrace of Generative AI
Interview: Nand Mulchandani was named CTO at the CIA in 2022 after a stint at the Pentagon’s Joint Artificial Intelligence Center.
The Record
Q & A: Sick Codes talks tractor hacks
The talk of DEF CON 2022 was the handiwork of a white hat hacker named Sick Codes. On stage, he demonstrated how he broke the digital locks of a John Deere tractor. He did it with such ease, it made people start to wonder: just how hack-able is the world’s agriculture sector?
SecurityWeek
Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges
Interview with Craig Martell, Chief Digital and AI Officer (CDAO) for the U.S. Department of Defense, about AI use in the military.
Cyber Security News
Beware of Malicious 7ZIP on the Microsoft App Store that Delivers Malware
Hackers target 7ZIP due to its widespread use and popularity, making it a lucrative vector for spreading malware.
The Record
Q&A: How to protect data in post-quantum world
People, governments and corporations place a lot of trust in encryption algorithms to protect their data. But cybersecurity experts have warned for years that current algorithms may become useless when quantum computers arrive.
DarkReading
Q&A: The Cybersecurity Training Gap in Industrial Networks
Cyberattacks and threats increasingly are honed in on ICS/OT networks, but security training for operators of these critical infrastructure environments is perilously scarce.
The Record
A Q&A with the chief technical officer at Ukrtelecom
An interview with Dmytro Mykytiuk, chief technical officer at Ukrtelecom, from shortly before an apparent cyberattack struck the ISP.
DarkReading
Q&A: Lessons Learned From the Middle East's National Cyber Drills
What happens in the regional critical-infrastructure cyber drills, who runs them, and what happens to the results.
DarkReading
Q&A: How One Company Gauges Its Employees' Cybersecurity 'Fluency'
Cybersecurity compliance training is commonplace, but one Jordan-based company has taken an extra step in testing.
DarkReading
Q&A: Tel Aviv Railway Project Bakes in Cyber Defenses
How a light railway in Israel is fortifying its cybersecurity architecture amid an increase in OT network threats.
The Cyber Wire
We belong: Q&A with Miriam Saffer: Creative, pragmatic, and resilient.
Each month, N2K shares our commitment to workplace diversity, equity, inclusion, and belonging by featuring a representative female voice to shine a light on the answers to the tough questions we all need to ask to make sure each and every one of us is seen, heard, and belongs. Chris Hare: Can you please introduce yourself, Miriam? Tell us a bit about who you are and what your connection is to the topic of diversity, equity, inclusion, and belonging. What challenges have you faced in the workplace and how did you overcome them? Miriam Saffer: I never intended to have a career in DEI&B, and I don’t think it ever occurred to me that I’d have a personal connection either! I started my career in teaching, and I absolutely loved working with young people with special educational needs. Having found school pretty tough myself, I found myself able to connect with my students and felt that I was really able to make a difference.
The Cyber Wire
We belong: Q&A with Jac Lai: Passionate, hopeful, and loyal.
Each month, N2K shares our commitment to workplace diversity, equity, inclusion, and belonging by featuring a representative female voice to shine a light on the answers to the tough questions we all need to ask to make sure each and every one of us is seen, heard, and belongs.
The Record
Pegasus is listening: Q&A with Paul Rusesabagina’s daughter Carine Kanimba
Carine Kanimba’s father may be one of the most famous Rwandans on earth – Paul Rusesabagina. He was the manager of the Hôtel des Mille Collines, and he sheltered more than 1,200 Rwandans during the 1994 genocide. Now his daughter is at the center of a Capitol Hill inquiry into the the proliferation of commercial spyware, a particular program called Pegasus, and the future of the company that created it.
DarkReading
Q&A: How Israeli Cybersecurity Companies Endure Through the Conflict
As Israeli employees get called up for reserve military duty, the impact on their day jobs and employers is still being calculated.
DarkReading
Q&A: UK Ambassador on Creating New Cybersecurity Agencies Around the World
How the UK is assisting other nations in forming their own versions of a National Centre for Cybersecurity (NCSC).
