- Loose-lipped neural networks and lazy scammers
October 31, 2024
One topic being actively researched in connection with the breakout of LLMs is capability uplift – when employees with limited experience or resources in some area become able to perform at a much higher level thanks to LLM technology. This is especially important in information security, where cyberattacks are becoming increasingly cost-effective and larger-scale, causing ...
- Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
October 31, 2024
Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is publishing ...
- Android malware FakeCall intercepts your calls to the bank
October 31, 2024
An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device. The default call handler app is responsible for managing ...
- Peru: Cybercriminals demand 4 million dollars for Interbank customer data
October 31, 2024
Organized crime in Peru has taken a worrying turn, extending its activities from attacks on public transport companies and kidnapping businessmen to cybercrime. These criminals use advanced technology to extort money from large companies, including the recent attack on Interbank bank. Reportedly criminals have breached Interbank’s security systems, stealing the database of millions of customers and ...
- Patch now! New Chrome update for two critical vulnerabilities
October 30, 2024
Google has released an update for its Chrome browser which includes patches for two critical vulnerabilities. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never ...
- Ireland: Almost 7,000 Government data breaches over last ten years
October 30, 2024
There have been 6,885 data breaches across Government departments over the last ten years. More than half of the breaches, 3,637 of them, occurred at the Department of Social Protection. The Department of Justice accounted for 862 of the breaches, with 757 breaches reported at the Department of Foreign Affairs. The majority of the data breaches ...
- China drafts ‘quantum-proof’ protocol to defend against advanced cyber attacks
October 30, 2024
Scientists from China are aiming to create a communication protocol which can help protect traditional encryption methods from quantum computer attacks. Chinese scientists recently presented a draft document at an internal event held in Sweden which showed their attempts at making a ‘quantum-proof’ communication protocol. Once ready, the protocol will help agencies and governments across the ...
- The Importance of Asset Context in Attack Surface Management.
October 30, 2024
This is the last of the four blogs (Help, I can’t see! A Primer for Attack Surface Management Blog Series, The Main Components of an Attack Surface Management (ASM) Strategy, and Understanding your Attack Surface: Different Approaches to Asset Discovery) covering the foundational elements of Attack Surface Management (ASM), and this topic covers one of ...
- Scammers Exploit 2024 US General Election to Perpetrate Multiple Fraud Schemes
October 29, 2024
The FBI is warning the public about scammers exploiting the 2024 US General election to perpetrate multiple types of financial fraud schemes. These scams target victims across the United States and have previously exploited state and local elections for similar scams. Scammers use the names, images, logos, and slogans of candidates to fraudulently solicit campaign contributions, ...
- Lumma/Amadey: fake CAPTCHAs want to know if you’re human
October 29, 2024
Attackers are increasingly distributing malware through a rather unusual method: a fake CAPTCHA as the initial infection vector. Researchers from various companies reported this campaign in August and September. The attackers, primarily targeting gamers, initially delivered the Lumma stealer to victims through websites hosting cracked games. Kaspersky recent research into the adware landscape revealed that this ...