Blog
-
FBI Warning: BADBOX 2.0 Botnet Targeting Home IoT Devices
A new botnet is having a great deal of success in compromising home networks via IoT devices, one thought to be controlled by private criminal operators in China with some assistance from an app development company based in Malaysia.
-
Cyber Scams Backed by Infrastructure Provider Based in Phillippines Pose Major Security Challenge
The illicit infrastructure provider has been in business since at least late 2023 and is one of the bigger ones of its type, but far from the only one. The FBI says that it has located over 332,000 unique domain names owned by the group and that the cyber scams it facilitates have taken in…
-
Microsoft OneDrive File Picker Security Flaw Exposes Shocking Amount of User Data
New research demonstrates that apps receive expansive permission to access cloud storage whenever File Picker is used to upload something, far beyond what the average user would expect. Microsoft says it is not really a security flaw, however, since the user is providing their consent.
-
Federal AI Data Security Guidance Sounds Warnings About Data Drift, Well Poisoning
New joint guidance issued by US government agencies addresses the assortment of threats to AI data security that firms need to be aware of as they tie models into their systems. These include the ways in which stored data can “drift” out of alignment, and the approaches that active threat actors will take to intentionally…
-
World’s Largest Infostealer Malware Operation Suffers Major Blow With Law Enforcement Raid
The infostealer malware operation lost its control panel to the law enforcement raid, severing it from clients and its central marketplace of stolen data, as well as some 2,300 domains belonging to the group, which has infected over 394,000 Windows computers globally.
-
Fake KeePass Password Manager, Distributed Via Bing Ads, Leads to Rash of Ransomware Attacks
A new report from WithSecure documents a recent rash of ransomware attacks, spanning at least eight months, initiated by a fake version of the KeePass password manager that was spread through Microsoft ads.
-
Decentralized, Censorship-Free AI Chatbot Attracts Hackers Seeking Malware
Venice.ai provides a decentralized and censorship-free AI chatbot with capabilities on par with leading LLMs. It’s the first easily accessible “clear web” chatbot that will readily provide the user with malware, custom phishing messages and instructions for criminal activities upon request.
-
“Scattered Spider” Looks to Move on From UK Retailers, Deploy Cyber Attacks in the US Instead
Intelligence from Google’s threat team and subsidiary Mandiant indicates that the “Scattered Spider” group can be attributed as the attackers of major UK retailers in recent weeks, and that the hackers are likely to turn their attention to cyber attacks on US targets in the coming weeks.
-
Coinbase Data Breach Raises More Questions About Crypto Exchange Security
The crypto exchange projects a loss of $180 million to $400 million from the data breach after overseas customer service reps were bribed by unknown parties, who provided the attackers with sensitive personal information then put to use in targeted money transfer schemes.
-
New EU Vulnerability Database Will Complement Existing Sources, At Least For Now
With the CVE program famously facing funding difficulties, the EU has chosen an opportune time to roll out its new European Vulnerability Database. But, at least for the near term, the database looks to be leaning on the CVE database and other sources and acting as a complement rather than a potential replacement.