-
Chinese Threat Actors Deploy New TTPs to Exploit Ivanti Vulnerabilities
Mandiant research details how Chinese espionage groups are deploying new tools post-exploitation of recently patched Ivanti vulnerabilities Read More
-
Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft
Wiz researchers found architecture flaws in generative AI models available on the AI hub Hugging Face Read More
-
Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed
It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations. The FCC has also asked carriers to detail any…
-
China Using AI-Generated Content to Sow Division in US, Microsoft Finds
A Microsoft report found that China-affiliated actors are publishing AI-generated content on social media to amplify controversial domestic issues in the US Read More
-
How to Avoid Solar Eclipse Scams
Scammers are turning a buck on the eclipse. A rash of eclipse scams have appeared online, many involving the sale of unsafe viewers and solar eclipse glasses. With the eclipse making its way from Texas, through the Midwest, and up through the Northeast on April 8th, people increasingly want to get their hands on equipment…
-
LockBit Scrambles After Takedown, Repopulates Leak Site with Old Breaches
A Trend Micro report shows a clear drop in the number of actual infections associated with the LockBit ransomware following Operation Cronos Read More
-
Jackson County IT Systems Hit By Ransomware Attack
A state of emergency was declared, caused by operational inconsistencies across digital infrastructure Read More
-
New JSOutProx Malware Targets Financial Firms in APAC, MENA
First found in 2019, JSOutProx combines JavaScript and .NET functionalities to infiltrate systems Read More
-
Google patches Pixel phone zero-days after exploitation by “forensic companies”
Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security. Read more in my article on the Tripwire State of Security blog. Read More
-
Fake Lawsuit Threat Exposes Privnote Phishing Sites
A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses…