Tue.Feb 20, 2024

article thumbnail

Microsoft Is Spying on Users of Its AI Tools

Schneier on Security

Microsoft announced that it caught Chinese, Russian, and Iranian hackers using its AI tools—presumably coding tools—to improve their hacking abilities. From their report : In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as Forest Blizzard, Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, and Salmon Typhoon—using LLMs to augment cyberoperations.

Hacking 332
article thumbnail

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

Krebs on Security

U.S. and U.K. authorities have seized the darknet websites run by LockBit , a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn’t pay, LockBit’s victim shaming website now offers free recovery tools, as well as news about arrests and criminal charges involving LockBit affiliates.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

The Last Watchdog

AI chatbots are computer programs that talk like humans, gaining popularity for quick responses. They boost customer service, efficiency and user experience by offering constant help, handling routine tasks, and providing prompt and personalized interactions. Related: The security case for AR, VR AI chatbots use natural language processing, which enables them to understand and respond to human language and machine learning algorithms.

article thumbnail

LockBit Ransomware Gang’s Website Shut Down by FBI and International Law Enforcement

Tech Republic Security

The enforcement action is a major blow against the ransomware-as-a-service provider, which has been connected to 2,000 victims globally.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Police arrests LockBit ransomware members, release decryptor in global crackdown

Bleeping Computer

Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation. [.

article thumbnail

No fix KrbRelay VMware style

Pen Test Partners

TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The first vulnerability, CVE-2024-22245, is a Kerberos relay vulnerability where a malicious public website can communicate with the Enhanced Authentication Plugin (EAP) and request arbitrary Kerberos service tickets on behalf of the user visiting the malicious site.

More Trending

article thumbnail

LockBit Takedown by Brits — Time for ‘Operation Cronos’

Security Boulevard

RaaS nicked: 11-nation army led by UK eliminates ransomware-for-hire scrotes’ servers. The post LockBit Takedown by Brits — Time for ‘Operation Cronos’ appeared first on Security Boulevard.

article thumbnail

VoltSchemer attacks use wireless chargers to inject voice commands, fry phones

Bleeping Computer

A team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger. [.

Wireless 133
article thumbnail

Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers

Security Affairs

Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The vulnerability CVE-2024-21410 is a bypass vulnerability that can be exploited by an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.

article thumbnail

Police arrest LockBit ransomware members, release decryptor in global crackdown

Bleeping Computer

Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation. [.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Signal Introduces Usernames, Allowing Users to Keep Their Phone Numbers Private

The Hacker News

End-to-end encrypted (E2EE) messaging app Signal said it’s piloting a new feature that allows users to create unique usernames (not to be confused with profile names) and keep the phone numbers away from prying eyes. “If you use Signal, your phone number will no longer be visible to everyone you chat with by default,” Signal’s Randall Sarafa said.

article thumbnail

Critical infrastructure software maker confirms ransomware attack

Bleeping Computer

PSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed last week is a ransomware attack that impacted its internal infrastructure. [.

Software 109
article thumbnail

10 steps to effective board leadership on cyber security

Security Boulevard

Boards and non executive directors can lead from the front on cyber security and reduce risk for your organisation. Yet sometimes it is not easy to find a path forward to engage in a technical area. Here are 10 practice suggestions to take forward with your cyber security leader. The post 10 steps to effective board leadership on cyber security appeared first on Security Boulevard.

Risk 120
article thumbnail

Signal rolls out usernames that let you hide your phone number

Bleeping Computer

End-to-end encrypted messaging app Signal finally allows users to pick custom usernames to connect with others while protecting their phone number privacy. [.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released

The Hacker News

The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos.

article thumbnail

Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war

We Live Security

ESET Research discovers Operation Texonto, a disinformation/psychological operations (PSYOPs) campaign that uses spam emails to demoralize Ukrainian citizens with disinformation messages about war-related topics.

120
120
article thumbnail

VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk

The Hacker News

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug.

