Sat.Jan 13, 2024 - Fri.Jan 19, 2024

article thumbnail

News alert: Incogni study reveals overwhelming majority of spam calls originate locally

The Last Watchdog

Los Angeles, Calif., Jan. 17, 2024 – Spam calls continue to be a major nuisance in the US, and advice on how to avoid them abound. Incogni’s latest research challenges prevalent assumptions about spam calls, revealing that traditional advice on avoiding specific area codes is largely ineffective. The study, based on the latest data from the Federal Trade Commission (FTC), demonstrates that, contrary to popular belief, a staggering 59.81% of all unwanted calls originate from local num

article thumbnail

Exclusive: Cloud Vendor Returns Stolen Hospital Data

Data Breach Today

Alliance Had Sued LockBit Gang to Force Cloud Firm to Release Affected Patient Data A cloud services firm has turned over to a New York hospital alliance the patient data stolen in a ransomware attack by LockBit. The hospital group had filed a lawsuit against LockBit as a legal maneuver to force the storage firm to return data the cybercriminals had stashed on the vendor's servers.

Cloud 321
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Code Written with AI Assistants Is Less Secure

Schneier on Security

Interesting research: “ Do Users Write More Insecure Code with AI Assistants? “: Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI’s codex-davinci-002 model wrote significantly less secure code than those without access.

Security 135
article thumbnail

Cryptohack Roundup: SEC Still Probing X Account Hack

Data Breach Today

Also: $3.3M Socket Hack; Do Kwon and Alex Mashinsky Trials This week, the U.S. SEC assessed its X account hack, attackers stole $3.3M from Socket, Do Kwon got a new trial date, Alex Mashinsky sought to dismiss charges, Google Play Store removed crypto apps for India users, IRS clarified crypto asset reporting and South Korea mulled crypto mixer legislation.

IT 297
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Canadian Man Stuck in Triangle of E-Commerce Fraud

Krebs on Security

A Canadian man who says he's been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name.

297
297

More Trending

article thumbnail

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Security Affairs

Researchers from Bishop Fox found over 178,000 SonicWall next-generation firewalls (NGFW) publicly exploitable. SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656 , that could potentially lead to remote code execution. Despite a proof-of-concept exploit for the flaw CVE-2023-0656 was publicly released, the vendor is not aware of attack in the wild exploiting the vulner

IT 145
article thumbnail

Popular GPUs Used AI Systems Vulnerable to Memory Leak Flaw

Data Breach Today

LeftoverLocals Affects Apple, AMD and Qualcomm Devices Researchers uncovered a critical vulnerability in graphic processing units of popular devices that could allow attackers to access data from large language models. They dubbed the vulnerability LeftoverLocals and said it affects the GPU frameworks of Apple, AMD and Qualcomm devices.

Access 320
article thumbnail

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

Krebs on Security

The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as “Internet Swiping” and “Million Dollar Criminal” earning millions of views, Punchmade has leveraged his considerable following to peddle tutorials on how to commit financial crimes online.

Sales 303
article thumbnail

A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data

WIRED Threat Level

Patching every device affected by the LeftoverLocals vulnerability—which includes some iPhones, iPads, and Macs—may prove difficult.

Security 145
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Balada Injector continues to infect thousands of WordPress sites

Security Affairs

Balada Injector malware infected more than 7100 WordPress sites using a vulnerable version of the Popup Builder plugin. In September, Sucuri researchers reported that more than 17,000 WordPress websites had been compromised in September with the Balada Injector. The researchers noticed that the number of Balada Injector infections has doubled compared with August 2023.

CMS 144
article thumbnail

Researchers Spot Critical Security Flaw in Bosch Thermostats

Data Breach Today

Bitdefender Finds Vulnerability in Popular IoT Device Thermostats sold across the globe by German multinational engineering company Bosch contained a flaw allowing hackers to cut power to the heating system and override the firmware, warn researchers from cybersecurity firm Bitdefender. Bosch pushed an over-the-air update in October.

IoT 317
article thumbnail

Jamf Threat Labs discovers new malware embedded in pirated applications

Jamf

In this blog, Jamf Threat Labs researchers analyze malware they discovered in pirated macOS applications. These apps, appearing similar to ZuRu malware, download and execute multiple payloads to compromise machines in the background.

143
143
article thumbnail

Inside the Massive Naz.API Credential Stuffing List

Troy Hunt

It feels like not a week goes by without someone sending me yet another credential stuffing list. It's usually something to the effect of "hey, have you seen the Spotify breach", to which I politely reply with a link to my old No, Spotify Wasn't Hacked blog post (it's just the output of a small set of credentials successfully tested against their service), and we all move on.

Passwords 141
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

iShutdown lightweight method allows to discover spyware infections on iPhones

Security Affairs

Researchers devised a “lightweight method,” called iShutdown, to determine whether Apple iOS devices have been infected with spyware. Cybersecurity researchers from Kaspersky have identified a “lightweight method,” called iShutdown, to identify the presence of spyware on Apple iOS devices. The method allow to discover stealthy and poweful surveillance software like NSO Group ‘s Pegasus , Intellexa ‘s Predator , QuaDream ‘s Reign.

