thehackernews.com
Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month that an email was sent to an unspecified governmental organization located in one of the Commonwealth of
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens. [...]
www.darkreading.com
US officials disrupted the group's DDoS operation and arrested two individuals behind it, who turned out to be far less intimidating than they were made out to be in the media.
www.techmeme.com
Steven Levy / Wired: How Cloudflare CTO John Graham-Cumming cracked an encrypted ZIP file containing the code for a system that helped ANC members communicate safely under apartheid — John Graham-Cumming, who happens to be Cloudflare's CTO, cracked a 30-year-old encrypted file that had a role in rewriting South Africa's history.
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. [...]
www.wired.com
Moldova is facing a tide of disinformation unprecedented in complexity and aggression, the head of a new center meant to combat it tells WIRED. And platforms like Facebook, TikTok, Telegram and YouTube could do more.
A new Spectre bypass exploit has exposed vulnerabilities in recent Intel processors and older AMD microarchitectures running Linux, with severe ramifications for ongoing efforts to combat speculative execution attacks.
www.theverge.com
Image: Hugo Herrera / The Verge Book publisher Penguin Random House is putting its stance on AI training in print. The standard copyright page on both new and reprinted books will now say, “No part of this book may be used or reproduced in any manner for the purpose of training artificial intelligence technologies or systems,” according to a report from The Bookseller spotted by Gizmodo. The clause also notes that Penguin Random House “expressly reserves this work from the text and data mining exception” in line with the European Union’s laws. The Bookseller says that Penguin Random House appears to be the first major publisher to account for AI on its copyright page. What gets printed on that page might be a warning shot, but it also has little to do with actual... Continue reading…
Cisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it continues to state that there is no evidence that its systems were breached. [...]
Four business addresses were raided, officers seize server used to host illegal streaming service
gizmodo.com
Hackers reveal the old Redbox kiosks can be easily hacked for users' names and some financial info. The data may go back close to a decade.
www.darkreading.com
This year, the majority of developers have adopted AI assistants to help with coding and improve code output, but most are also creating more vulnerabilities that take longer to remediate.
www.itpro.com
The EU’s flagship cyber resilience framework NIS2 is finally here, but research indicates businesses are not ready, with compliance officers facing a herculean task
Will Shanklin / Engadget: The FCC issues new rules that will require all mobile phones sold in the US to be compatible with hearing aids, “after a transition period” — With the number of Americans 65 and older expected to balloon by nearly 50 percent by 2050, the rules will ensure those with hearing loss …
Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorized activity. [...]
arstechnica.com
Researcher feeds screen recordings into Gemini to extract accurate information with ease.
go.theregister.com
'My webcam isn't working today' is the new 'The dog ate my network' It's a pattern cropping up more and more frequently: a company fills an IT contractor post, not realizing it's mistakenly hired a North Korean operative. The phony worker almost immediately begins exfiltrating sensitive data, before being fired for poor performance. Then the six-figure ransom demands – accompanied by proof of the stolen files – start appearing.…
www.helpnetsecurity.com
Despite global information security spending projected to reach $215 billion in 2024, 44% of CISOs surveyed reported they were unable to detect a data breach in the last 12 months using existing security tools, according to Gigamon. Blind spots undermine breach detection CISOs identified blind spots as a key issue, with 70% of CISOs stating their existing security tools are not as effective as they could be when it comes to detecting breaches due to … More → The post Despite massive security spending, 44% of CISOs fail to detect breaches appeared first on Help Net Security.
www.darkreading.com
The scammers used real-time deepfakes in online dating video calls to convince the victims of their legitimacy.
gizmodo.com
Eric Counsel Jr. is accused of helping to hack the U.S. Securities and Exchange Commission's X account in order to post false information about Bitcoin.