Risk 124
article thumbnail

Top 4 Ivanti Competitors and Alternatives for 2024

Tech Republic Security

Explore our list of Ivanti's competitors and find out which VPN solutions can meet your business needs. Compare features, pricing, pros and cons.

VPN 116
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

The Hacker News

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6.

123
123
article thumbnail

Impact of Badbox and Peachpit Malware on Android Devices

Security Boulevard

Explores the Badbox and Peachpit malware on Android devices and home networks which granted illegitimate users backdoor access. The post Impact of Badbox and Peachpit Malware on Android Devices appeared first on Security Boulevard.

Malware 115
article thumbnail

ConnectWise urges ScreenConnect admins to patch critical RCE flaw

Bleeping Computer

ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution (RCE) attacks. [.

107
107
article thumbnail

New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

The Hacker News

Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code.

Software 117
article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

About 13,000 Wyze Customers Affected by Camera Glitch

Security Boulevard

Users of Wyze’s home security cameras over the past several days have reported glitches with the internet-connected devices, from losing camera coverage for hours to being able to see images and video from other people’s cameras. It turns out the problem originated from cloud giant Amazon Web Services (AWS), a Wyze partner, which took down. The post About 13,000 Wyze Customers Affected by Camera Glitch appeared first on Security Boulevard.

Internet 107
article thumbnail

Artificial Intelligence: The Evolution of Social Engineering

Security Through Education

In the ever-evolving landscape of cybersecurity, social engineering has undergone significant transformations over the years, propelled by advancements in technology. From traditional methods to the integration of artificial intelligence (AI), malicious actors continually adapt and leverage emerging tools to exploit vulnerabilities. This article delves into the historical shifts in social engineering tactics and explores how adversaries embrace new technologies to achieve their objectives.

article thumbnail

ConnectWise fixed critical flaws in ScreenConnect remote access tool

Security Affairs

ConnectWise addressed two critical vulnerabilities in its ScreenConnect remote desktop access product and urges customers to install the patches asap. ConnectWise warns of the following two critical vulnerabilities in its ScreenConnect remote desktop access product: CWE-288 Authentication bypass using an alternate path or channel (CVSS score 10) CWE-22 Improper limitation of a pathname to a restricted directory (“path traversal”) (CVSS score 8.4) Both vulnerabilities were reported on February 1

article thumbnail

New Migo malware disables protection features on Redis servers

Bleeping Computer

Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency. [.

Malware 100
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

EU Opens Official Probe of TikTok Over Content, Minors, Privacy

Security Boulevard

The European Commission is once again turning its attention to TikTok, announcing a wide-ranging investigation into the China-based social media site over concerns about the addictive nature of its site and content, possible harm to minors, and data privacy. The probe will determine whether TikTok is in violation of the European Union’s Digital Services Act.

article thumbnail

CVE-2024-22245 & 22250: VMware Vulnerabilities Demand Immediate Action

Penetration Testing

VMware has released an urgent security advisory regarding two critical vulnerabilities within its now-deprecated Enhanced Authentication Plug-in (EAP). If left unaddressed, threat actors could exploit these flaws (CVE-2024-22245 and CVE-2024-22250) to hijack user sessions and... The post CVE-2024-22245 & 22250: VMware Vulnerabilities Demand Immediate Action appeared first on Penetration Testing.

article thumbnail

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

Law enforcement provided additional details about the international Operation Cronos that led to the disruption of the Lockbit ransomware operation. Yesterday, a joint law enforcement action, code-named Operation Cronos , conducted by law enforcement agencies from 11 countries disrupted the LockBit ransomware operation. Below is the image of the Tor leak site of the Lockbit ransomware gang that was seized by the UK National Crime Agency (NCA).

article thumbnail

Law enforcement trolls LockBit, reveals massive takedown

Malwarebytes

In an act of exquisite trolling, the UK’s National Crime Agency (NCA) has announced further details about its disruption of the LockBit ransomware group by using the group’s own dark web website. The LockBit dark web site has a new look Since the demise of Conti in 2022, LockBit has been unchallenged as the most prolific ransomware group in the world.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.