Archiving 143
article thumbnail

White House Official Warns of AI Risks in 2024 Elections

Data Breach Today

No 'Magic Solution' to Prevent Malicious Use of AI in Elections, OSTP Chief Says Arati Prabhakar, director of the White House's Office of Science and Technology Policy, said during an event at the 2024 World Economic Forum that generative artificial intelligence has the potential to "dramatically accelerate and amplify the erosion of information integrity.

article thumbnail

‘Stablecoins’ Enabled $40 Billion in Crypto Crime Since 2022

WIRED Threat Level

A new report from Chainalysis finds that stablecoins like Tether, tied to the value of the US dollar, were used in the vast majority of crypto-based scam transactions and sanctions evasion in 2023.

Privacy 139
article thumbnail

Analysis of Phishing Emails Shows High Likelihood They Were Written By AI

KnowBe4

It’s no longer theoretical; phishing attacks and email scams are leveraging AI-generated content based on testing with anti-AI content solutions.

Phishing 131
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Phemedrone info stealer campaign exploits Windows smartScreen bypass

Security Affairs

Threat actors exploit a recent Windows SmartScreen bypass flaw CVE-2023-36025 to deliver the Phemedrone info stealer. Trend Micro researchers uncovered a malware campaign exploiting the vulnerability CVE-2023-36025 (CVSS score 8.8) to deploy a previously unknown strain of the malware dubbed Phemedrone Stealer. The vulnerability was addressed by Microsoft with the release of Patch Tuesday security updates for November 2023.

Archiving 142
article thumbnail

NetScaler, Atlassian, VMWare Disclose Critical Flaws

Data Breach Today

Citrix NetScaler ADC and Gateway Bugs Exploited in the Wild IT infrastructure mainstays including Netscaler, Atlassain and VMWare on Tuesday released fixes for vulnerabilities including some allowing malicious takeover of appliances. NetScaler warned customers Tuesday of two zero day vulnerabilities that researchers say are being exploited in the wild.

IT 309
article thumbnail

How to Opt Out of Comcast’s Xfinity Storing Your Sensitive Data

WIRED Threat Level

One of America’s largest internet providers may collect data about your political beliefs, race, and sexual orientation to serve personalized ads.

Security 136
article thumbnail

‘Swatting’ Becomes the Latest Extortion Tactic in Ransomware Attacks

KnowBe4

Rather than stick to traditional ransomware extortion methods that revolve around the attack itself, a new form of extortion known as Swatting puts the focus on the victim organization’s customers.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic

Security Affairs

Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware. Apple released Magic Keyboard Firmware Update 2.0.6 to address a recently disclosed Bluetooth keyboard injection issue tracked as CVE-2024-0230. The flaw is a session management issue that can be exploited by an attacker with physical access to the accessory to extract its Bluetooth pairing key and spy on the Bluetooth traffic.

Access 142
article thumbnail

Breach Roundup: Microsoft's Effort to Store EU Data Locally

Data Breach Today

Also: FBI Warning About Androxgh0st; eBay Pays a $3 Million Fine for Cyberstalking This week, Microsoft expanded plans to store EU citizens' data locally, shipping-themed phishing spam is a threat, the British Library overcame a ransomware setback, the FBI warned of Androxgh0st malware, Remcos RAT targeted South Korea, and eBay was fined $3 million for a cyberstalking campaign.

Libraries 308
article thumbnail

A Bloody Pig Mask Is Just Part of a Wild New Criminal Charge Against eBay

WIRED Threat Level

Plus: Chinese officials tracked people using AirDrop, Stuxnet mole’s identity revealed, AI chatbot hacking, and more.

Privacy 137
article thumbnail

Facebook Work-From-Home “Job” Posting Scam Goes the Extra Mile to Trick Victims

KnowBe4

A new job posting scam found by IT security company Qualysys is focused on capturing victim’s identity details, accessing victim’s Facebook accounts, and committing fraud. In this new scam, legitimate Facebook advertising is used to post fake work-from-home job ads from several companies. As with most of these scams, victims are directed to a third-party messaging app and are asked to sign a realistic-looking employment contract.

Access 126
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Google fixed the first actively exploited Chrome zero-day of 2024

Security Affairs

Google has addressed the first Chrome zero-day vulnerability of the year that is actively being exploited in the wild. Google has released security updates to address the first Chrome zero-day vulnerability of the year that is actively being exploited in the wild. The high-serverity vulnerability, tracked as CVE-2024-0519 , is an out of bounds memory access in the Chrome JavaScript engine.

Security 142
article thumbnail

OpenAI Combats Election Misinformation Amid Growing Concerns

Data Breach Today

ChatGPT Maker Wants to Deter Use of AI in Online Election Misinformation Campaigns OpenAI announced a series of steps it was taking to prevent the use of its models in online influence operations throughout the 2024 election season, amid growing concerns that the election could face significant security concerns from the use of AI in online influence operations.

Security 306
article thumbnail

The Sad Truth of the FTC's Location Data Privacy Settlement

WIRED Threat Level

The FTC forced a data broker to stop selling “sensitive location data.” But most companies can avoid such scrutiny by doing the bare minimum, exposing the lack of protections Americans truly have.