Monday, January 30, 2023

Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine

The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.

Cybercrime Ecosystem Spawns Lucrative Underground Gig Economy

The complex nature of cyberattacks has increased demand for software developers, reverse engineers, and offensive specialists — attracting workers facing financial insecurity.

10M JD Sports Customers' Info Exposed in Data Breach

UK sportswear retailer asks exposed customers to stay "vigilant" against phishing attempts following cyberattack.

IT and Security Professionals Spend an Average of 4,300 Hours Annually Achieving or Maintaining Compliance

New research from Drata shows compliance remains a business challenge for many organizations.

Make Developers the Driver of Software Security Excellence

Those who are wrangling code every day could fuel a genuinely transformational approach to security — if they are adequately upskilled.

Facebook Bug Allows 2FA Bypass Via Instagram

The Instagram rate-limiting bug, found by a rookie hunter, could be exploited to bypass Facebook 2FA in vulnerable apps, researcher reports.

Fake Texts From the Boss, Bogus Job Postings and Frankenstein Shoppers — Oh My!

Experian’s annual Future of Fraud Forecast highlights five fraud threats facing businesses and consumers in 2023.

Convincing, Malicious Google Ads Look to Lift Password Manager Logins

Users searching for Bitwarden and 1Password's Web vaults on Google have recently reported seeing paid ads with links to cleverly spoofed sites for stealing credentials to their password vaults.

Long Con Impersonates Financial Advisers to Target Victims

Cybercriminals are co-opting the identities of legitimate US financial advisers to use them as fodder for relationship scams (aka "pig butchering"), which end with the theft of investments.

The Journal, Artificial Intelligence in the Life Sciences, Highlights the Contributions of Women in Artificial Intelligence in the Life Sciences

The launch of a new article collection and webinar by the journal AILSCI recognises prominent female scientists in the field of AI.

Spotlight on 2023 DevSecOps Trends

Solutions that provide more actionable results — remediation that frees up engineers, processes which integrate security into software development from its design, along with automation, IAC, and tool consolidation — are among the DevSecOps strategies that will prevail this...

Enterprises Don't Know What to Buy for Responsible AI

Organizations are struggling to procure appropriate technical tools to address responsible AI, such as consistent bias detection in AI applications.

Enterprises Need to Do More to Assure Consumers About Privacy

Organizations care about data privacy, but their priorities appear to be different from what their customers think are important.

Why Most Companies Still Don’t Know What’s on Their Network

Chris Kirsch, CEO of runZero, sits down with Dark Reading’sTerry Sweeney for a Fast Chat on the importance of asset discovery.

On Data Privacy Day, Organizations Fail Data Privacy Expectations

Data Privacy Day rolls around year after year, and data privacy breaches likewise. Two-thirds of data breaches result in data exposure.

Critical RCE Lexmark Printer Bug Has Public Exploit

A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers.

Google: Influence Operator Dragonbridge Floods Social Media in Sprawling Cyber Campaign

Google has mounted a massive takedown, but Dragonbridge's extensive capabilities for generating and distributing vast amounts of largely spammy content calls into question the motivation behind the group.

GitHub says hackers cloned code-signing certificates in breached repository

Enlarge GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place...
Security Affairs

QNAP addresses a critical flaw impacting its NAS devices

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that...
The Register

Chromebook SH1MMER exploit promises admin jailbreak

Schools' laptops are out if this one gets around, but beware bricking Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER.…

MusicLM: Google AI generates music in various genres at 24 kHz

Enlarge / An AI-generated image of an exploding ball of music. (credit: Ars Technica) On Thursday, researchers from Google announced a new generative AI model called MusicLM that can create...

Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine

The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.