- A patched Windows attack surface is still exploitable
March 14, 2024
On August 8, 2023, Microsoft finally released a kernel patch for a class of vulnerabilities affecting Microsoft Windows since 2015. The vulnerabilities lead to elevation of privilege (EoP), which allows an account with user rights to gain SYSTEM privileges on a vulnerable host. The root cause of this attack surface, according to a 2015 blog, is ...
- A bug in an Irish government website exposed COVID-19 vaccination records
March 14, 2024
Two years ago, the Irish government fixed a vulnerability in its national COVID-19 vaccination portal that exposed the vaccination records of around a million residents. But details of the vulnerability weren’t revealed until this week after attempts to coordinate public disclosure with the government agency stalled and ended. Security researcher Aaron Costello said he discovered the ...
- Cybercrime Atlas: International effort to disrupt cybercrime moves into operational phase
March 14, 2024
The Cybercrime Atlas, a massive undertaking that aims to disrupt cybercriminals across the globe, enters its operational phase in 2024, two years after organizers laid the groundwork at the RSA Conference.… Its members now include 20-plus law enforcement agencies, private-sector security companies and incident responders, financial institutions, NGOs, and academics. Over the past year, the investigations ...
- Businesses leaving their Kubernetes containers exposed to ransomware
March 14, 2024
As businesses look for faster and more flexible development frameworks, the use of containers and Kubernetes (K8s) continues to rise. While Kubernetes theoretically has several security advantages compared to traditional applications, it remains one of the top concerns for organizations on their cloud-native journey. This concern is fairly valid it seems. A recent report found that ...
- DIANA, NATO’s innovation accelerator, doubles the size of its transatlantic network
March 14, 2024
On Thursday (14 March 2024), NATO’s Defence Innovation Accelerator for the North Atlantic (DIANA) announced a major expansion of its transatlantic network of accelerator sites and test centres. DIANA’s network will now comprise 23 accelerator sites (up from 11) and 182 test centres (up from 90) in 28 Allied countries, augmenting DIANA’s capacity to support innovators ...
- CIA allegedly made fake social media accounts to troll the Chinese government
March 14, 2024
The CIA allegedly launched a secret operation to troll Chinese officials and turn public opinion against them through leaked intelligence and negative news on social media. Reuters reports the operation began in 2019 and was also aimed at causing paranoia within Xi Jinping’s government. CIA agents reportedly made fake social media accounts to spread rumors, such ...
- What’s in your notepad? Infected text editors target Chinese users
March 13, 2024
“Malvertising” is a popular way of attracting victims to malicious sites: an advertisement block is placed at the top of the search results, increasing the likelihood of users clicking the link. Sites at the top of search results also tend to be more trusted by users. A year ago, Kaspersky experts discussed a malvertising campaign that ...
- CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
March 13, 2024
The Zero Day Initiative (ZDI) recently uncovered a DarkGate campaign in mid-January 2024, which exploited CVE-2024-21412 through the use of fake software installers. During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass CVE-2024-21412 that led ...
- EU passes landmark AI act, paving the way for greater AI regulation
March 13, 2024
The European Parliament has passed its long awaited AI act that it hopes will provide the legal infrastructure for regulating artificial intelligence. While AI has contributed massively to increases in productivity and has resulted in major innovations in critical industries such as science and healthcare, many fear that the speed of its development may be outstripping ...
- Chinese international purchasing agency for military equipment has agency qualification revoked for serious risk of information leakage
March 13, 2024
A Chinese international purchasing agency has had its purchasing agency qualification revoked for serious risk of information leakage due to the company’s internal mismanagement and poor practices around managing sensitive data, the Equipment Development Department (EDD) of China’s Central Military Commission (CMC) announced in a statement on Tuesday. According to the investigation, China Far East International ...
- US health department opens probe into UnitedHealth hack
March 13, 2024
The U.S. government on Wednesday said it has opened an investigation into the cyberattack at UnitedHealth Group’s Change Healthcare to find out whether there was a breach of protected health data and if the company followed U.S. health privacy law. It is the first announcement of a probe by the Department Of Health and Human Services ...