"Chrome 121 Patches 17 Vulnerabilities"

"Chrome 121 Patches 17 Vulnerabilities"

Google recently announced the promotion of Chrome 121 to the stable channel with patches for 17 vulnerabilities, including 11 reported by external researchers.  Of the externally reported security defects, three have a severity rating of "high." Google says it handed over $30,000 in bug bounty rewards to the reporting researchers.  Google noted that the first high-severity bug that Chrome 121 addresses is a use-after-free issue in WebAudio. Tracked as CVE-2024-0807, the flaw earned the reporting researcher a $11,000 bug bounty.

Submitted by Adam Ekwall on

"340,000 Jason’s Deli Customers Potentially Impacted by Credential Stuffing Attack"

"340,000 Jason’s Deli Customers Potentially Impacted by Credential Stuffing Attack"

Restaurant chain Jason’s Deli just recently started informing customers that their user accounts and personal information might have been compromised in credential stuffing attacks.  Over the weekend, the company, which owns over 200 fast casual restaurants across the United States, began informing customers that attackers have been observed accessing user accounts using login credentials obtained from other data breaches.

Submitted by Adam Ekwall on

"New Research Combats Burgeoning Threat of Deepfake Audio"

"New Research Combats Burgeoning Threat of Deepfake Audio"

A new study by three UC Berkeley School of Information students and alums aims to make it easier to determine the authenticity of an audio clip as deepfakes and doctored audio have become more common. Deepfakes are a type of media, including images, audio, and videos, manipulated or created using Artificial Intelligence (AI). In addition to spreading false information, deepfakes can decrease the effectiveness of security systems. The team explored various techniques for distinguishing a real voice from a cloned one made to impersonate a specific person.

Submitted by Gregory Rigby on

"Researchers From Around the World to Improve Security of Smart Devices — Remotely"

"Researchers From Around the World to Improve Security of Smart Devices — Remotely"

A National Science Foundation (NSF) grant has been awarded in support of Northeastern University professor David Choffnes and other computer scientists exploring the vulnerabilities of Internet of Things (IoT) devices as part of the "Security and Privacy Heterogeneous Environment for Reproducible Experimentation" (SPHERE) project. Choffnes says the remote IoT lab will be the first of its kind. Anyone can schedule a time to configure the lab's IoT devices to simulate different deployments and interact with them in automated ways to uncover security and privacy flaws.

Submitted by Gregory Rigby on

"BianLian Ransomware Group Shifts Focus to US, European Healthcare and Manufacturing Industries"

"BianLian Ransomware Group Shifts Focus to US, European Healthcare and Manufacturing Industries"

A new report released by Palo Alto Networks' Unit 42 delves into how the BianLian ransomware group operates as it evolves to focus primarily on the healthcare and manufacturing sectors, as well as the US and Europe. BianLian first appeared around 2021 and gained widespread attention in 2022 when it hit companies in the US, UK, and Australia with ransomware attacks. The group now only steals data and threatens to publish it if victims refuse to pay.

Submitted by Gregory Rigby on

"Thirty Percent More Cyberattacks in 2023"

"Thirty Percent More Cyberattacks in 2023"

According to Check Point Research's annual review, organizations faced a significant increase in cyberattacks in 2023. Specifically, one out of every ten companies suffered a cyberattack last year, which was 33 percent higher than in 2022. Ransomware was the most common offender, as during 2023, 10 percent of companies struck by a cyberattack faced an attempted ransomware installation. In 2022, this percentage remained at 7 percent. This article continues to discuss the increase in cyberattacks faced in 2023, ransomware trends, and the sectors affected.

Submitted by Gregory Rigby on

"Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub"

"Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub"

Two malicious packages on the NPM package registry use GitHub to store Base64-encrypted SSH keys stolen from developer systems. One module was downloaded 412 times, and the other was downloaded 1,281 times before being removed by the NPM maintainers. The software supply chain security company ReversingLabs, which made the discovery, noted that there were eight different versions of one module and more than 30 versions of the other. Both modules run a postinstall script after installation, with each capable of retrieving and executing a different JavaScript file.

Submitted by Gregory Rigby on

"Black Basta Gang Claims the Hack of the UK Water Utility Southern Water"

"Black Basta Gang Claims the Hack of the UK Water Utility Southern Water"

The Black Basta ransomware gang says it hacked Southern Water, a major player in the UK's water industry. Southern Water is a private utility company that collects and treats wastewater in Hampshire, the Isle of Wight, West Sussex, East Sussex, and Kent. The company provides public water to roughly half of the area. The Black Basta ransomware group added Southern Water to the list of victims on its Tor data leak website, threatening to release the stolen data on February 29, 2024. The allegedly stolen data includes 750 gigabytes of personal documents and corporate documents.

Submitted by Gregory Rigby on

"Why Cyberattacks Must Not Be Kept Secret"

"Why Cyberattacks Must Not Be Kept Secret"

Laurie Mercer, a security architect at HackerOne, emphasizes that no company is invulnerable to cyberattacks. However, when an attack occurs, many companies continue to stay silent. Over half of security professionals revealed that their organizations maintain a security culture through obscurity, with more than one-third confessing to being secretive about their cybersecurity activities.

Submitted by Gregory Rigby on

"Australia Sanctions Russian Hacker Behind Medibank Breach"

"Australia Sanctions Russian Hacker Behind Medibank Breach"

The Australian government has publicly named Aleksandr Ermakov, 33, a Russian cybercriminal, as responsible for the Medibank data breach, which affected 9.7 million people.  Ekmakov has been issued a cyber sanction under the Australian Autonomous Sanctions Act 2011 for his role in the incident in 2022.  The cyberattack led to the publication of 9.7 million records on the dark web.  This contained the personal information of Australian citizens, including names, dates of birth, Medicare numbers, and other sensitive medical data.

Submitted by Adam Ekwall on
Subscribe to