Saturday, December 9, 2023
Internet Storm Center Infocon Status

LATEST

AI regulation will begin in the EU

Enlarge / EU Commissioner Thierry Breton talks to media during a press conference in June. (credit: Thierry Monasse | Getty Images) European Union lawmakers have agreed the terms for landmark...
The Register

Competing Section 702 surveillance bills on collision path for US House floor

End-of-year deadline looms on US surveillance Two competing bills to reauthorize America's FISA Section 702 spying powers advanced in the House of Representatives committees this week, setting up Congress for a battle over warrantless surveillance before the law lapses...
Bruce Schneier

Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code

Another rare security + squid story: The woman—who has only been identified by her surname, Wang—was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she...
Security Weekly

Holiday Extravaganza – Supply Chain, Hardware Hacking, Vulnerabilities, News – PSW #809

Join us for a special extended holiday edition of Paul's Security Weekly! Hosts from all the Security Weekly shows join us from around the country to kick off the end of the year in style. We begin with our...
The CyberWire Podcast

Russia here, Russia there, Russia everywhere.

Legal action against Star Blizzard's FSB operators. A critical Bluetooth vulnerability has been discovered. How the GRU faked celebrity videos in its Doppelgänger campaign. The persistence of Log4j vulnerabilities. Lack of...

Stealthy Linux rootkit found in the wild after going undetected for 2 years

Enlarge Stealthy and multifunctional Linux malware that has been infecting telecommunications companies went largely unnoticed for two years until being documented for the first time by researchers on Thursday. Researchers...
Computerworld

Meta releases open-source tools for AI safety

The Purple Llama project aims to help developers build generative AI models responsibly.
ZDNet

The best AirTag wallets of 2023: Expert recommended

Frequently searching for where you set your wallet? Professionals recommend the best AirTag wallets help you locate your cards and cash with ease, so you're never without your valuables.
Security Weekly

Q*, Unitronics, SLAM, Bluetooth, Cold Fusion, Google Drive, Aaran Leyland, and More – SWN #347

Q*, Water Wars, Unitronics, SLAM, Bluetooth, Cold Fusion, Google Drive, Push notifications, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly...
SecurityWeek

Opal Security Scores $22M Investment for IAM Technology

San Francisco startup gets fresh capital from Battery Ventures to compete in the crowded identity and access management space. The post Opal Security Scores $22M Investment for IAM Technology appeared first on SecurityWeek.
The Hacker News

New 5G Modems Flaws Affect iOS Devices and Android Models from Major Brands

A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS. Of...
SecurityWeek

In Other News: Fake Lockdown Mode, New Linux RAT, AI Jailbreak, Country’s DNS Hijacked

Noteworthy stories that might have slipped under the radar: fake Lockdown Mode, a new Linux RAT, jailbreaking AI, and an entire country’s DNS hijacked. The post In Other News: Fake Lockdown Mode, New Linux RAT, AI Jailbreak, Country’s DNS Hijacked...

Google’s best Gemini AI demo video was fabricated

Enlarge / A still from Google's misleading Gemini AI promotional video, released Wednesday. (credit: Google) Google is facing controversy among AI experts for a deceptive Gemini promotional video released Wednesday...
The Register

That call center tech scammer could be a human trafficking victim

Interpol increasingly concerned as abject abuse of victims scales far beyond Asia origins Human trafficking for the purposes of populating cyber scam call centers is expanding beyond southeast Asia, where the crime was previously isolated.…
Security Affairs

Bypassing major EDRs using Pool Party process injection techniques

Researchers devised a novel attack vector for process injection, dubbed Pool Party, that evades EDR solutions. Researchers from cybersecurity firm SafeBreach devised a set of process injection techniques, dubbed Pool Party, that allows bypassing EDR solutions. They presented the technique...
SecurityWeek

ProvenRun Banks €15 Million for Secure Connected Vehicle Software

French startup ProvenRun raises €15 million investment to build secure software for connected vehicles and IoT devices. The post ProvenRun Banks €15 Million for Secure Connected Vehicle Software appeared first on SecurityWeek.
SecurityWeek

WordPress 6.4.2 Patches Remote Code Execution Vulnerability

WordPress 6.4.2 patches a flaw that could be chained with another vulnerability to execute arbitrary code. The post WordPress 6.4.2 Patches Remote Code Execution Vulnerability appeared first on SecurityWeek.
Graham Cluley

UK and US expose Russian hacking plot intended to influence UK’s 2019 elections and spread disinformation

Two men have been charged with hacking into computer networks in the United States, UK, other NATO countries, and Ukraine, on behalf of the Russian government. Read more in my article on the Hot for Security blog.
SecurityWeek

Russian APT Used Zero-Click Outlook Exploit

Russian threat actor APT28 has been exploiting a no-interaction Outlook vulnerability in attacks against 14 countries. The post Russian APT Used Zero-Click Outlook Exploit appeared first on SecurityWeek.
The Hacker News

N. Korean Kimsuky Targeting South Korean Research Institutes with Backdoor Attacks

The North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors on compromised systems. "The threat actor ultimately uses a backdoor to steal...
Security Weekly

Lessons from 10 years running the first cyber-exclusive investment firm – Bob Ackerman – ESW #342

Bob Ackerman argues that, from an investment perspective, cybersecurity is like life sciences - a complex, nuanced field that is difficult field to invest in part-time. So his firm, Allegis Cyber, became one of the first to focus exclusively...
SecurityWeek

US, UK Announce Charges and Sanctions Against Two Russian Hackers

The US and UK announce charges and sanctions against two hackers working with Russia’s FSB security service. The post US, UK Announce Charges and Sanctions Against Two Russian Hackers appeared first on SecurityWeek.
Bruce Schneier

New Bluetooth Attack

New attack breaks forward secrecy in Bluetooth. Three. news articles. The vulnerability has been around for at least a decade.
SecurityWeek

Android, Linux, Apple Devices Exposed to Bluetooth Keystroke Injection Attacks

A Bluetooth authentication bypass allows attackers to connect to vulnerable Android, Linux, and Apple devices and inject keystrokes. The post Android, Linux, Apple Devices Exposed to Bluetooth Keystroke Injection Attacks appeared first on SecurityWeek.
The Hacker News

Ransomware-as-a-Service: The Growing Threat You Can’t Ignore

Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This alarming development has transformed the cybercrime landscape, enabling individuals...
986FollowersFollow

LEADERS

Bruce Schneier

Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code

Another rare security + squid story: The woman—who has only been identified by her surname, Wang—was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she...
Graham Cluley

UK and US expose Russian hacking plot intended to influence UK’s 2019 elections and spread disinformation

Two men have been charged with hacking into computer networks in the United States, UK, other NATO countries, and Ukraine, on behalf of the Russian government. Read more in my article on the Hot for Security blog.
Bruce Schneier

New Bluetooth Attack

New attack breaks forward secrecy in Bluetooth. Three. news articles. The vulnerability has been around for at least a decade.

Weekly Update 377

Presently sponsored by: Get insights into malware’s behavior with ANY.RUN: instant results, live VM interaction, fresh IOCs, and configs without limit.10 years later... 🤯 Seriously, how did this thing turn into this?! It was the humblest of beginning with...
Graham Cluley

BlackSuit ransomware – what you need to know

A cybercriminal group calling itself BlackSuit has claimed responsibility for a series of ransomware attacks, including breaches at schools in central Georgia. And earlier in the year, a zoo in Tampa Bay was targeted by the same hacking gang. Learn more...