News
-
"Jscrambler Launches JavaScript Scanner for PCI DSS 4.0 Compliance"Jscrambler has released a free tool to help businesses check the JavaScript code on their e-commerce sites and bring it into compliance with Payment Card Industry Data Security Standards (PCI DSS) 4.0. In March 2022, the PCI Security Standards Council…
-
"8Base Ransomware Gang Escalates Double Extortion Attacks in June"A ransomware gang named "8Base" has been targeting organizations worldwide in double-extortion attacks, with a constant stream of new victims. The ransomware group appeared for the first time in March 2022, maintaining a low profile with few notable…
-
"ChatGPT Shows Promise in Detecting Phishing Sites"Researchers wanted to know whether ChatGPT can reliably detect phishing sites. They tested 5,265 URLs (2,322 phishing and 2,943 safe). They asked ChatGPT (GPT-3.5) the question: "Does this link lead to a phish website?" The Artificial Intelligence (AI)-…
-
SoS Musings #74 - Cybercriminals Ramping Up Business Email Compromise (BEC) AttacksSoS Musings #74 - Cybercriminals Ramping Up Business Email Compromise (BEC) Attacks
-
Cybersecurity Snapshots #43 - Rorschach RansomwareCybersecurity Snapshots #43 - Rorschach Ransomware
-
Cyber Scene #81 - California Gold Rush: AI, Chips, and the Tech Arms RaceCyber Scene #81 - California Gold Rush: AI, Chips, and the Tech Arms Race
-
"Attackers Can Break Voice Authentication With up to 99 Percent Success Within Six Tries"Computer scientists at the University of Waterloo have discovered an attack technique that can bypass voice authentication security systems with a success rate of up to 99.9 percent after only six attempts. Voice authentication, which enables…
-
"Researchers Find Way to Recover Cryptographic Keys by Analyzing LED Flickers"Researchers from the Ben-Gurion University of the Negev and Cornell University have discovered that it is possible to recover secret keys from a device by analyzing video footage of its power LED in a clever side-channel attack. They found that…
-
"New Mockingjay Process Injection Technique Evades EDR Detection"A new process injection technique called "Mockingjay" may enable threat actors to evade Endpoint Detection and Response (EDR) and other security products in order to secretly execute malicious code on compromised systems. Researchers at the cybersecurity…
-
"Four Ways Criminals Could Use AI to Target More Victims"Daniel Prince, a cybersecurity professor at Lancaster University, explores how criminals could use Artificial Intelligence (AI) to target victims. AI is a tool used to improve productivity, process and organize large volumes of data, and offload decision…
-
"Why the FDA's SBOM Mandate Changes the Game for OSS Security"The US Food and Drug Administration (FDA) is not the first thing that comes to mind for most Open Source Software (OSS) project maintainers or the developers who build applications that leverage OSS. However, new FDA rules may have a greater impact on…
-
"95% Fear Inadequate Cloud Security Detection and Response"Permiso has published its "2023 Cloud Detection and Response Survey," which surveyed over 500 security, Information Technology (IT), and engineering professionals to gain further insight into how their organizations address security challenges in cloud…