Thursday, June 1, 2023
SC Magazine

New hacking forum exposes RaidForums member data

SiliconAngle reports that disrupted hacking site RaidForums had its member database including information from 478,870 members leaked on the new Exposed hacking forum, which is claimed to be owned and administered by the threat actor dubbed as 'Impotent.'
SC Magazine

CAPTCHA-breaking services gaining traction

More threat actors have been leveraging illicit services aimed at bypassing CAPTCHA checks, according to The Hacker News.
SC Magazine

Universal 2FA implemented for PyPI project maintainers

All Python Package Index project maintainers have been required to adopt two-factor authentication by the end of the year in a bid to better prevent account takeover attacks, reports SecurityWeek.
SC Magazine

Over 8.9M impacted by MCNA Dental ransomware attack

Over 8.9M impacted by MCNA Dental ransomware attack Major government-sponsored dental insurance provider Managed Care of North America Dental has disclosed being impacted by a cyberattack compromising personal and health information from more than 8.92 million individuals, including patients,...
SC Magazine

The most overhyped identity trends, according to cybersecurity investors

Identiverse panelists cite identity solutions and concepts whose short-term trajectories might not live up to the buzz surrounding them.
SC Magazine

New vulnerability gives macOS users a ‘Migraine’

The vulnerability dubbed "Migraine" by Microsoft researchers could let attackers automatically bypass system integrity protection in the macOS. Apple patched the bug on May 18.
SC Magazine

Guardrails on AI tools like ChatGPT needed to protect secrets, CISOs say

Identiverse panelists offer tips for developing policies around how employees can safely leverage artificial intelligence tools like ChatGPT.
SC Magazine

Armenia targeted with Pegasus spyware

Officials, journalists, and activists across Armenia were reported by Access Now, Citizen Lab, Amnesty International, CyberHUB-AM, and independent researcher Ruben Muradyan to have been targeted in at least 12 instances with the NSO Group's Pegasus spyware, Reuters reports.
SC Magazine

Predator spyware examined

Intellexa's commercial Predator spyware, which has been used in surveillance operations targeted at European politicians, Meta executives, and journalists, has been deploying its Alien loader to the 'zygote64' Android process to enable more spyware components, according to BleepingComputer.
SC Magazine

Offensive, defensive cybersecurity to be consolidated by US Army

DefenseScoop reports that both offensive and defensive cybersecurity portfolios of the U.S. Army will be consolidated.
SC Magazine

US diplomacy to take significant hit should intelligence authorities renewal fail

U.S. Assistant Secretary for State Intelligence and Research Brett Holmgren has warned that Congress' failure to reauthorize a surveillance program under Section 702 of the Foreign Intelligence Surveillance Act before its expiry by yearend would take a significant toll...
SC Magazine

New IARPA initiative seeks to evaluate cyber psychology in fight against hackers

CyberScoop reports that the Intelligence Advanced Research Projects Activity has launched the new Reimagining Security with Cyberpsychology-Informed Network Defenses project, also known as ReSCIND, which seeks to lead to the development of new software exploiting the psychological weaknesses...
SC Magazine

Barracuda zero-day bug analysis finds new payloads, no attribution

Data was exfiltrated using bug in the company’s email security gateway appliances that was exploited since October 2022.
SC Magazine

More states passing data privacy legislation

Montana has become the latest state to approve legislation aimed at strengthening data privacy protections, joining eight other states that have passed data privacy laws, even as such a measure continues to elude progress at the federal level, according...
SC Magazine

New phishing campaign exploits .ZIP domain

Attackers have been leveraging the new "file archive in the browser" phishing technique that enables the creation of realistic phishing pages masquerading as legitimate file archive software, with hosting on a .ZIP domain further establishing the legitimacy of the...
The Register

Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims

Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
The Register

Feds, you’ll need a warrant for that cellphone border search

Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…
Graham Cluley

Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?

height="315" class="aligncenter size-full wp-image-292324" /> ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"? All this and...

Researchers tell owners to “assume compromise” of unpatched Zyxel firewalls

Enlarge (credit: Getty Images) Firewalls made by Zyxel are being wrangled into a destructive botnet, which is taking control of them by exploiting a recently patched vulnerability with a severity...

AI-expanded album cover artworks go viral thanks to Photoshop’s Generative Fill

Enlarge / An AI-expanded version of a famous album cover involving four lads and a certain road created using Adobe Generative Fill. (credit: Capitol Records / Adobe / Dobrokotov) Over...