A cyberespionage group possibly linked to China has recently targeted government-related organizations and technology companies in various parts of the world.  Security researchers at Trend Micro, which tracks it as Earth Estries, say the group has…

Britain's National Cyber Security Centre (NCSC) has issued a warning about a fundamental security vulnerability impacting Large Language Models (LLMs), the type of Artificial Intelligence (AI) used by ChatGPT to perform human-like conversations. Since…

Researchers have found malicious Android apps for Signal and Telegram being distributed through the Google Play Store and Samsung Galaxy Store. They are designed to deliver the BadBazaar spyware on infected devices. ESET researchers attributed the…

A new version of the DreamBus botnet malware infects devices by exploiting a critical Remote Code Execution (RCE) flaw in RocketMQ servers. The exploited vulnerability, tracked as CVE-2023-33246, is a permission verification flaw that affects RocketMQ…

According to Claroty, healthcare organizations face multiple cybersecurity challenges, calling for them to increasingly prioritize cybersecurity and compliance. In addition to focusing on Information Technology (IT) systems, threat actors have shifted…

Cybercriminals are now targeting Airbnb for fraud on the dark web. Thousands of Airbnb accounts have become available in underground cybercrime markets for purchase in recent months, sometimes for as little as one dollar. According to an investigation…

Twelve nations have issued a joint statement cautioning against using data scraping technologies to collect personal information from social media platforms and other online sites, which are required by local laws to protect their users' data. They note…

Mozilla and Google recently announced the release of stable updates for Firefox and Chrome to address several high-severity vulnerabilities, including memory corruption issues.  Mozilla released Firefox 117 with patches for 13 vulnerabilities,…

GitHub recently announced the general availability of Enterprise Server 3.10 with new security capabilities, including support for custom deployment rules.  GitHub noted that with the new release, GitHub Projects is now generally available in…

According to researchers at Mandiant, the hackers responsible for a recent campaign targeting Barracuda Email Security Gateway (ESG) devices have conducted follow-up attacks against compromised organizations considered "high priority targets" by the…

According to a new study by Abnormal Security, which analyzed brand impersonation and credential phishing trends in the first half of 2023, Microsoft was the most commonly abused brand for phishing exploits. Microsoft's name was used in approximately 650…

SoS Musings #76 - Side-Channel Attacks Continue Emerging