-
10 notable critical infrastructure cybersecurity initiatives in 2023
PRIVACY PRIVACY The security of critical infrastructure has been high on the agenda in 2023, with cyberattacks and other risks posing a persistent threat to the technologies and systems relied upon for essential services such as energy, food, electricity, and healthcare. Research from cybersecurity services firm Bridewell assessed the current state of critical national infrastructure…
-
Federal cyber incidents reveal challenges of implementing US National Cybersecurity Strategy
PRIVACY PRIVACY Microsoft revealed on May 24 that the Chinese threat group Volt Typhoon attempted to gain access to communications systems in the United States, including Navy infrastructure on Guam. Secretary of the Navy Carlos Del Toro later confirmed the Navy “has been impacted” by the cyberattacks, although he provided no further details. To read…
-
Atomic Wallet Customers Lose Over $35m in Crypto Attacks
PRIVACY PRIVACY Digital wallet provider still investigating cause of incidents Read More
-
Friday Squid Blogging: Squid Chromolithographs
PRIVACY PRIVACY Beautiful illustrations. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Read More
-
Russia points finger at US for iPhone exploit campaign that also hit Kaspersky Lab
PRIVACY PRIVACY The Russian federal security agency, the FSB, has put out a security alert claiming that US intelligence services are behind an attack campaign that exploits vulnerabilities in iOS and compromised thousands of iPhones devices in Russia, including those of foreign diplomats. In a separate report, Russian antivirus vendor Kaspersky Lab said that several…
-
Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
PRIVACY PRIVACY The information includes names, test information and 600,000 Social Security numbers Read More
-
US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
PRIVACY PRIVACY The advisory identifies several actors: Kimsuky, Thallium, APT43, Velvet Chollima and Black Banshee Read More
-
Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
PRIVACY PRIVACY According to ReversingLabs this could be the first supply chain attack capitalizing on PYC files Read More
-
Attackers use Python compiled bytecode to evade detection
PRIVACY PRIVACY Attackers who are targeting open-source package repositories like PyPI (Python Package Index) have devised a new technique for hiding their malicious code from security scanners, manual reviews, and other forms of security analysis. In one incident, researchers have found malware code hidden inside a Python bytecode (PYC) file that can be directly executed…
-
Open-Source LLMs
PRIVACY PRIVACY In February, Meta released its large language model: LLaMA. Unlike OpenAI and its ChatGPT, Meta didn’t just give the world a chat window to play with. Instead, it released the code into the open-source community, and shortly thereafter the model itself was leaked. Researchers and programmers immediately started modifying it, improving it, and…