COMMENTARY

It seems obvious: CEOs and their chief information security officers (CISOs) should be natural partners. With the persistent rise in cyber threats, most CEOs recognize the importance of having a strong security leader to protect the company’s data, not to mention its reputation.

And yet, according to a PwC report, only 30% of CISOs feel they receive sufficient support from their CEO.…

Read More

Authorities in Germany last week announced the takedown of the cybercrime marketplace ‘Crimemarket’ and the arrest of six people believed to be linked with its operations.

Crimemarket, authorities say, was the “biggest illegal, German-speaking online trading platform”, enabling miscreants to trade narcotics, weapons, cybercrime tools, and illegal services (including money laundering, cybercrime, and guides for criminal activities).…

Read More
GitHub, a cornerstone for programmers worldwide, faces a severe threat as an unknown attacker deploys an automated assault, cloning and creating malicious code repositories. The attack, involving sophisticated obfuscation and social engineering, poses a significant challenge to GitHub’s security infrastructure.  An assailant employs an automated process to fork and clone existing repositories, concealing malicious code under seven layers of obfuscation.…
Read More

3/4/24: Article updated with further clarification from American Express that it was a merchant processor who was hacked, not one of their service providers.

American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked.

This incident was not caused by a data breach at American Express, but rather at a merchant processor in which American Express Card member data was processed. …

Read More

In the realm of cybersecurity, understanding the various data types within an infrastructure is essential for effective defense and management. These data types serve as the foundation for identifying, analyzing, and responding to potential threats. Let’s delve into the four critical data types: traffic data, state data, event data, statistical data, and organizational data, to understand their significance and application in security.…

Read More

Pharmacies and hospitals nationwide are experiencing disruptions as a result of ransomware attacks, which leaves patients with difficulties filling prescriptions or obtaining medical care. UnitedHealth Group, a healthcare provider in the United States, announced on Thursday that it had been hacked by a ransomware gang known as Black Cat, otherwise known as AlphV. …
Read More

Federal Communications Commission (FCC) employees and cryptocurrency platforms have been targeted in mobile device phishing attacks employing a novel and advanced kit, cybersecurity firm Lookout warns.

Using the new kit, attackers create carbon copies of single sign-on (SSO) pages that trick victims into sharing their login credentials using a combination of email, SMS and vishing (voice phishing).…

Read More

A team of researchers has developed malware designed to target modern programmable logic controllers (PLCs) in an effort to demonstrate that remote Stuxnet-style attacks can be launched against such industrial control systems (ICS).

The researchers are from the Georgia Institute of Technology and they have published a paper detailing this ICS security project.…

Read More

Mar 04, 2024The Hacker NewsSaaS Security / Vulnerability Assessment

A company’s lifecycle stage, size, and state have a significant impact on its security needs, policies, and priorities. This is particularly true for modern mid-market companies that are either experiencing or have experienced rapid growth. As requirements and tasks continue to accumulate and malicious actors remain active around the clock, budgets are often stagnant at best.…

Read More

Mar 04, 2024NewsroomAI Security / Vulnerability

As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform.

These include instances where loading a pickle file leads to code execution, software supply chain security firm JFrog said.

“The model’s payload grants the attacker a shell on the compromised machine, enabling them to gain full control over victims’ machines through what is commonly referred to as a ‘backdoor,'” senior security researcher David Cohen said.…

Read More

U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware.

“Structured as a ransomware as a service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and county governments, emergency services, education, public healthcare, and critical infrastructure to successfully ransom several million in U.S.…

Read More

 

The digital sphere has witnessed a surge in AI-fueled tax fraud, presenting a grave threat to individuals and organisations alike. Over the past year and a half, the capabilities of artificial intelligence tools have advanced rapidly, outpacing government efforts to curb their malicious applications.

LexisNexis’ Government group CEO, Haywood Talcove, recently exposed a new wave of AI tax fraud, where personally identifiable information (PII) like birthdates and social security numbers are exploited to file deceitful tax returns.…

Read More