Security Affairs
Spyware, ransomware and Nation-state hacking: Q&A from a recent interview
I transcribed a recent interview, here some questions and answers about nation-state hacking, spyware, and cyber warfare. Enjoy” How has spyware changed the rules of cyber security in recent years? What will cyber security look like now that those tools are all over the internet? In the last decade, we have observed a progressive weaponization […]
Computerworld
Q&A: How employee monitoring can sometimes do more harm than good
There may be valid reasons for monitoring workers — to improve workplace safety, for instance, or safeguard against dangerous behavior. But workplace surveillance can also become invasive and break the trust between employer and employee, according to a new study.
Computerworld
Q&A: How one CSO secured his environment from generative AI risks
Having a plan in place before deploying genAI for software product development and employee assistance tools is critical, says Navan CSO Prabhath Karanth. Otherwise, the threat potential is high.
Computerworld
Q&A: Cisco CIO sees AI embedded in every product and process
After little more than a year on the job, Cisco CIO Fletcher Previn can already see that AI will create productivity and efficiency gains well worth the money spent on developing domain-specific models to address internal and external business plans.
The Record
Q & A: What comes after Hydra, the darknet marketplace that changed everything?
Hydra was a darknet superstore. It started out as an online illegal drug site and morphed into a billion-dollar business with codes of conduct, customer support, and legal and medical services. It had started offering money laundering services when German authorities finally shut it down in April. Now people are asking: who or what will replace it?
Bleeping Computer
15,000 sites hacked for massive Google SEO poisoning campaign
Hackers are conducting a massive black hat search engine optimization (SEO) campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums.
Security Affairs
Massive Black hat SEO campaign used +15K WordPress sites
Experts warn of a malicious SEO campaign that has compromised over 15,000 WordPress websites to redirect visitors to fake Q&A portals. Since September 2022, researchers from security firm Sucuri have tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. The campaign’s end goal appears to be black hat SEO aimed at […]
Computerworld
Q&A: At MIT event, Tom Siebel sees ‘terrifying’ consequences from using AI
At MIT Technology Review's EmTech Digital conference, Tom Siebel, the CEO of C3 AI and founder of CRM vendor Siebel Systems, said he's been asked by government and military officials to create AI for what he sees as unethical purposes.
Computerworld
Q&A: Cisco CIO Fletcher Previn on the challenges of a hybrid workplace
Securing Cisco's networks, creating and maintaining company culture, and dealing with a dearth of IT talent are among the difficult issues with which Cisco CIO Fletcher Previn says he's grappling.
Computerworld
Q&A: TIAA's CIO touts top AI projects, details worker skills needed now
Sastry Durvasula, the chief information and client services officer at TIAA, has been leading an initiative to deploy AI in a myriad of business operations to create greater efficiencies and improve client experiences.
Security Affairs
FiXS, a new ATM malware that is targeting Mexican banks
Researchers at Metabase Q discovered a new ATM malware, dubbed FiXS, that was employed in attacks against Mexican banks since February 2023. Researchers at Metabase Q recently spotted a new ATM malware, dubbed FiXS, that is currently targeting Mexican banks. The name comes from the malware’s code name in the binary. The experts have yet to determine […]
Ars Technica
Artists astound with AI-generated film stills from a parallel universe
A Q&A with "synthographer" Julie Wieland on the #aicinema movement.
Computerworld
Q&A: CISO sees 'enterprise' browser as easier way to monitor employee web use
Bob Schuetter, CISO at Ashland Specialty Chemicals, has been piloting a new enterprise-specific browser as a way to secure web traffic and company data associated with SaaS applications.
DataBreaches
Omnicell reveals ransomware incident in SEC filing
From their May 9 10-Q filing: Our IT systems and third-party cloud services are potentially vulnerable to cyber-attacks, including ransomware, or other data...
The Record
Afrobeats artist Steven Adeoye on the cybercrime-inspired TikTok hit “Ali”
A Q&A Steven Adeoye on the line between art and its inspiration.
Bleeping Computer
Hackers start using double DLL sideloading to evade detection
An APT hacking group known as "Dragon Breath," "Golden Eye Dog," or "APT-Q-27" is demonstrating a new trend of using several complex variations of the classic DLL sideloading technique to evade detection.
DataBreaches
A data breach that put 688,000 patients at risk just became … even worse
Q: What’s worse than a really bad data breach involving patient and employee data? A: A really bad data breach where the data gets leaked on the internet...
