Tag: News Links
-
Third-Party ChatGPT Plugins could lead to Account Takeovers
Cybersecurity researchers discovered vulnerabilities in third-party plugins for OpenAI ChatGPT, posing a threat of unauthorized access to sensitive data. The flaws enable attackers to install malicious plugins and hijack accounts. OpenAI has taken action by discontinuing new plugin installations. New tactics may lead to AI being exploited by malicious actors for data theft, putting unaware…
-
Nigerian National Pleads Guilty of Conspiracy in BEC Operation
Henry Onyedikachi Echefu, a Nigerian national, pleaded guilty to conspiracy in a US court for his involvement in an elaborate business email compromise (BEC) scheme. Alongside co-conspirators, he gained unauthorized access to email accounts, tricking victims into wiring funds to drop accounts. Echefu faces a maximum 20-year sentence and must pay back $22,000.
-
Russian Hackers Stole Microsoft Code – and the Attack isn’t Over!
Microsoft recently disclosed that Russian hackers known as Nobelium have continued their attack on the company, accessing source code and internal systems. The group, responsible for the SolarWinds attack, has been leveraging exfiltrated email information to breach further into Microsoft’s systems. Despite the ongoing attack, there is no evidence of customer-facing systems being breached.
-
Hacked WordPress Sites Abusing Visitors’ Browsers for Distributed Brute-Force Attacks
Threat actors are conducting distributed brute-force attacks on WordPress sites by injecting malicious JavaScript, compromising innocent visitors’ browsers. This new tactic follows a wave of attacks using crypto drainers. The switch may be driven by profit motives, as compromised sites can be monetized. Security experts urge ongoing vigilance against evolving cyber threats.
-
Russia-Sponsored Cyberattackers Infiltrate Microsoft’s Code Base
Midnight Blizzard APT, a Russian state-sponsored advanced persistent threat group, has stolen Microsoft source code and is conducting a sustained cyber campaign. The group, also known as APT29, Cozy Bear, Nobelium, and UNC2452, is using stolen information to probe the company’s environment and may be preparing for future attacks. Microsoft noted a tenfold increase in…
-
Florida Middle Schoolers Arrested for Allegedly Creating Deepfake Nudes of Classmates
The repercussions of AI in the wrong or curious hands could escalate significantly!
-
VMware urges emergency action to blunt hypervisor flaws
Chinese researchers discovered critical vulnerabilities in VMware’s hypervisors, allowing malicious actors with local admin privileges to execute code outside the guest VM. The flaws pose a serious security risk, with workarounds impacting operational functionality. VMware has advised removal of virtual USB controllers and highlighted the severity of the vulnerabilities, thanking the researchers involved.
-
Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks
Several hacker groups have intensified cyberattacks amid the Israel-Hamas conflict, leading to disruptions and claims of compromise. Both state-sponsored actors and hacktivist groups have targeted infrastructure and organizations on both sides, using tactics such as DDoS attacks. Microsoft reported a Gaza-based threat group targeting Israeli organizations in defense, energy, and telecommunications sectors.
-
IP address X-posure now a feature on Musk’s social media platform
The audio and video calling features on X, originally for Premium users, have been expanded to all. However, concerns arise as the default setting exposes user IP addresses, making tracking and trolling easier. Encryption is unclear, and there’s no response on security measures from X. To protect privacy, it’s advised to disable these features.
-
What Cybersecurity Chiefs Need From Their CEOs
ALPHV/BlackCat received over $22 million in Bitcoin as a ransomware payment after attacking Change Healthcare. The healthcare IT provider’s systems were disrupted, impacting thousands of pharmacies. The gang may have stolen the funds from their affiliate. The affiliates claim to still possess 4TB of sensitive data and have issued a warning about dealing with ALPHV.
You must be logged in to post a comment.