December 2024

‘That’s not a bug, it’s a feature’ takes on a darker tone when malware’s involved

Mummy, where do zero days come from? Opinion  One of the charms of coding is that malice can be indistinguishable from incompetence. Last week's Who, Me? story about financial transfer test software running amok is a case in point.…

Suspected LockBit dev, facing US extradition, ‘did it for the money’

Dual Russian-Israeli national arrested in August An alleged LockBit ransomware developer is in custody in Israel and awaiting extradition to the United States.…

UK ICO not happy with Google’s plans to allow device fingerprinting

Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more in brief  Google has announced plans to allow its business customers to begin "fingerprinting" users next year, and the UK Information Commissioner's Office (ICO) isn't happy about it. …

Infosec experts divided on AI’s potential to assist red teams

Yes, LLMs can do the heavy lifting. But good luck getting one to give evidence CANALYS FORUMS APAC  Generative AI is being enthusiastically adopted in almost every field, but infosec experts are divided on whether it is truly helpful for red team raiders who test enterprise systems.…

Don’t fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish

Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns Unknown criminals went on a phishing expedition that targeted about 20,000 users across the automotive, chemical and industrial compound manufacturing sectors in Europe, and tried to steal account credentials and then hijack the…

US reportedly mulls TP-Link router ban over national security risk

It could end up like Huawei -Trump's gonna get ya, get ya, get ya The Feds may ban the sale of TP-Link routers in the US over ongoing national security concerns about Chinese-made devices being used in cyberattacks.…

Microsoft won’t let customers opt out of passkey push

Enrolment invitations will continue until security improves Microsoft last week lauded the success of its efforts to convince customers to use passkeys instead of passwords, without actually quantifying that success.…

Boffins trick AI model into giving up its secrets

All it took to make an Google Edge TPU give up model hyperparameters was specific hardware, a novel attack technique … and several days Computer scientists from North Carolina State University have devised a way to copy AI models running on Google Edge Tensor Processing Units (TPUs), as…

Phishers cast wide net with spoofed Google Calendar invites

Not that you needed another reason to enable the 'known senders' setting Criminals are spoofing Google Calendar emails in a financially motivated phishing expedition that has already affected about 300 organizations with more than 4,000 emails sent over four weeks, according to Check Point researchers.…

Interpol wants everyone to stop saying ‘pig butchering’

Victims' feelings might get hurt, global cops contend, and that could hinder reporting Interpol wants to put an end to the online scam known as "pig butchering" – through linguistic policing, rather than law enforcement.…

Copyright © 2024 Lugapel