Tue.Feb 20, 2024

article thumbnail

Microsoft Is Spying on Users of Its AI Tools

Schneier on Security

Microsoft announced that it caught Chinese, Russian, and Iranian hackers using its AI tools—presumably coding tools—to improve their hacking abilities. From their report : In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as Forest Blizzard, Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, and Salmon Typhoon—using LLMs to augment cyberoperations.

Hacking 362
article thumbnail

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

Krebs on Security

U.S. and U.K. authorities have seized the darknet websites run by LockBit , a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn’t pay, LockBit’s victim shaming website now offers free recovery tools, as well as news about arrests and criminal charges involving LockBit affiliates.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

The Last Watchdog

AI chatbots are computer programs that talk like humans, gaining popularity for quick responses. They boost customer service, efficiency and user experience by offering constant help, handling routine tasks, and providing prompt and personalized interactions. Related: The security case for AR, VR AI chatbots use natural language processing, which enables them to understand and respond to human language and machine learning algorithms.

article thumbnail

LockBit Ransomware Gang’s Website Shut Down by FBI and International Law Enforcement

Tech Republic Security

The enforcement action is a major blow against the ransomware-as-a-service provider, which has been connected to 2,000 victims globally.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war

We Live Security

ESET Research discovers Operation Texonto, a disinformation/psychological operations (PSYOPs) campaign that uses spam emails to demoralize Ukrainian citizens with disinformation messages about war-related topics.

143
143
article thumbnail

Top 4 Ivanti Competitors and Alternatives for 2024

Tech Republic Security

Explore our list of Ivanti's competitors and find out which VPN solutions can meet your business needs. Compare features, pricing, pros and cons.

VPN 166

LifeWorks

More Trending

article thumbnail

Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private

WIRED Threat Level

We tested the end-to-end encrypted messenger’s new feature aimed at addressing critics’ most persistent complaint. Here’s how it works.

article thumbnail

Trend Micro and INTERPOL Join Forces Again for Operation Synergia

Trend Micro

Trend and other private entities recently contributed to INTERPOL’s Operation Synergia, a global operation that successfully took down over 1,000 C&C servers and identified suspects related to phishing, banking malware, and ransomware activity.

Banking 139
article thumbnail

No fix KrbRelay VMware style

Pen Test Partners

TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The first vulnerability, CVE-2024-22245, is a Kerberos relay vulnerability where a malicious public website can communicate with the Enhanced Authentication Plugin (EAP) and request arbitrary Kerberos service tickets on behalf of the user visiting the malicious site.

article thumbnail

LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released

The Hacker News

The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

Law enforcement provided additional details about the international Operation Cronos that led to the disruption of the Lockbit ransomware operation. Yesterday, a joint law enforcement action, code-named Operation Cronos , conducted by law enforcement agencies from 11 countries disrupted the LockBit ransomware operation. Below is the image of the Tor leak site of the Lockbit ransomware gang that was seized by the UK National Crime Agency (NCA).

article thumbnail

VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk

The Hacker News

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug.

Risk 134
article thumbnail

The Notorious Lockbit Ransomware Gang Has Been Disrupted by Law Enforcement

WIRED Threat Level

LockBit’s website, infrastructure, and data have been seized by law enforcement—striking a huge blow against one of the world's most prolific ransomware groups.

article thumbnail

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

The Hacker News

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6.

134
134
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

VoltSchemer attacks use wireless chargers to inject voice commands, fry phones

Bleeping Computer

A team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger. [.

