"Over $80m in Crypto Stolen in Cyberattack on Orbit Chain"

"Over $80m in Crypto Stolen in Cyberattack on Orbit Chain"

Over $80m worth of cryptocurrency was recently stolen following a cyberattack on the cross-chain bridge project Orbit Chain.  The blockchain revealed the incident on January 1, 2024, informing users that an “unidentified access” to Orbit Bridge was confirmed on December 31, 2023.  The attackers stole 26,741.6 of Ether (ETH), which were transferred to five wallet addresses, and around 15,498,358 of DAI (a stablecoin on the Ethereum blockchain) transferred to three addresses.  This is worth a total of around $84.5 million at current prices.

Submitted by Adam Ekwall on

"New Black Basta Decryptor Exploits Ransomware Flaw to Recover Files"

"New Black Basta Decryptor Exploits Ransomware Flaw to Recover Files"

Researchers have developed a decryptor that uses a flaw in the Black Basta ransomware and allows victims to recover their files for free. However, Bleeping Computer has discovered that the Black Basta developers fixed the bug in their encryption routine, thus preventing the decryptor technique from being used in newer attacks. Security Research Labs (SRLabs) developed the 'Black Basta Buster' decryptor after finding a flaw in the encryption algorithm applied for the gang's encryptors that enables the discovery of the ChaCha keystream used to XOR encrypt a file.

Submitted by Gregory Rigby on

"UAE Banks on AI to Boost Cybersecurity"

"UAE Banks on AI to Boost Cybersecurity"

With about 50,000 cyberattacks reportedly thwarted every day, the United Arab Emirates (UAE) has spent the last year fortifying its digital borders and developing key partnerships in order to get ahead of attackers. Artificial Intelligence (AI) has been a major topic in the Middle East this year, with generative AI promising significant benefits. However, AI adoption poses risks as cybercriminals increasingly use AI tools for spoofing, creating phishing emails, and more. This article continues to discuss the UAE's vulnerability to cyber risks and efforts to boost cybersecurity.

Submitted by Gregory Rigby on

"Ohio Bank Gives Notice of Security Incident"

"Ohio Bank Gives Notice of Security Incident"

An Ohio banking company recently announced that it was impacted by a “security incident” in April. Middlefield Bank experienced a data security incident that impacted certain computer systems and caused a temporary disruption to certain corporate operations around April 12, 2023. The company said it promptly launched an investigation and only recently concluded its review around November 21, at which time it was able to determine the individuals included in the potentially impacted data set.

Submitted by Adam Ekwall on

"Australian Court Service Hacked, Hearing Recordings at Risk"

"Australian Court Service Hacked, Hearing Recordings at Risk"

According to the Court Services Victoria (CSV), court cases and tribunals in Australia have recently been impacted by a cybersecurity incident, with attackers potentially accessing recordings of hearings.  The CSV revealed the incident in a statement on January 2, 2024.  This public notice came some 12 days after the CSV was first alerted to the cyber incident on December 21, 2023.  The CSV said it took time to establish which recordings and transcripts were affected.

Submitted by Adam Ekwall on

"Research Symposium Highlights Innovations in Cybersecurity and AI"

"Research Symposium Highlights Innovations in Cybersecurity and AI"

The Knight Foundation School of Computing and Information Sciences (KFSCIS) Research Symposium featured innovations in cybersecurity, Artificial Intelligence (AI), data science, federated learning, and more. Maryna Veksler, Harun Oz, and Mahshad Shariatnasab are three KFSCIS Ph.D. students who received top honors at the symposium for their work in cybersecurity and AI. Oz presented research on a newly discovered attack vector that may increase the risk of ransomware attacks.

Submitted by Gregory Rigby on

"NCCoE 5G Cybersecurity: Connecting the Dots Between IT and Teleco Cybersecurity Capabilities in 5G Systems"

"NCCoE 5G Cybersecurity: Connecting the Dots Between IT and Teleco Cybersecurity Capabilities in 5G Systems"

The National Cybersecurity Center of Excellence (NCCoE) 5G Cybersecurity project aims to deliver cybersecurity guidance that will help consumers and operators of 5G networks adopt, deploy, and use 5G technology in a more secure and privacy-enhancing way. The NCCoE 5G Cybersecurity project involves building a 5G network using commercial-grade telecommunication components found in 5G networks worldwide.

Submitted by Gregory Rigby on

"Large Language Models Validate Misinformation, Research Finds"

"Large Language Models Validate Misinformation, Research Finds"

A new study conducted by researchers at the University of Waterloo reveals that Large Language Models (LLMs) repeat conspiracy theories, harmful stereotypes, and other types of misinformation. The researchers tested an early version of ChatGPT's understanding of facts, conspiracies, controversies, misconceptions, and more. This study is part of the researchers' efforts to explore human-technology interactions and determine how to mitigate risks. They found that GPT-3 often made errors, contradicted itself, and repeated harmful misinformation.

Submitted by Gregory Rigby on

"Vanderbilt Team Leads $6.89 Million DARPA Grant to Train Cyber Agents Against Attacks"

"Vanderbilt Team Leads $6.89 Million DARPA Grant to Train Cyber Agents Against Attacks"

Daniel Balasubramanian, a senior research scientist at Vanderbilt's Institute for Software Integrated Systems, will lead a four-year Defense Advanced Research Projects Agency (DARPA) grant to create realistic network environments for training cyber agents to combat advanced and persistent cyber threats. According to Cybersecurity Ventures, the cost of cybercrime globally could reach $9.5 trillion in 2024, with a single data breach potentially costing millions of dollars.

Submitted by Gregory Rigby on

"Google Accounts May Be Vulnerable to New Hack, Changing Password Won't Help"

"Google Accounts May Be Vulnerable to New Hack, Changing Password Won't Help"

According to CloudSEK researchers, a threat actor known as PRISMA boasted a powerful zero-day exploit and developed a sophisticated solution for generating persistent Google cookies by manipulating a token. This exploit allows for continued access to Google services, even after a user's password has been reset. Open Authorization 2.0 (OAuth 2.0) is a protocol for securing and authorizing access to resources on the Internet.

Submitted by Gregory Rigby on
Subscribe to