Security Affairs
AdSense fraud campaign relies on 10,890 sites that were infected since September 2022
The threat actors behind a massive AdSense fraud campaign infected 10,890 WordPress sites since September 2022. In November 2022, researchers from security firm Sucuri reported to have tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. The experts were tracking the campaign since September 2022, the campaign’s end goal was black […]
Security Affairs
Experts warn of two flaws in popular open-source software ImageMagick
Experts disclosed details of two security flaws in the open-source software ImageMagick that could potentially lead to information disclosure or trigger a DoS condition. Researchers at Metabase Q discovered a couple of security vulnerabilities in the open-source image manipulation software ImageMagick that could potentially lead to information disclosure or trigger a Denial of Service (DoS) condition (CVE-2022-44268, CVE-2022-44267). ImageMagick is […]
DarkReading
Software Development Pipelines Offer Cybercriminals 'Free-Range' Access to Cloud, On-Prem
A Q&A with NCC Group's Viktor Gazdag ahead of a Black Hat USA session on CI/CD pipeline risks reveals a scary, and expanding, campaign vector for software supply chain attacks and RCE.
Security Affairs
Dragon Breath APT uses double-dip DLL sideloading strategy
An APT group tracked as Dragon Breath has been observed employing a new DLL sideloading technique. Sophos researchers observed an APT group, tracked as Dragon Breath (aka APT-Q-27 and Golden Eye), that is using a new DLL sideloading technique that adds complexity and layers to the execution of the classic DLL sideloading. The attack consists of a clean […]
Ars Technica
Can you melt eggs? Quora’s AI says “yes,” and Google is sharing the result
Incorrect AI-generated answers are forming a feedback loop of misinformation online.
Ars Technica
OpenAI’s most powerful chatbot API rolls out for all paying customers
Dropping waitlist, devs can build the GPT-4 language model into their apps.
Cyber Security News
ChatGPT Powered Polymorphic Malware Bypasses Endpoint Detection Filters
The number of monthly users of ChatGPT exceeded 100 million at the end of January, which sets a new record for the fastest-growing app
DataBreaches
French CNIL is setting the tone for 2023: patients data and medical research on its radar
Julie Schwartz and Patrice Navarro of HoganLovells write: CNIL has always been very attentive to the processing of health data and to their security and...
Ars Technica
OpenAI conquers rhyming poetry with new GPT-3 update
Refinement to AI language model generates rhyming compositions in various styles.
The DFIR Report
Diavol Ransomware
In this report, we observed threat actors deploy multiple Cobalt Strike DLL beacons, perform internal discovery using Windows utilities, execute lateral movement using AnyDesk and RDP, dump credentials multiple ways, exfiltrate data and deploy domain wide ransomware in as little as 42 hours from initial access.
Infosecurity News
Malware Redirects 15,000 Sites in Malicious SEO Campaign
Campaign designed to improve search engine rankings of spammy sites
Ars Technica
Researchers discover that ChatGPT prefers repeating 25 jokes over and over
When tested, "Over 90% of 1,008 generated jokes were the same 25 jokes."
Trend Micro
Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence
This blog entry will examine Trend Micro MDR team's investigation that successfully uncovered the intrusion sets employed by Earth Kapre in a recent incident, as well as how the team leveraged threat intelligence to attribute the extracted evidence to the cyberespionage threat group.
The Hacker News
Massive AdSense Fraud Campaign Uncovered - 10,000+ WordPress Sites Infected
Over 10,000 Sites Found Infected in Massive AdSense Fraud Campaign Involving Fake URL Shorteners
SecurityWeek
Apple Patch Day: Gaping Security Holes in iOS, macOS, iPadOS
Apple released fixes for at least 39 security defects iOS/iPadOS, warning that the most serious of the flaws could expose users to remote code execution attacks
Bleeping Computer
PuTTY SSH client flaw allows recovery of cryptographic private keys
A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation.
Ars Technica
Researcher uses 600-year-old algorithm to crack crypto keys found in the wild
It takes only a second to crack the handful of weak keys. Are there more out there?
CyberNews
Exclusive-OpenAI researchers warned board of AI breakthrough ahead of CEO ouster -sources
Ahead of OpenAI CEO Sam Altman’s firing, staff researchers sent the Board a letter warning of a powerful artificial intelligence discovery that could threaten humanity.
Ars Technica
Passkeys may not be for you, but they are safe and easy—here’s why
Answering common questions about how passkeys work.
