CISA unleashes Untitled Goose Tool to honk at danger in Microsoft’s cloud
Not a headline we expected to write today American cybersecurity officials have released an early-warning system to protect Microsoft cloud users.…
Github publishes RSA SSH host keys by mistake, issues update
Getting connection failures? Don't panic. Get new keys Github has updated its SSH keys after accidentally publishing the private part to the world. Whoops.…
French parliament says oui to AI surveillance for 2024 Paris Olympics
Liberté, égalité, reconnaissance faciale for all Despite the opposition of 38 civil society groups, the French National Assembly has approved the use of algorithmic video surveillance during the 2024 Paris Olympics.…
Uncle Sam reveals it sent cyber-soldiers to Albania to hunt for Iranian threats
'Hunt forward' teams of this sort aid with defense and learn how attackers like Tehran operate US Cyber Command operators have confirmed they carried out an online defensive mission in Albania, in response to last year's cyber attacks against...
Critical infrastructure gear is full of flaws, but hey, at least it’s certified
Security researchers find bugs, big and small, in every industrial box probed Devices used in critical infrastructure are riddled with vulnerabilities that can cause denial of service, allow configuration manipulation, and achieve remote code execution, according to security researchers.…
Secure mail
Protection from business email compromise Webinar In the distant past, a master forger with a quill could fake a signature on the end of a letter but at least then you had time to consider the potential for fraud...
Attackers hit Bitcoin ATMs to steal $1.5 million in crypto cash
Terminal maker General Bytes shutters its cloud business after second breach in seven months Unidentified miscreants have siphoned cryptocurrency valued at more than $1.5 million from Bitcoin ATMs by exploiting an unknown flaw in digicash delivery systems.…
Bogus ChatGPT extension steals Facebook cookies
All aboard the chatbot hype train! Next stop: Fraud Google has removed a ChatGPT extension from the Chrome store that steals Facebook session cookies – but not before more than 9,000 users installed the account-compromising bot.…
B-List celebs including Lindsay Lohan fined after shilling crypto
Didn't disclose payments as mastermind pumped up the value of tokens with fake trades Eight very B-list celebrities have been fined for shilling a cryptocurrency without disclosing they were paid to do so, while the chap who paid them...
B-List celebs including Lindsay Lohan fined after crypto shill probe
Didn't disclose payments as mastermind pumped up value of tokens with fake trades Eight very B-list celebrities have agreed to cough up fines after being accused of shilling a cryptocurrency without disclosing they were paid to do so, while...
South Korea fines McDonald’s for data leak from raw SMB share
British American Tobacco, Samsung, also burgered up their infosec South Korea's Personal Information Protection Commission has fined McDonald's, British American Tobacco, and Samsung for privacy breaches.…
Cisco kindly reveals proof of concept attacks for flaws in rival Netgear’s kit
Maybe this is deserved given the problem's in a hidden telnet service Public proof-of-concept exploits have landed for bugs in Netgear Orbi routers – including one critical command execution vulnerability. …
Journalist hurt by exploding USB bomb drive
Now that's a flash bang Police in Ecuador are investigating attacks on media organizations across the country after a journalist was injured by an exploding USB flash drive.…
German political parties accused of microtargeting voters on Facebook
Country's super strong data rights under magnifying glass after half a dozen complaints filed Remember the Who Targets Me browser extension from privacy activists at Noyb? The group yesterday filed explosive complaints based on log records from the extension...
Unknown actors deploy malware to steal data in occupied regions of Ukraine
If this is Kyiv's work, Russia can Crimea river A cyber espionage campaign targeting organizations in Russian-occupied regions of Ukraine is using novel malware to steal data, according to Russia-based infosec software vendor Kaspersky.…
India’s absurd infosec reporting rules get just 15 followers
CERT-In was told its six-hour notification requirement was a bad idea – now it knows just how bad India's rules requiring local organizations to report infosec incidents within six hours of detection have been observed by a mere 15...
Xi, Putin, declare intent to rule the world of AI, infosec
'Technological sovereignty is the key to sustainability' states Russian despot Russian president Vladimir Putin and his Chinese counterpart Xi Jinping have set themselves the goal of dominating the world of information technology.…
BreachForums shuts down … but the RaidForums cybercrime universe will likely become a trilogy
Admins decide reviving crime-mart is dangerous, hint at revival BreachForums has reportedly shut down for good, just days after US authorities arrested the online criminal marketplace's alleged chief administrator.…
You just gonna take that AWS? Let Microsoft school your users on cloud security?
And Google Cloud is next Microsoft has torn the wraps off its multi-cloud security benchmark (MCSB), which replaces the four-year-old Azure Security Benchmark. Crucially, as the name suggests, it now has usage and configuration guidance that reaches into rival...
Ex-Meta security staffer accuses Greece of spying on her phone
Beware of Greeks bearing GIFs Meta's former security policy manager, who split her time between the US and Greece, is reportedly suing the Hellenic national intelligence service for hacking her phone.…
Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability.
Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal...
OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident
OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week.
The glitch, which came to light on...
US Charges 20-Year-Old Head of Hacker Site BreachForums
The US Justice Department charged Conor Brian Fitzpatrick, founder of BreachForums, a major underground website for computer hackers.
The post US Charges 20-Year-Old Head of Hacker Site BreachForums appeared first on SecurityWeek.
Dish customers struggle with service disruptions weeks after ransomware attack
Customers complain that they are still having payment issues and are not able to contact customer service weeks after Dish Network suffered a ransomware attack.
CISA announced the Pre-Ransomware Notifications initiative
The US Cybersecurity and Infrastructure Security Agency (CISA) announced the Pre-Ransomware Notifications service to help organizations stop ransomware attacks before damage occurs.
The US Cybersecurity and Infrastructure Security Agency announced a new Pre-Ransomware Notification initiative that aims at alerting organizations of...
