Trend Micro reports that the botnet of hijacked Ubiquiti routers used by the Russia-linked APT28 group for global espionage operations includes devices other than Ubiquiti Edge OS routers.
The University of Twente, together with the Jheronimus Academy of Data Science (JADS), is leading a project aimed at strengthening supply chains against cyberattacks. The project titled "Digital Resilience in Supply Chains" (DReSC) uses data-driven methods to identify vulnerabilities, develop solutions, and better understand how to cultivate a culture of security in supply chains. With careful risk assessment and real-life experiments, DReSC will delve into how suggested interventions can reduce cyber risks.
"2023 was a breakthrough year for AI, and enterprises around the world now find themselves on the crest of a new wave of disruption. Organizations are ramping up investments in AI, particularly in generative AI, to increase automation, improve content creation, and enhance customer and employee experiences. But AI is a double-edged sword, benefiting businesses and cybercriminals alike. As AI-powered attacks become a part of everyday life, businesses, governments, and individuals must turn to emerging technologies, such as AI and ML, to generate their own automated responses.
The latest annual report by the Office of the Director of National Intelligence (ODNI) emphasizes that China is the biggest cyber threat to the US government, private sector, and critical infrastructure networks. The US Cybersecurity and Infrastructure Security Agency (CISA) and US government partners have noticed a worrying trend of the People's Republic of China (PRC) nation-state cyber actors targeting US critical infrastructure for disruption. Many critical infrastructure owners and operators are small businesses or rely on small business service providers and vendors.
Classic and novel stealth techniques helped "DuneQuixote" remain hidden for at least a year. The threat actor behind the campaign spied on a Middle Eastern government organization. Before researchers reached the attack, at least 30 infections had been recorded against other organizations, mostly around the Middle East. Experts say cyberattackers have improved their stealth across the board. The DuneQuixote campaign has two malware droppers and two payloads. One of the droppers mimics the Total Commander, combining legitimate and malicious components.
"NolaCon is an Information Security/Hacker conference for professionals and enthusiasts alike located in New Orleans, offering interesting and inventive talks and workshops. The talks will cover a variety of topics focused on today’s infosec needs including: malware, exploits, vulnerabilities, social engineering, forensics and usually at least one new 0-Day."
"ACM UMAP – User Modeling, Adaptation and Personalization – is the premier international conference for researchers and practitioners working on systems that adapt to individual users, to groups of users, and that collect, represent, and model user information."
Topics of interest include, but are not limited to security and privacy.
Google recently rolled back a release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows. According to Mozilla, the issue was related to reCaptcha's dark mode detection routine for Firefox in Windows. Mozilla noted that the script attempted to modify a div's background color using "document.body.removeChild", but as the script was loaded in the HTML head, the DOM had not loaded yet and "document.body" was not available, causing the script error.
According to the 2023 Norton Cyber Safety Insights Report, more than one in every four adults worldwide has been the victim of an online dating or romance scam. The US Federal Trade Commission (FTC) reported that romance scam victims increased from 11,000 in 2016 to 70,000 in 2022, leading to a total loss of about $1.3 billion. In 2023, romance scam victims lost $652.5 million, and investment scam victims lost $4.57 billion, according to the Federal Bureau of Investigation's (FBI) Internet Crime Complaint Center (IC3) report.
Google announced that over 400 million Google accounts have authenticated users over the past two years through passkeys. Passkeys involve a cryptographic key pair, with a private key stored on the device and a public key shared with the app or website. Since this key pair combination is unique, the user's passkey will only work on the website or app for which it was created. Therefore, the user cannot be tricked into signing in to a malicious look-alike website.