"Investment Scams Grow, 13,000 Domains Detected in January 2024"

"Investment Scams Grow, 13,000 Domains Detected in January 2024"

According to the Federal Trade Commission (FTC), experts have detected and blocked nearly 13,000 fake investment platform domains across more than 7000 IPs in January 2024, a 25% increase from December 2023.  The FTC noted that the investment scams accounted for over $4.6b in fraud losses in the United States alone in 2023, marking a troubling 21% increase from the previous year.

Submitted by Adam Ekwall on

"DARPA Picks 7 Small Businesses for AI Cyber Challenge"

"DARPA Picks 7 Small Businesses for AI Cyber Challenge"

As part of its Artificial Intelligence (AI) Cyber Challenge, the Defense Advanced Research Projects Agency (DARPA) has awarded seven companies $1 million each to develop a cyber reasoning system. To "redefine" AI security, the US research agency is supporting seven small businesses in automatically detecting and fixing software vulnerabilities at scale.

Submitted by Gregory Rigby on

"Canada Jails LockBit Affiliate for Four Years"

"Canada Jails LockBit Affiliate for Four Years"

Mikhail Vasiliev, a Russian-Canadian national and LockBit ransomware affiliate, has been sentenced to years in prison after pleading guilty to cyber extortion. Vasiliev was first arrested in late 2022, with authorities suspecting him of being involved in the launch of attacks on critical infrastructure organizations and large industrial groups. Europol reported at the time of Vasiliev's arrest that he was involved in cyberattacks with enormous ransom demands.

Submitted by Gregory Rigby on

"Stanford University Data Breach Impacts 27,000 Individuals"

"Stanford University Data Breach Impacts 27,000 Individuals"

Stanford University recently notified 27,000 individuals that their personal information was stolen in a ransomware attack on its Department of Public Safety (DPS). The university says that the incident was discovered on September 27, 2023, but the attackers had access to the Stanford DPS network beginning May 12. The university noted that the hackers were evicted from the environment, and the network was secured shortly after the attack was discovered.

Submitted by Adam Ekwall on

"Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data"

"Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data"

Salt Labs researchers discovered three security vulnerabilities in ChatGPT extension functions that could enable unauthorized, zero-click access to users' accounts and services. ChatGPT plug-ins and custom versions of the Artificial Intelligence (AI) system published by developers expand the AI model's capabilities. They enable interactions with external services by granting OpenAI's popular generative AI chatbot access and permission to perform tasks on different third-party websites, including GitHub and Google Drive.

Submitted by Gregory Rigby on

"Over 12 Million Auth Secrets and Keys Leaked on GitHub in 2023"

"Over 12 Million Auth Secrets and Keys Leaked on GitHub in 2023"

According to cybersecurity researchers at GitGuardian, GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in more than 3 million public repositories in 2023, with most still valid after five days. GitGuardian sent out 1.8 million complimentary email alerts to those who exposed secrets, with only 1.8 percent of those contacted taking prompt action to address the issue.

Submitted by Gregory Rigby on

"US Seizes $1.4 Million in Cryptocurrency From Tech Scammers"

"US Seizes $1.4 Million in Cryptocurrency From Tech Scammers"

US law enforcement recently seized $1.4 million worth of Tether (USDT) tokens believed to have been fraudulently obtained through tech support scams.  As part of the alleged scheme, which mainly targeted the elderly across the US, victims were targeted with popups on their computers, claiming that the system had been compromised.  The FBI noted that the victims were directed to contact Microsoft or Apple, depending on the operating system on their machine, by calling a certain phone number that connected them with the perpetrators, who posed as tech support employees.

Submitted by Adam Ekwall on

"ICS Researchers Awarded Best Technical Poster at NDSS"

"ICS Researchers Awarded Best Technical Poster at NDSS"

According to Alfred Chen, an assistant professor at UC Irvine's Donald Bren School of Information and Computer Sciences (ICS), the cyber-physical nature of Indoor Delivery Robot (IDR) systems can result in significant security and safety damages if they are attacked. Computer science Ph.D. student Fayzah Alshammari is researching IDR vulnerabilities to prevent such attacks. Chen says Fayzah's work aims to conduct the first security analysis of IDR systems in real-world commercial environments.

Submitted by Gregory Rigby on

"Phishing Campaign Leverages AWS and GitHub to Launch RATs"

"Phishing Campaign Leverages AWS and GitHub to Launch RATs"

In a new phishing campaign, malicious actors store malware on public cloud services such as Amazon Web Services (AWS) and GitHub. Then they use email to launch an attack and gain control of newly infected systems. According to FortiGuard Labs, the phishing email tricks victims into running a malicious, high-severity Java downloader to spread a new VCURMS Remote Access Trojan (RAT) and a STRRAT RAT. This article continues to discuss findings regarding the phishing campaign involving the use of AWS and GitHub to launch RATs.

Submitted by Gregory Rigby on

"Image-Based Phishing Tactics Evolve"

"Image-Based Phishing Tactics Evolve"

According to IRONSCALES and Osterman Research, 70 percent of organizations believe their current security stacks are effective against image-based and QR code phishing attacks. However, 76 percent were still compromised in the last 12 months. Organizations are aware of the growing threat posed by image-based and QR code phishing attacks, with 90 percent of respondents revealing that such attacks target their organizations. Despite this high level of awareness, 94 percent of these organizations have seen these new attacks evade their email security stack.

Submitted by Gregory Rigby on
Subscribe to