October 2024

Open source LLM tool primed to sniff out Python zero-days

The static analyzer uses Claude AI to identify vulns and suggest exploit code Researchers with Seattle-based Protect AI plan to release a free, open source tool that can find zero-day vulnerabilities in Python codebases with the help of Anthropic's Claude AI model.…

Jetpack fixes 8-year-old flaw affecting millions of WordPress sites

Also, new EU cyber reporting rules are live, exploiters hit the gas pedal, free PDNS for UK schools, and more in brief  A critical security update for the near-ubiquitous WordPress plugin Jetpack was released last week. Site administrators should ensure the latest version is installed to keep their…

Alleged Bitcoin crook faces 5 years after SEC’s X account pwned

SIM swappers strike again, warping cryptocurrency prices An Alabama man faces five years in prison for allegedly attempting to manipulate the price of Bitcoin by pwning the US Securities and Exchange Commission's X account earlier this year.…

ESET denies it was compromised as Israeli orgs targeted with ‘ESET-branded’ wipers

Says 'limited' incident isolated to 'partner company' ESET denies being compromised after an infosec researcher highlighted a wiper campaign that appeared to victims as if it was launched using the Slovak security shop's infrastructure.…

Intel hits back at China’s accusations it bakes in NSA backdoors

Chipzilla says it obeys the law wherever it is, which is nice Intel has responded to Chinese claims that its chips include security backdoors at the direction of America's NSA.…

Biz hired, and fired, a fake North Korean IT worker – then the ransom demands began

'My webcam isn't working today' is the new 'The dog ate my network' It's a pattern cropping up more and more frequently: a company fills an IT contractor post, not realizing it's mistakenly hired a North Korean operative. The phony worker almost immediately begins exfiltrating sensitive data, before…

Uncle Sam puts $10M bounty on Russian troll farm Rybar

Propaganda op focuses on anti-West narratives to meddle with elections The US has placed a $10 million bounty on Russian media network Rybar and a number of its key staffers following alleged attempts to sway the upcoming US presidential election.…

Brazilian police claim they’ve cuffed serial cybercrook behind FBI and Airbus attacks

Early stage opsec failures lead to landmark arrest of suspected serial data thief Brazilian police are being cagey with the details about the arrest of a person suspected to be responsible for various high-profile data thefts.…

WeChat devs introduced security flaws when they modded TLS, say researchers

No attacks possible, but enough issues to cause concern Messaging giant WeChat uses a network protocol that the app's developers modified – and by doing so introduced security weaknesses, researchers claim.…

Anonymous Sudan isn’t any more: Two alleged operators named, charged

Gang said to have developed its evilware on GitHub – then DDoSed GitHub Hacktivist gang Anonymous Sudan appears to have lost its anonymity after the US Attorney's Office on Wednesday unsealed an indictment identifying two of its alleged operators.…

Copyright © 2024 Lugapel