Cybersecurity
Infosec experts divided on AI’s potential to assist red teams
Yes, LLMs can do the heavy lifting. But good luck getting one to give evidence CANALYS FORUMS APAC Generative AI is being enthusiastically adopted in almost every field, but infosec experts are divided on whether it is truly helpful for red team raiders who test enterprise systems.…
Don’t fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish
Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns Unknown criminals went on a phishing expedition that targeted about 20,000 users across the automotive, chemical and industrial compound manufacturing sectors in Europe, and tried to steal account credentials and then hijack the…
US reportedly mulls TP-Link router ban over national security risk
It could end up like Huawei -Trump's gonna get ya, get ya, get ya The Feds may ban the sale of TP-Link routers in the US over ongoing national security concerns about Chinese-made devices being used in cyberattacks.…
Microsoft won’t let customers opt out of passkey push
Enrolment invitations will continue until security improves Microsoft last week lauded the success of its efforts to convince customers to use passkeys instead of passwords, without actually quantifying that success.…
Boffins trick AI model into giving up its secrets
All it took to make an Google Edge TPU give up model hyperparameters was specific hardware, a novel attack technique … and several days Computer scientists from North Carolina State University have devised a way to copy AI models running on Google Edge Tensor Processing Units (TPUs), as…
Phishers cast wide net with spoofed Google Calendar invites
Not that you needed another reason to enable the 'known senders' setting Criminals are spoofing Google Calendar emails in a financially motivated phishing expedition that has already affected about 300 organizations with more than 4,000 emails sent over four weeks, according to Check Point researchers.…
Interpol wants everyone to stop saying ‘pig butchering’
Victims' feelings might get hurt, global cops contend, and that could hinder reporting Interpol wants to put an end to the online scam known as "pig butchering" – through linguistic policing, rather than law enforcement.…
Critical security hole in Apache Struts under exploit
You applied the patch that could stop possible RCE attacks last week, right? A critical security hole in Apache Struts 2 – patched last week – is currently being exploited using publicly available proof-of-concept (PoC) code.…
Ireland fines Meta for 2018 ‘View As’ breach that exposed 30M accounts
€251 million? Zuck can find that in his couch cushions, but Meta still vows to appeal It's been six years since miscreants abused some sloppy Facebook code to steal access tokens belonging to 30 million users, and the slow-turning wheels of Irish justice have finally caught up with…
BlackBerry offloads Cylance’s endpoint security products to Arctic Wolf
Fresh attempt to mix the perfect cocktail of IoT and Infosec BlackBerry's ambition to mix infosec and the Internet of Things has been squeezed, after the Canadian firm announced it is offloading Cylance's endpoint security products.…