0 Comments
A new vulnerability has been found in the EmailGPT service, a Google Chrome extension and API service that utilizes OpenAI’s GPT models to assist users writing emails within Gmail.  The flaw discovered by Synopsys Cybersecurity Research Center (CyRC) researchers is particularly alarming because it enables attackers to gain control over the AI service simply by
0 Comments
Jun 07, 2024The Hacker NewsSoftware Supply Chain / Myrror Security Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces? Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark. Software Composition Analysis (SCA) tools have become a basic instrument in the
0 Comments
Both enterprises and consumer-facing organizations should look to move away from passwords in favor of more secure, and convenient, forms of authentication. This was the view of experts on authentication, speaking at Infosecurity Europe 2024. The sheer number of passwords the average business user, or consumer, now needs to remember causes practical difficulties as well as
0 Comments
Jun 05, 2024NewsroomCyber Espionage / Threat Intelligence An unnamed high-profile government organization in Southeast Asia emerged as the target of a “complex, long-running” Chinese state-sponsored cyber espionage operation codenamed Crimson Palace. “The overall goal behind the campaign was to maintain access to the target network for cyberespionage in support of Chinese state interests,” Sophos researchers
0 Comments
Jun 04, 2024The Hacker NewsBrowser Security / Enterprise Security The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today’s SaaS-centric world. The limitations of Browser Isolation,
0 Comments
Ransomware activity increased in 2023 compared to 2022, according to Google-owned Mandiant. This is despite broadscale law enforcement operations against prominent ransomware groups, including ALPHV/BlackCat. Mandiant shared ransomware research findings in a new report published on June 3, 2024. The threat intelligence firm observed a 75% increase in posts on ransomware groups’ data leak sites
0 Comments
Jun 03, 2024NewsroomSoftware Security / Supply Chain Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that’s designed to drop a remote access trojan (RAT) on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a “logger for gulp and gulp
0 Comments
May 31, 2024NewsroomNetwork Security / Cyber Attack More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users’ access to the internet. The mysterious event, which took place between October 25 and 27, 2023, and impacted a
0 Comments
Jun 01, 2024NewsroomAI-as-a-Service / Data Breach Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week. “We have suspicions that a subset of Spaces’ secrets could have been accessed without authorization,” it said in an advisory. Spaces offers a way for users to create,
0 Comments
The BBC has confirmed a breach of its pension scheme, exposing the personal data of many of its employees. The public service broadcaster revealed that attackers copied files containing some BBC Trust members’ personal details from a cloud-based storage device. The information includes names, National Insurance numbers, dates of birth and home addresses. The BBC
0 Comments
May 31, 2024NewsroomThreat Detection / Endpoint Security Digital content is a double-edged sword, providing vast benefits while simultaneously posing significant threats to organizations across the globe. The sharing of digital content has increased significantly in recent years, mainly via email, digital documents, and chat. In turn, this has created an expansive attack surface and has
0 Comments
A new operation coordinated by Europol has targeted several significant malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot.  Dubbed “Endgame” and conducted between May 27 and 29 2024, the operation aimed to disrupt criminal networks by arresting high-value targets, dismantling their infrastructure and freezing illicit proceeds. The targeted malware facilitated ransomware and other malicious
0 Comments
Hundreds of cybersecurity professionals, analysts and decision-makers came together earlier this month for ESET World 2024, a conference that showcased the company’s vision and technological advancements and featured a number of insightful talks about the latest trends in cybersecurity and beyond. The topics ran the gamut, but it’s safe to say that the subjects that
0 Comments
Security leaders are in a tricky position trying to discern how much new AI-driven cybersecurity tools could actually benefit a security operations center (SOC). The hype about generative AI is still everywhere, but security teams have to live in reality. They face constantly incoming alerts from endpoint security platforms, SIEM tools, and phishing emails reported
0 Comments
A malicious email campaign has been discovered leveraging piano-themed messages to perpetrate advance fee fraud (AFF) scams.  These campaigns, active since at least January 2024, primarily target students and faculty at North American colleges and universities.  However, industries such as healthcare and food and beverage services have also been affected. According to Proofpoint, who discovered
0 Comments
May 29, 2024NewsroomCybercrime / Cybersecurity The U.S. Department of Justice (DoJ) has sentenced a 31-year-old man to 10 years in prison for laundering more than $4.5 million through business email compromise (BEC) schemes and romance scams. Malachi Mullings, 31, of Sandy Springs, Georgia pleaded guilty to the money laundering offenses in January 2023. According to
0 Comments
Cybersecurity firm Check Point has urged customers to review their VPN configurations to prevent potential exploitation by threat actors seeking initial access to enterprise networks. Writing in a security advisory on Monday, the company reported that VPNs from various cybersecurity vendors have been increasingly targeted.  In particular, Check Point has observed attempts to breach its