Welcome to the first Cloud CISO Perspectives for October 2024. Today I’m discussing new AI vulnerabilities that Google’s security teams discovered and helped fix, and why it’s important for AI vendors to share vulnerability research impacting their technology. As with all Cloud CISO Perspectives, the contents …
The Fast IDentity Online (FIDO) Alliance has published a working draft of a new specification that aims to enable the secure transfer of passkeys between different providers. [...]
Google Play, the official store for Android, distributed over a period of one year more than 200 malicious applications, which cumulatively counted nearly eight million downloads. [...]
The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here ). The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to reveal, was …
Who also worries misinformation on social media could threaten liquidity The governor of India's Reserve Bank, Shri Shaktikanta Das, yesterday warned that AI – and the platforms that provide it – could worsen systemic risk to the nation's financial system.... [...]
Cisco has confirmed to BleepingComputer that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum. [...]
Enough with the racist-sounding 'dragons' and 'pandas', Beijing complains – then points the finger at koalas Chinese authorities have published another set of allegations that assert the Volt Typhoon cyber-crew is an invention of the US and its allies, and not a crew run by Beijing.... [...]
North Korean hackers are using a new Linux variant of the FASTCash malware to infect the payment switch systems of financial institutions and perform unauthorized cash withdrawals. [...]
It waited till just before Columbus Day weekend to make mandated filing, but don't worry, we saw it A Houston-based services provider to healthcare organizations says a crook may have grabbed up to 400,000 people's information after the miscreant accessed the systems of one of its customers.... [...]
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site. [...]
What if there was a way to sneak malicious instructions into Claude, Copilot, or other top-name AI chatbots and get confidential data out of them by using characters large language models can recognize and their human users can’t? As it turns out, there was—and in some cases …
Forty new variants of the TrickMo Android banking trojan have been identified in the wild, linked to 16 droppers and 22 distinct command and control (C2) infrastructures, with new features designed to steal Android PINs. [...]
This is a current list of where and when I am scheduled to speak: I’m speaking at SOSS Fusion 2024 in Atlanta, Georgia, USA. The event will be held on October 22 and 23, 2024, and my talk is at 9:15 AM ET on October 22, 2024 …
Japanese video game developer Game Freak has confirmed it suffered a cyberattack in August after source code and game designs for unpublished games were leaked online. [...]
Technologies that help SOCs detect, analyze, and respond to emerging threats faster and more accurately Sponsored Post This article discusses some of the challenges traditional SOCs face and how integrating artificial intelligence/machine learning (AI/ML) modules could help solve the challenges faced by security professionals and organizations.... [...]
Florida man gets his hands on 'the best ever' With less than a month to go before American voters head to the polls to choose their next president, the Trump campaign has been investing in secure tech to make sure it doesn't get hacked again.... [...]
No excuses for not patching this nine-month-old issue More than 86,000 Fortinet instances remain vulnerable to the critical flaw that attackers started exploiting last week, according to Shadowserver's data.... [...]
Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also …
Let Okta lift the lid on customer identity in this series of webinars Sponsored Post Recent reports suggest that stolen identity and privileged access credentials now account for 61 percent of all data breaches.... [...]
With an off-the-shelf D-Wave machine, but only against very short keys Chinese researchers claim they have found a way to use D-Wave's quantum annealing systems to develop a promising attack on classical encryption.... [...]
Google's Chrome Web Store is now warning that the uBlock Origin ad blocker and other extensions may soon be blocked as part of the company's deprecation of the Manifest V2 extension specification. [...]
The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region. [...]
Reading, writing, and cyber mayhem, amirite? If we were to draw an infosec Venn diagram, with one circle representing "sensitive info that attackers would want to steal" and the other "limited resources plus difficult-to-secure IT environments," education would sit in the overlap.... [...]
Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security. [...]
OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. [...]
Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more in brief If you need an excuse to improve your patching habits, a joint advisory from the US and UK governments about a massive, ongoing Russian campaign exploiting known vulnerabilities should do the trick …
Researchers point to evidence that scumbags visited the strategy boutique Researchers at Palo Alto's Unit 42 believe the INC ransomware crew is no more and recently rebranded itself as Lynx over a three-month period.... [...]
