While a significant number of attacks are not yet AI-driven, there's a noticeable shift in the creation of generative malware and lures for business email compromise, warned Ashan Willy, CEO at Proofpoint. LLMs are being used to create enticing lures in foreign languages to target broader audiences.
Malicious actors often devise ingenuous ways to infiltrate networks. Michael Sikorski, CTO and vice president of engineering of Unit 42 at Palo Alto Networks, shed light on an unconventional tactic deployed by Russian hackers: the Trojanization of legitimate advertisements.
Two financial services giants hit by the mass attack on MOVEit file-sharing software - Prudential and Schwab - are the latest victims to face lawsuits from affected individuals. The suit filed against Prudential seeks 10 years of prepaid identity theft monitoring services instead of the usual two.
Hackers are using a tool set that first appeared in 2020 and apparently was developed by Turkish speakers to deploy Scarab ransomware, said Eset researchers. They dubbed the threat actors behind it CosmicBeetle and assess with "high confidence" that they exploit the 2020 vulnerability ZeroLogon.
This week, a ransomware gang claimed responsibility for attacks on a multistate U.S. hospital chain, a cyberattack disrupted expat voting in Ecuador, Africa cracked down on cybercrime, Latitude Financial said its hacking incident cost AU$76 million, and new malware targeted macOS users.
A three-hospital health system serving the Mississippi Gulf Coast has resorted to paper charting and other manual processes for patient care as it deals with a cyberattack that forced it to take systems offline. The incident is the latest disruptive attack on a regional medical provider.
This week, charges were filed against Tornado Cash founders, the FBI found North Korean bitcoin wallets holding stolen cash, theft occurred in the Exactly and Harbor protocols, Venus Protocol liquidated a hacker's wallet, Terra paused operations, and Thailand threatened Meta over crypto scam ads.
Enterprises have been keenly exploring the potential of generative AI, deploying it to fuel innovation. But stealthy integration of AI features into products already owned by organizations has cybersecurity experts worried, said Jeff Pollard, vice president and principal analyst at Forrester.
The demand for DDoS-for-hire services has surged significantly in recent years. Cameron Schroeder, chief of the Cyber and Intellectual Property Crimes Section at the U.S. Attorney’s Office, said the increase is driven by accessibility, ease of use and the need for only minimal technical proficiency.
Will AI take my job? Maybe or maybe not. But it can certainly help ease the shortage of skilled workers by automating routine tasks and supplementing human skills. Jon France, CISO at ISC2, sheds light on how generative artificial intelligence is addressing this critical challenge.
The parent company of subprime lender TitleMax is warning nearly 5 million customers that a data breach affecting them is worse than was previously reported. In addition to names and Social Security numbers, TMX now reports attackers stole payment card data and card security codes.
A likely Russian toolkit dubbed Telekopye by security researchers lets thieves focus on honing their social engineering skills without having to worry about the technical side of online scamming. Users dub victims "Mammoths," leading security firm Eset to christen Telekopye customers "Neanderthals."
The FBI urged the immediate removal of previously hacked email security appliances made by Barracuda Networks, injecting fresh urgency into the push to stymie what's been called the broadest Chinese cyber spying campaign in years. Mandiant linked the hack to Beijing with "high confidence."
The tally of entities notifying federal regulators about mega health data breaches involving Clop cybercrime group hacks on Progress Software's MOVEit file transfer application keeps growing, and millions of additional individuals have been affected.
A previously unknown threat group orchestrated a supply chain attack using a Chinese encryption app to target victims mostly located in Hong Kong. Korplug, the backdoor incorporated into the encryption app, "is known to be used by multiple APT groups," Symantec says.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.