Bleeping Computer
Increase your skills with $455 off advanced cybersecurity courses
Learning cybersecurity is a cornerstone of a better IT career, regardless of your track. Get started with these five advanced cybersecurity training courses for $79.99, $455 off the $535 MSRP.
The Hacker News
Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign
A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus QA portals.
Cyber Security News
XSS Vulnerability in Google Subdomain Let Hackers Hijacks the User Sessions
Security researcher Henry N. Caga has identified a significant cross-site scripting (XSS) vulnerability within a Google sub-domain.
Naked Security
Apple patches 87 security holes – from iPhones and Macs to Windows
Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.
Naked Security
Did we learn nothing from Y2K? Why are some coders still stuck on two digit numbers?
Calling all website coders: Y2K was then. V1H is now!
Latest Hacking News
Lapsus$ Teen Hackers Convicted: Unraveling the Grand Theft Auto 6 Leak and High-Profile Cyberattacks
In recent times, the world of cybersecurity has been rocked by a series of audacious cyberattacks. At the heart of these attacks is the notorious Lapsus$ teen hackers group, primarily composed of teenagers. Their high-profile
CyberSecurity Dive
Rackspace records $5M in expenses related to 2022 ransomware attack
The cloud services company expects insurance to cover its incident costs, however multiple lawsuits are still pending.
Ars Technica
ChatGPT and Whisper APIs debut, allowing devs to integrate them into apps
New ChatGPT API can generate text that's a tenth of the cost of previous models.
Infosecurity News
NIST Publishes Draft Post-Quantum Cryptography Standards
The draft standards are expected to become the global benchmark for quantum-resistant cybersecurity across the world in 2024
Trend Micro
Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware
We analyzed cases of a Log4Shell vulnerability being exploited in certain versions of the software VMware Horizon. Many of these attacks resulted in data being exfiltrated from the infected systems. However, we also found that some of the victims were infected with ransomware days after the data exfiltration.
Infosecurity News
Ransomware Hits American Healthcare Company Omnicell
Ransomware impacted certain internal systems
The DFIR Report
Netsupport Intrusion Results in Domain Compromise - The DFIR Report
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report … Read More
Bleeping Computer
Slack is down, massive outage blocks user logins and messages
Slack is experiencing a worldwide outage preventing users from posting messages, uploading images, or connecting to their servers.
Security Affairs
The Quantum Computing Cryptopocalypse – I’ll Know It When I See It
Can quantum computing break cryptography? Can it do it within a person’s lifetime? Will it be a cryptopocalypse, as some experts suggest?
Trend Micro
YourCyanide: A CMD-based Ransomware With Multiple Layers of Obfuscation
The Trend Micro Threat Hunting team recently analyzed a series of CMD-based ransomware variants with a number capabilities such as stealing user information, bypassing remote desktop connections, and propagating through email and physical drives.
Trend Micro
Private 5G Network Security Expectations Part 2
The importance of proof of “security” concepts in private 5G networks: Are verifications of system operations and new functions sufficient for your proof of concept in private wireless networks?
The Hacker News
New FiXS ATM Malware Targeting Mexican Banks
A new ATM malware strain dubbed FiXS has been observed targeting Mexican banks since February 2023.
Bleeping Computer
Amazon gets $888 million GDPR fine for behavioral advertising
Amazon has quietly been hit with a record-breaking €746 million fine for alleged GDPR violations regarding how it performs targeted behavioral advertising.
Naked Security
You’re invited! Join us for a live walkthrough of the “Follina” story…
Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!
CSO
NIST publishes draft post-quantum cryptography standards, calls for industry feedback
The standards are designed as a global framework to help organizations protect themselves from future quantum-enabled cyberattacks.
Infosecurity News
Tick APT Group Hacked East Asian DLP Software Firm
The hacker breached the DLP company's internal update servers to deliver malware within its network
CyberNews
Sam Altman calls GPT-4 “the dumbest model”
At a question-and-answer session at Stanford University, Sam Altman slammed his own creations, ChatGPT and GPT-4, calling them dumb and not phenomenal.
Bleeping Computer
Food distribution giant Sysco warns of data breach after cyberattack
Sysco, a leading global food distribution company, has confirmed that its network was breached earlier this year by attackers who stole sensitive information, including business, customer, and employee data.
The Hacker News
Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen
Mispadu banking trojan targets Latin American countries, compromising legit websites and stealing credentials.
