- 5G network flaws could be abused to let hackers spy on your phone
August 12, 2024
5G basebands could be exploited by attackers to allow them to send fake messages to your contacts, or even hand over your credentials using a very real-looking website, experts have warned. Unveiled at the Black Hat cybersecurity conference, a research group from Pennsylvania State University presented their vulnerability sniffing tool 5GBaseChecker. Read more… Source: MSN News Sign up for ...
- Indirect prompt injection in the real world: how people manipulate neural networks
August 12, 2024
Large language models (LLMs) – the neural network algorithms that underpin ChatGPT and other popular chatbots – are becoming ever more powerful and inexpensive. Systems built on instruction-executing LLMs may be vulnerable to prompt injection attacks. A prompt is a text description of a task that the system is to perform, for example: “You are a ...
- Swiss-based Schlatter says IT network affected by cyberattack
August 12, 2024
Engineering company Schlatter Industries’ IT network was attacked with malware on Friday and it can be assumed this was a professional attack, the Switzerland-based company said on Monday. The group was hit on Friday by a cyberattack using malware, and the unknown perpetrators were attempting to “blackmail Schlatter”, it said, disclosing no further details. The group ...
- Data of 3 billion people exposed in one of the largest data breaches in history
August 11, 2024
The personal data of over 2.9 billion people has been exposed in what could be one of the largest data breaches in history. The data breach affected Jerico Pictures Inc., better known as National Public Data (NPD,) which is a background check company that allows its customers to search billions of records with instant results. According ...
- Cash App to award $15M to users in security breach settlement
August 11, 2024
Cash App users could get some cash sent to their bank accounts soon. In a settlement, the mobile payment service was ordered to pay out $15 million in damages. According to a class-action lawsuit obtained by USA TODAY, plaintiffs sued Cash App Investing and Block Inc. for the companies’ “failure to exercise reasonable care in securing ...
- Venezuela is the Victim of a Cyber Coup
August 10, 2024
On Friday, Joaquin Perez, the Deputy Ambassador of Venezuela to the United Nations, participated in the United Nations Convention on Cybercrime meeting held in New York. The Bolivarian diplomat denounced that Venezuela is being subjected to a cyber coup d’état orchestrated by transnational far-right powerful actors who control major media outlets and social networks. “The meeting ...
- Windows Downdate: Downgrade Attacks Using Windows Updates
August 9, 2024
A version-rollback vulnerability has been discovered by a cybersecurity researcher that allows a fully patched Windows machine to be downgraded to older version, allowing the exploitation of previously patched zero-days and vulnerabilities. Alon Leviev unveiled his findings at Black Hat USA 2024 and DEF CON 32 (2024) as a tool named Windows Downdate. Leviev started their journey ...
- Security company ADT announces security breach of customer data
August 9, 2024
Electronic surveillance equipment provider ADT filed a form 8-K with the Security and Exchange Commision (SEC) to report “a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information.” ADT filed the 8-K on August 7, adding that the incident happened “recently,” but refraining from providing an exact date. The company ...
- UK police commissioner threatens to extradite, jail US citizens over online posts
August 9, 2024
London’s Metropolitan Police chief warned that officials will not only be cracking down on British citizens for commentary on the riots in the U.K., but on American citizens as well. “We will throw the full force of the law at people. And whether you’re in this country committing crimes on the streets or committing crimes from ...
- Zimbabwe: Disclosure of cyber attacks must be mandatory to protect clients
August 9, 2024
In the wake of the recent high-profile cyber attack on one of the country’s largest financial institutions, it has become clear that stronger regulations are needed to ensure financial firms disclose when their systems have been breached. The hack resulted in the theft and public leaking of sensitive customer and operational data, putting thousands of Zimbabweans ...
- Keys to the Kingdom – Gaining access to the Physical Facility through Internal Access
August 9, 2024
This is a story of network segmentation and the impact that seemingly trivial misconfigurations can have for your organization. This is one of those occasions. This particular pen test asked for goals-based assessment focusing on post-compromise activities — an attempt by the client to discover how vulnerable internal systems were to lateral movement by an attacker ...