LATEST
AI regulation will begin in the EU
Enlarge / EU Commissioner Thierry Breton talks to media during a press conference in June. (credit: Thierry Monasse | Getty Images)
European Union lawmakers have agreed the terms for landmark...
Competing Section 702 surveillance bills on collision path for US House floor
End-of-year deadline looms on US surveillance Two competing bills to reauthorize America's FISA Section 702 spying powers advanced in the House of Representatives committees this week, setting up Congress for a battle over warrantless surveillance before the law lapses...
Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code
Another rare security + squid story:
The woman—who has only been identified by her surname, Wang—was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she...
Holiday Extravaganza – Supply Chain, Hardware Hacking, Vulnerabilities, News – PSW #809
Join us for a special extended holiday edition of Paul's Security Weekly! Hosts from all the Security Weekly shows join us from around the country to kick off the end of the year in style. We begin with our...
Russia here, Russia there, Russia everywhere.
Legal action against Star Blizzard's FSB operators. A critical Bluetooth vulnerability has been discovered. How the GRU faked celebrity videos in its Doppelgänger campaign. The persistence of Log4j vulnerabilities. Lack of...
Stealthy Linux rootkit found in the wild after going undetected for 2 years
Enlarge
Stealthy and multifunctional Linux malware that has been infecting telecommunications companies went largely unnoticed for two years until being documented for the first time by researchers on Thursday.
Researchers...
Meta releases open-source tools for AI safety
The Purple Llama project aims to help developers build generative AI models responsibly.
The best AirTag wallets of 2023: Expert recommended
Frequently searching for where you set your wallet? Professionals recommend the best AirTag wallets help you locate your cards and cash with ease, so you're never without your valuables.
Q*, Unitronics, SLAM, Bluetooth, Cold Fusion, Google Drive, Aaran Leyland, and More – SWN #347
Q*, Water Wars, Unitronics, SLAM, Bluetooth, Cold Fusion, Google Drive, Push notifications, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly...
Opal Security Scores $22M Investment for IAM Technology
San Francisco startup gets fresh capital from Battery Ventures to compete in the crowded identity and access management space.
The post Opal Security Scores $22M Investment for IAM Technology appeared first on SecurityWeek.
New 5G Modems Flaws Affect iOS Devices and Android Models from Major Brands
A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS.
Of...
In Other News: Fake Lockdown Mode, New Linux RAT, AI Jailbreak, Country’s DNS Hijacked
Noteworthy stories that might have slipped under the radar: fake Lockdown Mode, a new Linux RAT, jailbreaking AI, and an entire country’s DNS hijacked.
The post In Other News: Fake Lockdown Mode, New Linux RAT, AI Jailbreak, Country’s DNS Hijacked...
Google’s best Gemini AI demo video was fabricated
Enlarge / A still from Google's misleading Gemini AI promotional video, released Wednesday. (credit: Google)
Google is facing controversy among AI experts for a deceptive Gemini promotional video released Wednesday...
That call center tech scammer could be a human trafficking victim
Interpol increasingly concerned as abject abuse of victims scales far beyond Asia origins Human trafficking for the purposes of populating cyber scam call centers is expanding beyond southeast Asia, where the crime was previously isolated.…
Bypassing major EDRs using Pool Party process injection techniques
Researchers devised a novel attack vector for process injection, dubbed Pool Party, that evades EDR solutions.
Researchers from cybersecurity firm SafeBreach devised a set of process injection techniques, dubbed Pool Party, that allows bypassing EDR solutions. They presented the technique...
ProvenRun Banks €15 Million for Secure Connected Vehicle Software
French startup ProvenRun raises €15 million investment to build secure software for connected vehicles and IoT devices.
The post ProvenRun Banks €15 Million for Secure Connected Vehicle Software appeared first on SecurityWeek.
WordPress 6.4.2 Patches Remote Code Execution Vulnerability
WordPress 6.4.2 patches a flaw that could be chained with another vulnerability to execute arbitrary code.
The post WordPress 6.4.2 Patches Remote Code Execution Vulnerability appeared first on SecurityWeek.
UK and US expose Russian hacking plot intended to influence UK’s 2019 elections and spread disinformation
Two men have been charged with hacking into computer networks in the United States, UK, other NATO countries, and Ukraine, on behalf of the Russian government.
Read more in my article on the Hot for Security blog.
Russian APT Used Zero-Click Outlook Exploit
Russian threat actor APT28 has been exploiting a no-interaction Outlook vulnerability in attacks against 14 countries.
The post Russian APT Used Zero-Click Outlook Exploit appeared first on SecurityWeek.
N. Korean Kimsuky Targeting South Korean Research Institutes with Backdoor Attacks
The North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors on compromised systems.
"The threat actor ultimately uses a backdoor to steal...
Lessons from 10 years running the first cyber-exclusive investment firm – Bob Ackerman – ESW #342
Bob Ackerman argues that, from an investment perspective, cybersecurity is like life sciences - a complex, nuanced field that is difficult field to invest in part-time. So his firm, Allegis Cyber, became one of the first to focus exclusively...
US, UK Announce Charges and Sanctions Against Two Russian Hackers
The US and UK announce charges and sanctions against two hackers working with Russia’s FSB security service.
The post US, UK Announce Charges and Sanctions Against Two Russian Hackers appeared first on SecurityWeek.
New Bluetooth Attack
New attack breaks forward secrecy in Bluetooth.
Three. news articles.
The vulnerability has been around for at least a decade.
Android, Linux, Apple Devices Exposed to Bluetooth Keystroke Injection Attacks
A Bluetooth authentication bypass allows attackers to connect to vulnerable Android, Linux, and Apple devices and inject keystrokes.
The post Android, Linux, Apple Devices Exposed to Bluetooth Keystroke Injection Attacks appeared first on SecurityWeek.
Ransomware-as-a-Service: The Growing Threat You Can’t Ignore
Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This alarming development has transformed the cybercrime landscape, enabling individuals...
LEADERS
Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code
Another rare security + squid story:
The woman—who has only been identified by her surname, Wang—was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she...
UK and US expose Russian hacking plot intended to influence UK’s 2019 elections and spread disinformation
Two men have been charged with hacking into computer networks in the United States, UK, other NATO countries, and Ukraine, on behalf of the Russian government.
Read more in my article on the Hot for Security blog.
New Bluetooth Attack
New attack breaks forward secrecy in Bluetooth.
Three. news articles.
The vulnerability has been around for at least a decade.
Weekly Update 377
Presently sponsored by: Get insights into malware’s behavior with ANY.RUN: instant results, live VM interaction, fresh IOCs, and configs without limit.10 years later... 🤯 Seriously, how did this thing turn into this?! It was the humblest of beginning with...
BlackSuit ransomware – what you need to know
A cybercriminal group calling itself BlackSuit has claimed responsibility for a series of ransomware attacks, including breaches at schools in central Georgia.
And earlier in the year, a zoo in Tampa Bay was targeted by the same hacking gang.
Learn more...
