Threat Note – Page 1854 – Aggregating Cyber Insights

From The Hacker News – Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms

Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks. Menlo Security said the activity started in July 2023, primarily singling out banking and financial services, insurance, property management and

Samir K October 9, 2023

Vulnerabilities

From Cybersecurity Help – The US, Ukraine, and Israel remain top targets of nation-state hackers

In addition to attacks on Ukraine, Russian threat actors intensified cyber operations against Western countries. Read More

Samir K October 9, 2023

Webinars

From The Hacker News – Webinar: How vCISOs Can Navigating the Complex World of AI and LLM Security

In today's rapidly evolving technological landscape, the integration of Artificial Intelligence (AI) and Large Language Models (LLMs) has become ubiquitous across various industries. This wave of innovation promises improved efficiency and performance, but lurking beneath the surface are complex vulnerabilities and unforeseen risks that demand immediate attention from cybersecurity professionals

Samir K October 9, 2023

Research

From Cyber Security News – OpenAI is Reportedly Developing its Own AI chips

The maker of ChatGPT, OpenAI, is looking at making its own artificial intelligence chips, which are necessary for operating the highly popular chatbot. Those acquainted with the company’s ambitions claim…

Samir K October 9, 2023

News

From The Hacker News – “I Had a Dream” and Generative AI Jailbreaks

"Of course, here's an example of simple code in the Python programming language that can be associated with the keywords "MyHotKeyHandler," "Keylogger," and "macOS," this is a message from ChatGPT followed by a piece of malicious code and a brief remark not to use it for illegal purposes. Initially published by Moonlock Lab, the screenshots of ChatGPT writing code for a keylogger malware is yet

Samir K October 9, 2023

Research

From Schneier on Security – AI Risks

There is no shortage of researchers and industry titans willing to warn us about the potential destructive power of artificial intelligence. Reading the headlines, one would hope that the rapid…

Samir K October 9, 2023

Breaches

From Cyber Security News – MGM Resorts Refused to Pay Hackers’ Ransom Demand in Cyberattack

In recent news, MGM Resorts International took a bold stance in the face of a cyberattack, refusing to give in to ransomware hackers who breached its systems. The incident led…

Samir K October 9, 2023

Vulnerabilities

From Cybersecurity Help – Chinese cyber crooks backdoor low-cost Android devices for ad fraud

The malware is being installed during the supply chain process. Read More

Samir K October 9, 2023

News

From Cyber Security News – GoldDigger Disguises as Fake Android App To Steal Banking Credentials

GoldDigger, a new Android Trojan, imitates a fraudulent Android application and has been discovered to spoof both a Vietnamese government portal and a local energy provider. Since at least June…

Samir K October 9, 2023

Toolkit

From Cyber Security News – Threat Actors Employ Remote Admin Tools to Gain Access over Corporate Networks

Recently, threat actors have adapted tactics, exploiting the appeal of banned apps in specific regions, making users more susceptible to cyberattacks through cleverly crafted campaigns. In a recent campaign, Chinese…

Samir K October 9, 2023

Breaches

From Cybercrime Magazine – APIs: Unveiling the Silent Killer of Cybersecurity Risk Across Industries

Real-world breaches underscore the threat – Seemant Sehgal, CEO, BreachLock New York, N.Y. – Oct. 7, 2023 In today’s interconnected digital ecosystem, Application Programming Interfaces (APIs) play a pivotal role…

Samir K October 8, 2023

Articles

From Graham Cluley – Revealed! The top 10 cybersecurity misconfigurations, as determined by CISA and the NSA

A joint advisory from the United States's National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) has shone a light on the top ten most common cybersecurity misconfigurations…

Samir K October 6, 2023

Vulnerabilities

From Cybersecurity Help – Cyber Security Week in Review: October 6, 2023

The world in brief: Apple, Atlassian, ARM and Qualcomm patch zero-days, NSA and CISA reveal top 10 cybersecurity misconfigs, and more. Read More

Samir K October 6, 2023

Articles

From Schneier on Security – Deepfake Election Interference in Slovakia

Well designed and well timed deepfake or two Slovakian politicians discussing how to rig the election: Šimečka and Denník N immediately denounced the audio as fake. The fact-checking department of…

Samir K October 6, 2023

Podcast

From Graham Cluley – Smashing Security podcast #342: Royal family attacked, keyless car theft, and a deepfake Tom Hanks

Is a deepfake Tom Hanks better than the real thing? Who has been attacking the British Royal Family’s website, and why? And how can you protect your vehicle from the…

Samir K October 5, 2023

From Security Week – Cisco Patches High-Severity Vulnerabilities in Enterprise Products

From Cyber Security News – Hackers Abuse Google Ads to Steal Users GoDaddy ManageWP login Credentials

From Schneier on Security – Smart Glasses for the Authorities

From Security Week – Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

From Cyber Security News – 28 Fake Call History Apps on Google Play with 7.3M+ Downloads Trick Users to Steal Payments

From Cyber Security News – Malicious NuGet Packages Target Browser Credentials, SSH Keys, and Crypto Wallets

From The Hacker News – PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

From Cyber Security News – Critical vm2 Node.js Library Vulnerabilities Enables Arbitrary Code Execution Attacks

From Cyber Security News – Hackers Used Claude AI to Attack on Water and Drainage Utility Systems

From Cyber Security News – Critical Ollama Memory Leak Vulnerability Exposes 300,000 Servers Globally

From Security Week – Cisco Patches High-Severity Vulnerabilities in Enterprise Products

From Cyber Security News – Hackers Abuse Google Ads to Steal Users GoDaddy ManageWP login Credentials

From Schneier on Security – Smart Glasses for the Authorities

From Security Week – Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

From Cyber Security News – 28 Fake Call History Apps on Google Play with 7.3M+ Downloads Trick Users to Steal Payments

From Cyber Security News – Malicious NuGet Packages Target Browser Credentials, SSH Keys, and Crypto Wallets

From Cybersecurity Help – The US, Ukraine, and Israel remain top targets of nation-state hackers

From Cyber Security News – OpenAI is Reportedly Developing its Own AI chips

From The Hacker News – “I Had a Dream” and Generative AI Jailbreaks

From Schneier on Security – AI Risks

From Cyber Security News – MGM Resorts Refused to Pay Hackers’ Ransom Demand in Cyberattack

From Cybersecurity Help – Chinese cyber crooks backdoor low-cost Android devices for ad fraud

From Cyber Security News – GoldDigger Disguises as Fake Android App To Steal Banking Credentials

From Cybercrime Magazine – APIs: Unveiling the Silent Killer of Cybersecurity Risk Across Industries

From Graham Cluley – Revealed! The top 10 cybersecurity misconfigurations, as determined by CISA and the NSA

From Cybersecurity Help – Cyber Security Week in Review: October 6, 2023

From Schneier on Security – Deepfake Election Interference in Slovakia

From Graham Cluley – Smashing Security podcast #342: Royal family attacked, keyless car theft, and a deepfake Tom Hanks

From Security Week – Cisco Patches High-Severity Vulnerabilities in Enterprise Products

From Cyber Security News – Hackers Abuse Google Ads to Steal Users GoDaddy ManageWP login Credentials

From Schneier on Security – Smart Glasses for the Authorities

From Security Week – Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack