Recent high-profile malware attacks teach us lessons on limiting malware risks at organizations. Learn more from Blink Ops about what these attacks taught us.
Category: cybercrime/malcode – Page 32
The U.S. Department of Homeland Security’s Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key.
Microsoft believes that last May’s Exchange Online hack is linked to a threat actor known as ‘Storm-0558’ stealing an Azure signing key from an engineer’s laptop that was previously compromised by the hackers at an acquired company.
Storm-0558 is a cyberespionage actor affiliated with China that has been active for more than two decades targeting a wide range of organizations.
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.
LayerSlider is a versatile tool for creating responsive sliders, image galleries, and animations on WordPress sites, allowing users to build visually appealing elements with dynamic content on online platforms.
Researcher AmrAwad discovered the critical (CVSS score: 9.8) flaw, tracked as CVE-2024–2879, on March 25, 2024, and reported it to WordPress security firm Wordfence via its bug bounty program. For his responsible reporting, AmrAwad received a bounty of $5,500.
Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month.
Tracked as CVE-2024–3159, this high-severity security flaw is caused by an out-of-bounds read weakness in the Chrome V8 JavaScript engine.
Remote attackers can exploit the vulnerability using crafted HTML pages to gain access to data beyond the memory buffer via heap corruption, which can provide them with sensitive information or trigger a crash.
Researchers have created a gene-edited cow that produces human insulin in her milk in Brazil.
Neuromorphic chips could reduce energy bills for AI developers as well as emit useful cybersecurity signals in the future of computing.
⚠️ Mac users, beware! Malicious ads and fake websites are spreading dangerous malware like Atomic Stealer, which can steal your passwords, cryptocurrency, and other sensitive data.
Cybercriminals are selling custom Raspberry Pi software called ‘GEOBOX’ on Telegram, which allows inexperienced hackers to convert the mini-computers into anonymous cyberattack tools.
GEOBOX is sold on Telegram channels for a subscription of $80 per month or $700 for a lifetime license, payable in cryptocurrency.
Analysts at Resecurity discovered the tool during an investigation into a high-profile banking theft impacting a Fortune 100 company.
This article includes computer-generated images that map internet communities by topic, without specifically naming each one. The research was funded by the US government, which is anticipating massive interference in the 2024 elections by “bad actors” using relatively simple AI chat-bots.
In an era of super-accelerated technological advancement, the specter of malevolent artificial intelligence (AI) looms large. While AI holds promise for transforming industries and enhancing human life, the potential for abuse poses significant societal risks. Threats include avalanches of misinformation, deepfake videos, voice mimicry, sophisticated phishing scams, inflammatory ethnic and religious rhetoric, and autonomous weapons that make life-and-death decisions without human intervention.
During this election year in the United States, some are worried that bad actor AI will sway the outcomes of hotly contested races. We spoke with Neil Johnson, a professor of physics at George Washington University, about his research that maps out where AI threats originate and how to help keep ourselves safe.