AI-generated phishing emails just got much more convincingDid a criminally minded robot write this? In part, yes. GPT-3 language models are being abused to do much...
Year: 2023
0 - CT 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad Cyber Security News The Register
Royal Mail, cops probe ‘cyber incident’ that’s knackered international mail
Royal Mail, cops probe 'cyber incident' that's knackered international mailDon't go postal and call it a cyberattack because nobody knows (yet) what knocked out key system...
US think tank says China would probably lose if it tries to invade Taiwan
US think tank says China would probably lose if it tries to invade TaiwanBut even a short conflict would wreck the economy, which would be bad...
VALL-E AI can mimic a person’s voice from a three-second snippet
VALL-E AI can mimic a person’s voice from a three-second snippetAre you really saying what I’m hearing? Microsoft researchers are working on a text-to-speech (TTS) model...
0 - CT 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad Cyber Security News The Register
Lawyers slam SEC for ‘blatant fishing expedition’ after Exchange mega-attack
Lawyers slam SEC for 'blatant fishing expedition' after Exchange mega-attackNot a 'whiff of wrongdoing' here, says attorney now fighting off Uncle Sam The US Securities and...
0 - CT 0 - CT - Cybersecurity Architecture - Zero Trust Security 0 - CT - Cybersecurity Vendors - Microsoft Cyber Security News The Register
Microsoft fumbles zero trust upgrade for some Asian customers
Microsoft fumbles zero trust upgrade for some Asian customersEnhanced access privileges for partners choke on double-byte characters, contribute to global delays Microsoft has messed up a...
Euro-cops shut down crypto scam that bilked millions from unwitting punters
Euro-cops shut down crypto scam that bilked millions from unwitting puntersIf the investment opportunity sounds too good to be true … European cops arrested 15 suspected...
Announcing a stable release of sigstore-python
Announcing a stable release of sigstore-pythonBy William Woodruff Read the official announcement on the Sigstore blog as well! Trail of Bits is thrilled to announce the...
This can’t be a real bomb threat: You’ve called a modem, not a phone
This can’t be a real bomb threat: You've called a modem, not a phoneSecurity was nonetheless very, very, interested in hearing this comms engineer tell his...
Long data privacy notices aren’t foolproof, Euro watchdog tells Meta
Long data privacy notices aren't foolproof, Euro watchdog tells MetaAs Meta reels from €390 million EU fine, the 'personalized ads' case might not be over, Max...
ManageEngine CVE-2022-47966 IOCs
ManageEngine CVE-2022-47966 IOCsIntroduction The recent ManageEngine CVE-2022-47966 is a pre-authentication remote code execution vulnerability. Depending on the specific ManageEngine product, this vulnerability is exploitable if SAML single-sign-on...
Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions
Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious ExtensionsA new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to...
Microsoft Defender ASR rules strip icons, app shortcuts from Taskbar, Start Menu
Microsoft Defender ASR rules strip icons, app shortcuts from Taskbar, Start MenuHappy Friday 13th sysadmins! Techies find workarounds but Redmond still 'investigating' Techies are reporting that...
USENIX Security ’22 – Theresa Stadler, Bristena Oprisanu, Carmela Troncoso ‘Synthetic Data – Anonymisation Groundhog Day’
USENIX Security ’22 – Theresa Stadler, Bristena Oprisanu, Carmela Troncoso ‘Synthetic Data – Anonymisation Groundhog Day’Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security...
Top SaaS Cybersecurity Threats in 2023: Are You Ready?
Top SaaS Cybersecurity Threats in 2023: Are You Ready?Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by...
Yikes, Control Web Panel has Critical RCE — Patch NOW
Yikes, Control Web Panel has Critical RCE — Patch NOW Linanto’s popular web hosting control panel, CWP, has a nasty flaw. It’s easily exploitable—in fact, it’s being...
Randall Munroe’s XKCD ‘Washing Machine Settings’
Randall Munroe’s XKCD ‘Washing Machine Settings’ via the comic artistry and dry wit of Randall Munroe, resident at XKCD! Permalink The post Randall Munroe’s XKCD ‘Washing...
Canadian owes bosses for ‘time theft’ after work-tracking app sinks tribunal bid
Canadian owes bosses for 'time theft' after work-tracking app sinks tribunal bidShe hoped to score thousands but laptop app had other ideas A woman in Canada...
Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls
Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through FirewallsIn yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found...
Control Web Panel Vulnerability, CVE-2022-44877, Actively Exploited in the Wild
Control Web Panel Vulnerability, CVE-2022-44877, Actively Exploited in the WildThis post offers details on the Control Web Panel Vulnerability, CVE-2022-44877, which is actively being exploited in...
Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands
Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car BrandsMultiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to...
Russians say they can grab software from Intel again
Russians say they can grab software from Intel againAnd Windows updates from Microsoft, too People in Russia can reportedly once again download drivers and some other...
Sonatype Nexus Lifecycle Boosts Open Source Security and Dependency Management
Sonatype Nexus Lifecycle Boosts Open Source Security and Dependency Management The post Sonatype Nexus Lifecycle Boosts Open Source Security and Dependency Management appeared first on...
0 - CT 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad Cyber Security News Security Boulevard
USENIX Security ’22 – Aloni Cohen, University of Chicago – ‘Attacks on Deidentification’s Defenses’
USENIX Security ’22 – Aloni Cohen, University of Chicago – ‘Attacks on Deidentification’s Defenses’Distinguished Paper Award Winner Our thanks to USENIX for publishing their Presenter’s outstanding...
Why Do User Permissions Matter for SaaS Security?
Why Do User Permissions Matter for SaaS Security?Earlier this year, threat actors infiltrated Mailchimp, the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts...
Tesla Factories Pollute Schools? A Story Nobody is Talking About
Tesla Factories Pollute Schools? A Story Nobody is Talking AboutFrom a long list of horrible societal harms from Tesla, some obviously criminal, this one surprised me...
0 - CT 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad Cyber Security News The Hacker News
New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks
New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS AttacksA group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious...
Microsoft January Patch Tuesday 2023: 98 Security Vulnerabilities and a Zero Day
Microsoft January Patch Tuesday 2023: 98 Security Vulnerabilities and a Zero DayOn January 10th, 2023 Microsoft released their January Patch Tuesday fixes and revealed 98 vulnerability...
0 - CT 0 - CT - SOC - CSIRT Operations - Malware & Ransomware 0 – CT – Cybersecurity Architecture – Crypto Security Cyber Security News The Hacker News
Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL
Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQLThe threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial...
Severe Security Flaw Found in “jsonwebtoken” Library Used by 22,000+ Projects
Severe Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ ProjectsA high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if...