Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
The US Justice Department has charged a former Google software engineer with stealing artificial intelligence-related trade secrets from the company, with an eye to using it at two AI-related firms he was associated with in China.
If convicted, Linwei Ding, aka Leon Ding, faces up to 10 years in prison and a fine of $250,000 on each of the four counts of trade secrets theft on which he has been indicted.…
Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication.
America’s Cyber Defense Agency CISA confirmed last month that attackers are actively exploiting the flaw by adding it to its Known Exploited Vulnerabilities (KEV) catalog.…
QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices.
The Taiwanese Network Attached Storage (NAS) device maker disclosed three vulnerabilities that can lead to an authentication bypass, command injection, and SQL injection.
While the last two require the attackers to be authenticated on the target system, which significantly lessens the risk, the first (CVE-2024-21899) can be executed remotely without authentication and is marked as “low complexity.”…
Microsoft says the Russian ‘Midnight Blizzard’ hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January cyberattack.
In January, Microsoft disclosed that Midnight Blizzard (aka NOBELIUM) had breached corporate email servers after conducting a password spray attack that allowed access to a legacy non-production test tenant account.…
HP announced on Thursday that several of its business PCs now benefit from protection against quantum computer attacks thanks to a new security chip.
The tech giant said the 5th generation of its Endpoint Security Controller (ESC) chip, which is built into some of its computers, can protect the integrity of the device’s firmware using quantum-resistant cryptography. …
Mar 08, 2024The Hacker NewsSecrets Management / Access Control
In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We’re all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable.…
The National Cyber Security Centre (NCSC) published a data analysis report on the data breach resulting from the ransomware attack on the IT services provider Xplain. The attack took place on May 23, 2023 and the Play ransomware gang claimed responsibility for the data breach.
In early June, Swiss police launched an investigation into the cyberattack that targeted the Bernese IT company Xplain.…
PRESS RELEASE
SINGAPORE – 29th February 2024 — In the modern age, large companies are wrestling to leverage their customers’ data to provide ever-better AI-enhanced experiences but a key barrier to leveraging this opportunity is mounting public concern around data privacy, as ever-greater data processing poses risks of data leaks by hackers and malicious insiders.Silence…
The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files.
Xplain is a Swiss technology and software solutions provider for various government departments, administrative units, and even the country’s military force.…
The volume of cyberattacks and online throats continually growing is helping to make getting cyber insurance the norm for many organizations. While insurance has typically been something the organization’s board of directors worked on with the CFO, the technical nature of cyber risk means the CISO is increasingly being asked to be part of the conversation.…
Change Healthcare breach
There is evidence that the ransomware group behind the Change Healthcare breach, which has caused chaos for hospitals and pharmacies attempting to handle prescriptions, may have received $22 million from UnitedHealth Group.
Researchers studying security issues discovered a post made by an associate member claiming to be a member of the ALPHV/Blackcat ransomware group in a Russian forum used by cybercriminals.…
The U.S. Department of Justice (DoJ) has announced the unsealing of an indictment against Linwei (Leon) Ding, 38, a former software engineer at Google, suspected of stealing Google AI trade secrets for Chinese companies.
The charges allege that Ding stole proprietary information about Google’s artificial intelligence (AI) technologies and transferred it to two companies based in China, where he secretly worked.…
The FBI’s Internet Crime Complaint Center (IC3) has published its annual report for 2023, which reveals that the number of cybercrime complaints received by the agency increased by nearly 10% compared to the previous year.
Cybercrime victims in the United States filed more than 880,000 complaints with the FBI in 2023, with reported losses totaling over $12.5 billion, which represents a 22% increase from 2022. …
Cisco on Wednesday announced patches for two high-severity vulnerabilities in Secure Client, the enterprise VPN application that also incorporates security and monitoring capabilities.
The first issue, tracked as CVE-2024-20337, impacts the Linux, macOS, and Windows versions of Secure Client and could be exploited remotely, without authentication, in carriage return line feed (CRLF) injection attacks.…
FBI’s Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion.
The number of relevant complaints submitted to the FBI in 2023 reached 880,000, 10% higher than the previous year, with the age group topping the report being people over 60, which shows how vulnerable older adults are to cybercrime.…
Fidelity Investments Life Insurance Company is informing roughly 28,000 individuals that their personal information was compromised in a data breach at third-party services provider Infosys McCamish System (IMS).
The data breach, Fidelity says, was the result of a cyberattack on IMS’ systems, which occurred in October 2023 and led to unauthorized access to data that IMS was holding on behalf of its customers.…