Social media giant Meta took down hundreds of fake Facebook and Instagram accounts used by South Asia advanced persistent threat groups to glean sensitive information and coax users into installing malware. It found activity by threat actors affiliated with India and Pakistan.
Cybersecurity expert Mikko Hypponen recently got sent "LL Morpher," a new piece of malware that uses OpenAI's GPT to rewrite its Python code with every new infection. While more proof-of-concept than current threat, "the whole AI thing right now feels exciting and scary at the same time," he said.
Pharmaceutical giant Merck's insurers must cover the company's losses involving the 2017 NotPetya malware attack because the "all-risks" property insurance policies' "hostile warlike" exclusions do not apply to the incident, ruled a New Jersey appellate court this week.
Joe Sullivan, the former chief security officer of Uber, will not spend time in prison for his role in impeding a federal investigation into the ride-hailing company's security practices. His sentence is three years of probation and a $50,000 fine.
2023 is the year of exposure, said Cyentia Institute's Wade Baker. Exposure dominated Cyentia research this year, and many breaches were linked to mistakes in vulnerability management and poorly managed identities. Organizations are struggling with prioritizing hardware and software vulnerabilities.
In the days between April 28 and May 4, the FBI and Ukrainian police seized nine virtual currency exchanges that serviced cybercriminals, Privacy Affairs noted the cost of hacked crypto accounts on darknet markets, and Level Finance suffered a $1 million hack.
In the days between April 27 and May 4, the spotlight was on: a Royal ransomware attack on Dallas, Telecom giant T-Mobile's second breach in 2023, a ransomware attack disrupting water services in half a dozen southern Italian towns, a German IT services provider and the Atomic macOS Stealer.
White House cybersecurity priorities: The Biden administration continues to have a "relentless focus" on improving critical infrastructure security, disrupting ransomware and combating the illicit use of cryptocurrency, said Deputy National Security Adviser Anne Neuberger.
The lack of proper monitoring and logging can make it difficult for companies to effectively address breaches. Many companies do not have logs turned on or do not properly configure them to track and record what is necessary. Without logs, the response to a breach can be significantly slower.
Mass exploitation campaigns are the latest of many criminal innovations in 2023. Based on tracing ransom payments, they weren't very profitable. But ransomware actors do love their zero-days, said Allan Liska, principal intelligence analyst at Recorded Future.
The cybersecurity industry needs to be increasingly agile, said Hugh Thompson, program committee chairman of RSA Conference. Attackers are constantly changing tactics. Security leaders also need to change and keep up with the technologies accessible to a large group of people, he said.
Ukrainian cyber defenders say they spotted a malicious script used to activate the delete option on a Windows file archiving utility likely planted by the Russian intelligence agency unit Sandworm. CERT-UA says attackers likely used a compromised VPN credential to gain access.
A ransomware affiliate hacker known as "Bassterlord" has been involved with REvil, LockBit, Avaddon and Ransomware X. Jon DiMaggio, chief security strategist at Analyst1, convinced the hacker to talk about his hacking career in chats that might amount to the an exit interview.
U.S. authorities revealed the Russian man behind a two-decade span of abetting cybercriminals' theft of credit cards, dismantled his online infrastructure and offered a hefty reward for information leading to his arrest. Prosecutors say the man, Denis Kulkov, ran a service now known as Try2Check.
Bots have become an important tool for modern cybercrime. A bot is used somewhere in the attack cycle in more than three-quarters of security incidents. HUMAN Security co-founder and CEO Tamer Hassan called account takeover "the gateway drug to all other forms of fraud and abuse."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.