Wireless 133
article thumbnail

ConnectWise fixed critical flaws in ScreenConnect remote access tool

Security Affairs

ConnectWise addressed two critical vulnerabilities in its ScreenConnect remote desktop access product and urges customers to install the patches asap. ConnectWise warns of the following two critical vulnerabilities in its ScreenConnect remote desktop access product: CWE-288 Authentication bypass using an alternate path or channel (CVSS score 10) CWE-22 Improper limitation of a pathname to a restricted directory (“path traversal”) (CVSS score 8.4) Both vulnerabilities were reported on February 1

article thumbnail

VMware urges admins to remove deprecated, vulnerable auth plug-in

Bleeping Computer

VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. [.

article thumbnail

Decoding Digital Transformation: AI, ML, and RPA in the Modern Era

Trend Micro

Explore the first article in this series about AI, ML, and RPA, which aims to demystify and explore the full spectrum of these core technologies.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Signal Introduces Usernames, Allowing Users to Keep Their Phone Numbers Private

The Hacker News

End-to-end encrypted (E2EE) messaging app Signal said it’s piloting a new feature that allows users to create unique usernames (not to be confused with profile names) and keep the phone numbers away from prying eyes. “If you use Signal, your phone number will no longer be visible to everyone you chat with by default,” Signal’s Randall Sarafa said.

article thumbnail

LockBit Takedown by Brits — Time for ‘Operation Cronos’

Security Boulevard

RaaS nicked: 11-nation army led by UK eliminates ransomware-for-hire scrotes’ servers. The post LockBit Takedown by Brits — Time for ‘Operation Cronos’ appeared first on Security Boulevard.

article thumbnail

New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

The Hacker News

Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code.

Software 127
article thumbnail

Police arrests LockBit ransomware members, release decryptor in global crackdown

Bleeping Computer

Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation. [.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Watching out for the fakes: How to spot online disinformation

We Live Security

Bad actors have opted to poison the internet and the flow of information by spreading polarizing material to influence people, which can include fake news, altered media content, bots, and trolls spreading biased sources and polarizing comments online.

Media 124
article thumbnail

Law enforcement trolls LockBit, reveals massive takedown

Malwarebytes

In an act of exquisite trolling, the UK’s National Crime Agency (NCA) has announced further details about its disruption of the LockBit ransomware group by using the group’s own dark web website. The LockBit dark web site has a new look Since the demise of Conti in 2022, LockBit has been unchallenged as the most prolific ransomware group in the world.

article thumbnail

10 steps to effective board leadership on cyber security

Security Boulevard

Boards and non executive directors can lead from the front on cyber security and reduce risk for your organisation. Yet sometimes it is not easy to find a path forward to engage in a technical area. Here are 10 practice suggestions to take forward with your cyber security leader. The post 10 steps to effective board leadership on cyber security appeared first on Security Boulevard.

Risk 122
article thumbnail

New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide

The Hacker News

The North Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CVE-2024-21726: Patch Now to Stop Joomla Remote Code Execution

Penetration Testing

A recent discovery by Sonar’s Vulnerability Research Team has exposed a major security issue within the popular Joomla Content Management System (CMS). This vulnerability, designated CVE-2024-21726, opens the door to multiple Cross-Site Scripting (XSS)... The post CVE-2024-21726: Patch Now to Stop Joomla Remote Code Execution appeared first on Penetration Testing.

article thumbnail

Malvertising: This cyberthreat isn’t on the dark web, it’s on Google

Malwarebytes

On the internet, people need to worry about more than just opening suspicious email attachments or entering their sensitive information into harmful websites—they also need to worry about their Google searches. That’s because last year, as revealed in our 2024 ThreatDown State of Malware report , cybercriminals flocked to a malware delivery method that doesn’t require they know a victim’s email address, login credentials, personal information, or, anything, really.

Malware 118
article thumbnail

Impact of Badbox and Peachpit Malware on Android Devices

Security Boulevard

Explores the Badbox and Peachpit malware on Android devices and home networks which granted illegitimate users backdoor access. The post Impact of Badbox and Peachpit Malware on Android Devices appeared first on Security Boulevard.

Malware 118
article thumbnail

CVE-2024-22245 & 22250: VMware Vulnerabilities Demand Immediate Action

Penetration Testing

VMware has released an urgent security advisory regarding two critical vulnerabilities within its now-deprecated Enhanced Authentication Plug-in (EAP). If left unaddressed, threat actors could exploit these flaws (CVE-2024-22245 and CVE-2024-22250) to hijack user sessions and... The post CVE-2024-22245 & 22250: VMware Vulnerabilities Demand Immediate Action appeared first on Penetration Testing.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!