Cybersecurity
- AI Assistant Goes Rogue and Ends Up Bricking a User's Computerdecrypt.co AI Assistant Goes Rogue and Ends Up Bricking a User's Computer - Decrypt
A researcher asked an AI agent to perform a task, then forgot about it. When he checked in again, the agent had bricked his desktop.
- Apple fixes password-blurting VoiceOver bugwww.theregister.com Apple fixes password-blurting VoiceOver bug
Not a great look when the iGiant just launched its first password manager
- New report reveals a rise in phishing attacks, as commodity campaigns, advanced persistent threats, and impersonation attacks escalateuk.finance.yahoo.com New report reveals a rise in phishing attacks, as commodity campaigns, advanced persistent threats, and impersonation attacks escalate
London, UK – 3rd October 2024 - Leading cybersecurity company, Egress, a KnowBe4 company, today has launched its latest Phishing Threat Trends Report (October 2024), which examines the most recent phishing statistics and threat intelligence insights. The report explores how cybercriminals commercial...
-
28% increase in phishing emails sent between April 1st – June 30th vs January 1st – March 31st, 2024
-
82% of phishing toolkits mentioned deepfakes and 74.8% referenced AI
-
During a commodity attack, on average organisations experience a 2,700% increase in phishing attacks compared to the normal baseline
-
72.3% of commodity attacks used a hyperlink as its payload, followed by QR codes at 14.0%
-
52.5% of advanced persistent threat (APT) campaigns were classified as zero-day attacks, while only 35.4% contained a previously identified payload
-
89% of phishing emails involve impersonation; Adobe was the most impersonated brand, followed by Microsoft
-
14.9% of impersonation emails were classed as ‘payloadless’, relying solely on social engineering tactics
-
44% of phishing emails were sent from compromised accounts, helping them bypass authentication protocols
-
- Criminals Are Testing Their Ransomware in Africawww.darkreading.com Criminals Are Testing Their Ransomware in Africa
The booming economies of Africa, rich in natural resources and brimming with potential, are attracting not just investors, but also cybercriminals.
- Telegram revealed it shared U.S. user data with law enforcementsecurityaffairs.com Telegram revealed it shared U.S. user data with law enforcement
Telegram fulfilled over a dozen U.S. law enforcement data requests this year, potentially revealing the IPs or phone numbers of 100+ users.
- Meta smart glasses can be used to dox anyone in seconds, study findsarstechnica.com Meta smart glasses can be used to dox anyone in seconds, study finds
Linking Meta smart glasses to a face search engine can ID strangers in a glance.
- China-Backed APT Group Culling Thai Government Datawww.darkreading.com China-Backed APT Group Culling Thai Government Data
CeranaKeeper is bombarding Southeast Asia with data exfiltration attacks via file-sharing services such as Pastebin, OneDrive, and GitHub, researchers say.
- When CUPS Runneth Over: The Threat of DDoS
Akamai researchers have confirmed a new attack vector using CUPS that could be leveraged to stage distributed denial-of-service (DDoS) attacks.
Research shows that, to begin the attack, the attacking system only needs to send a single packet to a vulnerable and exposed CUPS service with internet connectivity.
The Akamai Security Intelligence and Response Team (SIRT) found that more than 198,000 devices are vulnerable to this attack vector and are accessible on the public internet; roughly 34% of those could be used for DDoS abuse (58,000+).
Of the 58,000+ vulnerable devices, hundreds exhibited an “infinite loop” of requests.
The limited resources required to initiate a successful attack highlights the danger: It would take an attacker mere seconds to co-opt every vulnerable CUPS service currently exposed on the internet and cost the attacker less than a single US cent on modern hyperscaler platforms.
- FIN7 Gang Hides Malware in AI “Deepnude” Siteswww.infosecurity-magazine.com FIN7 Gang Hides Malware in AI “Deepnude” Sites
Threat group FIN7 is hiding infostealer malware on sites promising AI deepnude downloads
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacksthehackernews.com North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks
North Korean hackers target Southeast Asia with VeilShell malware, a sophisticated backdoor used for covert operations.
- North Korea Profits as 'Stonefly' APT Swarms US Co's.www.darkreading.com North Korea Profits as 'Stonefly' APT Swarms US Co's.
Despite a $10 million bounty on one member, APT45 is not slowing down, pivoting from intelligence gathering to extorting funds for Kim Jong-Un's regime.
- Questioning security of hardware security keys
I have a question about hardware security keys. Like a yubikey.
I have not actually used one before so maybe I am missing some critical information.
Aren't they inherently less secure than a TOTP code?
If someone ( like a evil government ) gets your key and knows your password for a particular service or device, they can login.
If these same people try to login but it is secured with a TOTP code instead, they would need access to my phone, which requires a password to unlock and then biometric validation to open TOTP app.
I mean yeah, they could just beat me with a large wrench until I agreed to login for them, but that is true with any method.
I've heard that in the US, the 5th amendment protects you from being forced to divulge a password, but they can physically place your finger on the finger print scanner.
- Manufacturers Rank as Ransomware's Biggest Targetwww.darkreading.com Manufacturers Rank as Ransomware's Biggest Target
Improvements in cybersecurity and basics like patching aren't keeping pace with the manufacturing sector's rapid growth.
- The fix for BGP’s weaknesses – RPKI – has issues of its ownwww.theregister.com The fix for BGP’s weaknesses – RPKI – has issues of its own
Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works
- Systems used by courts and governments across the US riddled with vulnerabilitiesarstechnica.com Systems used by courts and governments across the US riddled with vulnerabilities
With hundreds of courts and agencies affected, chances are one near you is, too.
> With hundreds of courts and agencies affected, chances are one near you is, too.
- New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keyshackread.com New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys
Follow us on Twitter (X) @Hackread - Facebook @ /Hackread
- CISA Warns of Four Vulnerabilities that Exploited Actively in the Wild
The vulnerabilities have been identified in D-Link, DrayTek, Motion Spell, and SAP products.
- Israel army hacked the communication network of the Beirut Airport control towersecurityaffairs.com Israel army hacked the communication network of the Beirut Airport control tower
Israel allegedly hacked Beirut airport's control tower, warning an Iranian plane not to land, forcing it to return to Tehran.
- Russia exploited Evil Corp relationship for NATO attackswww.theregister.com Russia exploited Evil Corp relationship for NATO attacks
Ransomware criminals believed to have taken orders from intel services
- New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnetthehackernews.com New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet
Hackers exploit Docker API to build botnet, using Docker Swarm and cryptojacking malware to compromise cloud hosts.
- Rackspace internal monitoring web servers hit by zero-daygo.theregister.com Rackspace systems hit by zero-day exploit of third-party app
Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry
cross-posted from: https://infosec.pub/post/18289000
> Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Exclusive Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment.…
- That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of deviceswww.theregister.com Critical Linux bug is CUPS-based remote-code execution hole
No patches yet, can be mitigated, requires user interaction
- Novel Exploit Chain Enables Windows UAC Bypasswww.darkreading.com Novel Exploit Chain Enables Windows UAC Bypass
Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it's not really a vulnerability.
- Flaw in Kia’s web portal let researchers track, hack carsarstechnica.com Flaw in Kia’s web portal let researchers track, hack cars
Bug let researchers track millions of cars, unlock doors, and start engines at will.