Ars Technica
Robot dogs armed with AI-targeting rifles undergo US Marines Special Ops evaluation
Quadrupeds being reviewed have automatic targeting systems but require human oversight to fire.
Bleeping Computer
Gootkit malware abuses VLC to infect healthcare orgs with Cobalt Strike
The Gootkit loader malware operators are running a new SEO poisoning campaign that abuses VLC Media Player to infect Australian healthcare entities with Cobalt Strike beacons.
Ars Technica
How worried should we be about the “AutoSpill” credential leak in Android password managers?
This newly discovered vulnerability is real, but it's more nuanced than that.
Ars Technica
OpenAI invites everyone to test new AI-powered chatbot—with amusing results
ChatGPT aims to produce accurate and harmless talk—but it's a work in progress.
Ars Technica
If your Netgear Orbi router isn’t patched, you’ll want to change that pronto
The threat is serious enough to warrant a manual check ASAP.
Bleeping Computer
Microsoft investigates Windows 11 22H2 Remote Desktop issues
Microsoft is investigating user reports of issues with Remote Desktop on Windows 11 systems after installing the Windows 11 2022 Update.
Ars Technica
Endless Seinfeld episode grinds to a halt after AI comic violates Twitch guidelines
Unintended transphobic act by AI-powered Jerry Seinfeld clone leads to 14-day ban.
DataBreaches
Notice of Privacy Incident of Historical Health Records – California Secretary of State
From the FAQ (both the FAQ and HTML version have occasional errors and label certain dates 2023 when they were 2022): 1. What happened? On December 23, 2022,...
Bleeping Computer
Intel and Lenovo servers impacted by 6-year-old BMC flaw
An almost 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers has been overlooked by many device vendors, including Intel and Lenovo.
The Hacker News
Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company
Researchers have discovered a cyberattack on an East Asian data-loss prevention company that targeted its high-value government and military customers
ZDNet
Arlo will end support for these older cameras in April. Here's what you need to know
Some of Arlo's older devices are reaching end-of-life in April, while some other models will see their end of support next year.
CyberSecurity Dive
MGM Resorts anticipates no further disruptions from September cyberattack
The company expects insurance to cover more than $100 million in losses stemming from lost bookings and disruptions at its Las Vegas properties.
Infosecurity News
EU Urged to Prepare for Quantum Cyber-Attacks
A discussion paper from the European Policy Centre sets out recommendations for an EU quantum cybersecurity agenda
Ars Technica
“A really big deal”—Dolly is a free, open source, ChatGPT-style AI model
Dolly 2.0 could spark a new wave of fully open source LLMs similar to ChatGPT.
Bleeping Computer
Malicious KMSPico installers steal your cryptocurrency wallets
Threat actors are distributing altered KMSpico installers to infect Windows devices with malware that steals cryptocurrency wallets.
DarkReading
Amnesty International Cites Indonesia as a Spyware Hub
The growing amount of surveillance technology being deployed in the country is concerning due to Indonesia's increasing blows to civic rights.
SecurityWeek
SYN Ventures Closes $300M Fund for Cybersecurity Bets
SYN Ventures has closed a new $300 million fund and announced the addition of serial entrepreneur Ryan Permeh as full-time operating partner.
SecurityWeek
Data Security Firm Fortanix Raises $90M Series C
Fortanix has now raised a total of $135 million since its launch in 2016 as a provider of data encryption technology using Intel SGX.
Bleeping Computer
Researchers extract RSA keys from SSH server signing errors
A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH (secure shell) connection attempts.
Ars Technica
OpenAI announces ChatGPT-4 Turbo and ChatGPT 3.5 Turbo model updates
GPT-4 wasn't putting in the work. Also, lower prices for GPT 3.5 Turbo, other model updates.
SecurityWeek
Threat-Intelligence Startup VulnCheck Closes $8M Seed Financing
VulnCheck banks $8 million in early stage capital to build 'exploit intelligence' technologies and services.
DataBreaches
ATM skimmers are still a thing– stay vigilant
There was a time when news stories about skimmers at banks, gas stations, and stores were all the rage. And then coverage dropped out of the headlines. But...
CyberSecurity Dive
Splunk to cut 7% of staff in latest layoff round this year
CEO Gary Steele said the cuts, which largely impact employees in the U.S., are not related to Cisco's deal to acquire the company.
Loading more articles....