Cyber Security Hacker in Snowflake Extortions May Be a U.S. Soldier Nov 26, 2024 krebsonsecurity.com Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data…
Technology New NachoVPN attack uses rogue VPN servers to install malicious updates Nov 26, 2024 bleepingcomputer.com A set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall…
Cyber Security ‘RomCom’ APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor Nov 26, 2024 darkreading.com The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a…
Cyber Security Salt Typhoon Builds Out Malware Arsenal With GhostSpider Nov 26, 2024 darkreading.com The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end…
Cyber Security Securing AI Models – Risk and Best Practices Nov 26, 2024 cyberdefensemagazine.com Generative AI (Artificial Intelligence) has turned out to be a game changer after the introduction of ChatGPT, DALL-E, Bard, Gemini,…
Cyber Security Faux ChatGPT, Claude API Packages Deliver JarkaStealer Nov 22, 2024 darkreading.com Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be…
Cyber Security Going Beyond Secure by Demand Nov 22, 2024 darkreading.com Secure by Demand offers a starting point for third-party risk management teams, but they need to take the essential step…
Cyber Security Cross-Site Scripting Is 2024’s Most Dangerous Software Weakness Nov 21, 2024 darkreading.com MITRE and CISA's 2024 list of the 25 most dangerous software weaknesses exposes the need for organizations to continue to…
Cyber Security Feds Charge Five Men in ‘Scattered Spider’ Roundup Nov 21, 2024 krebsonsecurity.com Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking…
Technology Microsoft disrupts ONNX phishing-as-a-service infrastructure Nov 21, 2024 bleepingcomputer.com Microsoft has seized 240 domains used by customers of ONNX, a phishing-as-a-service (PhaaS) platform, to target companies and individuals across…
Hacker in Snowflake Extortions May Be a U.S. Soldier
Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data…
New NachoVPN attack uses rogue VPN servers to install malicious updates
A set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall…
‘RomCom’ APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor
The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a…
Salt Typhoon Builds Out Malware Arsenal With GhostSpider
The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end…
Securing AI Models – Risk and Best Practices
Generative AI (Artificial Intelligence) has turned out to be a game changer after the introduction of ChatGPT, DALL-E, Bard, Gemini,…
Faux ChatGPT, Claude API Packages Deliver JarkaStealer
Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be…
Going Beyond Secure by Demand
Secure by Demand offers a starting point for third-party risk management teams, but they need to take the essential step…
Cross-Site Scripting Is 2024’s Most Dangerous Software Weakness
MITRE and CISA's 2024 list of the 25 most dangerous software weaknesses exposes the need for organizations to continue to…
Feds Charge Five Men in ‘Scattered Spider’ Roundup
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking…
Microsoft disrupts ONNX phishing-as-a-service infrastructure
Microsoft has seized 240 domains used by customers of ONNX, a phishing-as-a-service (PhaaS) platform, to target companies and individuals across…