Cyberspies abusing a backdoor? Groundbreaking Lawmakers are demanding answers about earlier news reports that China's Salt Typhoon cyberspies breached US telecommunications companies Verizon, AT&T, and Lumen Technologies, and hacked their wiretapping systems. They also urge federal regulators to hold these companies accountable for their infosec practices - or lack …
Fishermen in Tamil Nadu are reporting smaller catches of squid. Blog moderation policy. [...]
In July, I wrote about my new book project on AI and democracy, to be published by MIT Press in fall 2025. My co-author and collaborator Nathan Sanders and I are hard at work writing. At this point, we would like feedback on titles. Here are four possibilities: Rewiring …
CISA is warning that threat actors have been observed abusing unencrypted persistent F5 BIG-IP cookies to identify and target other internal devices on the targeted network. [...]
At the doctor’s | Phone safety | Passwords | Heinz advert Lucy Mangan, writing about her doctor joking about her kidneys ( Digested week, 4 October ), reminded me of having an examination for an enlarged prostate. As I lay on the couch waiting for the procedure, my doctor said: “In accordance with …
Operating a telecommunications network is more than just connecting phone calls, or helping people share funny videos online. Telecom networks are critical components of our society’s infrastructure. Telecom operators face a wide array of risks to the critical communication services they provide and the sensitive data they protect …
Casio now confirms it suffered a ransomware attack earlier this month, warning that the personal and confidential data of employees, job candidates, and some customers was also stolen. [...]
Roadside assistance biz praised for deploying security monitoring software and reporting workers to cops Two former workers at roadside assistance provider RAC were this week given suspended sentences after illegally copying and selling tens of thousands of lines of personal data on people involved in accidents.... [...]
What's harder? Convincing people to invest in a beleaguered security business or a tiny island everybody hates? Keir Starmer's decision to appoint Poppy Gustafsson as the UK's new investment minister is being resoundingly praised despite the former Darktrace boss spending years failing to fully rebuild investor confidence in the …
After retiring in 2014 from an uncharacteristically long tenure running the NSA (and US CyberCommand), Keith Alexander founded a cybersecurity company called IronNet. At the time, he claimed that it was based on IP he developed on his own time while still in the military. That always troubled me …
It worked – alleged pump and dump schemers arrested in UK, US and Portugal this week The FBI created its own cryptocurrency so it could watch suspected fraudsters use it – an idea that worked so well it produced arrests in three countries.... [...]
Acknowledges bulk customer data leak weeks after Telegram channels dangled it online Leading Indian health insurance provider Star Health has admitted to being the victim of a cyber attack after criminals claimed they had posted records of 30-milion-plus clients online.... [...]
Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. [...]
But hey, no worries, the firm claims no evidence of data misuse Fidelity Investments has notified 77,099 people that their personal information was stolen in an August data breach.... [...]
Marriott International and its subsidiary Starwood Hotels will pay $52 million and create a comprehensive information security program as part of settlements for data breaches that impacted over 344 million customers. [...]
U.S. and U.K. cyber agencies warned today that APT29 hackers linked to Russia's Foreign Intelligence Service (SVR) target vulnerable Zimbra and JetBrains TeamCity servers "at a mass scale." [...]
Fidelity Investments, a Boston-based multinational financial services company, disclosed that the personal information of over 77,000 customers was exposed after its systems were breached in August. [...]
The Underground ransomware gang has claimed responsibility for an October 5 attack on Japanese tech giant Casio, which caused system disruptions and impacted some of the firm's services. [...]
/ Generative AI is transforming industries in new and exciting ways every single day. At Amazon Web Services (AWS), security is our top priority, and we see security as a foundational enabler for organizations looking to innovate. As you prepare for AWS re:Invent 2024, make sure that these essential …
Project Shield has helped news, human rights, and elections-related organizations defend against distributed denial of service (DDoS) attacks since 2013 as part of Google's commitment to keep online content universally accessible. The solution has helped keep election resources online, supported news reporting during pivotal geopolitical events, and helped governments …
GitLab has released security updates to address multiple flaws in Community Edition (CE) and Enterprise Edition (EE), including a critical arbitrary branch pipeline execution flaw. [...]
After a great event last month in San Jose, Ars is switching coasts for October and descending in force on our nation's capital. If you're on the East Coast and want to come hang out with Ars EIC Ken Fisher and me while we talk to some neat speakers …
Unlock the power of generative AI with AWS Webinar Generative AI (GenAI) has quickly transitioned from an emerging concept to a core driver of innovation across lots of different industries.... [...]