Social Engineering Scams Take a New Turn
Published Apr 26 2024 11:43 AM
Social engineering, or fooling people into doing bad actions, is one of the most successful attack methods of cybercriminals. Building on success, they have a new way to do it and gain access to company systems and steal money.
Social Engineering is the new attack of choice
Attacker Social-Engineered Backdoor Code Into XZ Utils
Published Apr 26 2024 11:40 AM
Attackers have shown that no technical skill is needed to perpetrate a significant cyber compromise. Social engineering, the art of convincing people that you are authorized to get confidential information, is enough.
Social Engineering yields big rewards
Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs
Published Apr 26 2024 11:37 AM
CrushFTP is a file transfer package used by many companies. By exploiting a zero-day vulnerability attackers have been able to gain access and even execute code. Install the patch now.
Another zero-day being exploited
New 'Brokewell' Android Malware Spread Through Fake Browser Updates
Published Apr 26 2024 11:33 AM
Another instance of fake updates being used to spread malware. Be very careful before accepting the updates.
Fake updates again
Russian Hackers Exploiting Windows Print Spooler Vuln
Published Apr 26 2024 11:29 AM
Using a vulnerability known about for at least 18 months attackers have been able to compromise systems and even escalate privileges to steal credentials.
https://www.bankinfosecurity.com/russian-hackers-exploiting-windows-print-spooler-vuln-a-24929?rf=2024-04-24_ENEWS_SUB_BIS__Slot9_ART24929&mkt_tok=MDUxLVpYSS0yMzcAAAGSr4ul2yqPWIjl1u69Wa5V23_QzZNCcn15Pan6dbUoE__vtq5YgLJA4AuhJfOKVQQXer_JGKKD9KnccY40iIhNafrdR1v3o05O6e8BmZA0U5eU0LA6
SMB Cyber Myths
Published Apr 19 2024 10:10 AM
There are a number of myths that endanger Small and Medium size businesses, SMBs. Do you know what they are? And what to do about them? We tell you here.
Cyber myths are dangerous
Cisco Duo's Multifactor Authentication Service Breached
Published Apr 19 2024 10:08 AM
Multi-factor Authentication, MFA, is touted as far safer than passwords alone. However, there are different types of MFA. Some are much safer, and some are not. Here Cisco’s MFA has been breached. Know what to do.
Cisco MFA breached
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
Published Apr 19 2024 9:55 AM
Kubernetes, the open source container software, is widely used and is now being exploited. If you use it, learn what to do.
Kubernetes being exploited
Facebookâs AI Told Parents Group It Has a Gifted, Disabled Child
Published Apr 19 2024 9:53 AM
In another example of an AI system issue, a parent enquired about advice for a gifted and disabled child. The AI system replied that it, the AI system, had a gifted and disabled child. All that these systems say should not be taken at face value.
AI system has a child???
Gamers Are Renting Their Idle GPUs to Generate AI Porn
Published Apr 19 2024 9:51 AM
Gamers typically use devices with high powered graphics engines. Now they are renting that capacity to cybercriminals to generate porn using AI systems.
Gamers renting idle GPUs for nefarious purposes
AI Hallucinations May Be Used by Cybercriminals
Published Apr 12 2024 9:21 AM
AI systems are still hallucinating despite vendors saying they will fix it. The latest is hallucinating software packages in the libraires used to distribute the packages. A researcher uploaded a package with the AI hallucinated name and it was downloaded over 35,000 times, showing the suggestions by AI systems are often not checked before being used.
AI hallucinates fake software packages
Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack
Published Apr 12 2024 9:17 AM
A newly discovered flaw in Palo Alto PAN-OS received a CVSS rating of 10, the most severe given. A patch is available to some customers. Install it immediately. If you don’t subscribe to the Threat Preventions service contact Palo Alto and ask what to do.
Palo Alto vulnerability gets most serious rating
XZ Utils Scare Exposes Hard Truths About Software Security
Published Apr 12 2024 9:13 AM
These are open source utilities used to compress data and included in the major Linux distributions. However, they have a back door installed by cybercriminals.
A stark reminder that ultimately users of open source are responsible for security.
Users responsible for open source security
Cagey Phishing Campaign Delivers Multiple RATs to Steal Windows Data
Published Apr 12 2024 9:10 AM
A newly discovered phishing campaign is installing multiple RATs, Remote Access Trojans that let attackers take over Windows systems. The RATs have devious ways to avoid anti-malware packages. The phishing emails vary but include corrupt attachments that install the RATs.
Phishing campaign avoids detection
LG Smart TVs at Risk of Attacks, Thanks to 4 OS Vulnerabilities
Published Apr 12 2024 9:07 AM
Recently discovered vulnerabilities in LG TVs let attackers take over the set. They can use the set microphone and camera to watch and listen to you. They can also steal the information gathered by the set. Be sure to update to the newest version of the software.
LG TVs watching you