Genetic testing company 23andMe declared on Friday that approximately 14,000 customer accounts were compromised in its recent data breach. In an updated submission to the U.S. Securities and Exchange Commission, the company revealed that its investigation determined the breach…
Tag: EN
Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Vulnerability disclosure: Legal risks and ethical considerations for researchers In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex…
Maximizing cybersecurity on a budget
A cybersecurity budget is an allocation of resources, both financial and otherwise, dedicated to protecting an organization’s digital assets from cyber threats. This includes funds for security software, hardware, training, and personnel. A well-structured cybersecurity budget ensures that an organization…
2024 cybersecurity outlook: The rise of AI voice chatbots and prompt engineering innovations
In their 2024 cybersecurity outlook, WatchGuard researchers forecast headline-stealing hacks involving LLMs, AI-based voice chatbots, modern VR/MR headsets, and more in the coming year. Companies and individuals are experimenting with LLMs to increase operational efficiency. But threat actors are learning…
The AI readiness race and where global companies stand
According to Cisco, only 14% of organizations worldwide are ready to implement and utilize AI technologies. The report found that 61% of respondents indicated they have a maximum of one year to deploy their AI strategy before there’s a negative…
Put guardrails around AI use to protect your org, but be open to changes
Artificial intelligence (AI) is a topic that’s currently on everyone’s minds. While in some industries there is concern it could replace workers, other industries have embraced it as a game-changer for streamlining processes, automating repetitive tasks, and saving time. But…
Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware
Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to “hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider, UNC2198), culminating in the…
LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks
The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, “can be used by…
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents
The U.S. Securities and Exchange Commission (SEC) recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. Some requirements apply to this year—for example, disclosures for fiscal years ending December 15, 2023, or…
Google Introduces RETVec: Gmail’s New Defense to Identify Spams
Google has recently introduced a new multilingual text vectorizer called RETVec (an acronym for Resilient and Efficient Text Vectorizer), to aid identification of potentially malicious content like spam and fraudulent emails in Gmail. While massive platforms like YouTube and Gmail…
Researchers: ‘Black Basta’ Group Rakes in Over $100 Million
A cyber extortion group believed to be an offshoot of the infamous Russian Conti hacker organization has reportedly amassed over $100 million since its emergence last year, according to a report published on Wednesday by digital currency tracking service…
Okta: October Data Breach Impacts All User Across Customer Support Systems
The latest investigation Okta’s recent investigation into the exploit of its Help Center environment in October disclosed that the threat actors stole the data that belonged to all customer support system users. Okta mentioned that the hackers also stole extra…
Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns
The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own cloud vulnerabilities in their catalog. As the national coordinator for critical infrastructure security and resilience, CISA oversees government cybersecurity operations. Document Protect Your Storage With SafeGuard…
You should probably update your Google Chrome browser this weekend
2023 has been a banner year for zero-day exploits in Chrome, and Google has patched its 6th one, calling it an “emergency.” This article has been indexed from Latest stories for ZDNET in Security Read the original article: You should…
ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem’ Forever
Plus: A major ransomware crackdown, the arrest of Ukraine’s cybersecurity chief, and a hack-for-hire entrepreneur charged with attempted murder. This article has been indexed from Security Latest Read the original article: ChatGPT Spit Out Sensitive Data When Told to Repeat…
Europol Dismantles Ukrainian Ransomware Gang
A well-known ransomware organization operating in Ukraine has been successfully taken down by an international team under the direction of Europol, marking a major win against cybercrime. In this operation, the criminal group behind several high-profile attacks was the target…
Amazon Introduces Q, a Business Chatbot Powered by Generative AI
Amazon has finally identified a solution to counter ChatGPT. Earlier this week, the technology giant announced the launch of Q, a business chatbot powered by generative artificial intelligence. The announcement, made in Las Vegas at the company’s annual conference…
China continues Pig-Butchering Crack-down
One of my techniques for keeping current on Cybercrime trends is having an “interesting” collection of international news ticklers. This story came to me via X:CyberScamMonitor via a QQ account called “onCambodia.” @CyberScamMonitor is a Twitter/X account and Substack account…
Next-Level AI: Unbelievable Precision in Replicating Doctors’ Notes Leaves Experts in Awe
In an in-depth study, scientists found that a new artificial intelligence (AI) computer program can generate doctors’ notes with such precision that two physicians could not tell the difference. This indicates AI may soon provide healthcare workers with groundbreaking…
Scores of US credit unions offline after ransomware infects backend cloud outfit
Supply chain attacks: The gift that keeps on giving A ransomware infection at a cloud IT provider has disrupted services for 60 or so credit unions across the US, all of which were relying on the attacked vendor. … This article…