News
-
Smashing Security podcast #368: Gary Barlow, and a scam turns deadly
Take That’s Gary Barlow chats up a pizza-slinging granny from Essex via Facebook, or does he? And a scam takes a sinister turn – for both the person being scammed and an innocent participant – in Ohio. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans…
-
Redline Stealer: A Novel Approach
A new packed variant of the Redline Stealer trojan was observed in the wild, leveraging Lua bytecode to perform malicious behavior. McAfee telemetry data shows this malware strain is very prevalent, covering North America, South America, Europe, and Asia and reaching Australia. Infection Chain GitHub is being abused to host the malware file at…
-
Linux Cerber Ransomware Variant Exploits Atlassian Servers
The attacks exploit CVE-2023-22518, a critical flaw in Atlassian Confluence Data Center and Server Read More
-
North Korean Group Kimsuky Exploits DMARC and Web Beacons
Proofpoint confirmed Kimsuky has directly contacted foreign policy experts since 2023 through seemingly benign email conversations Read More
-
US Government and OpenSSF Partner on New SBOM Management Tool
OpenSSF, in collaboration with the US Government, has developed Protobom, a open source tool designed to simplify SBOM management for organizations Read More
-
How to Protect Yourself Against AI Voice Cloning Attacks
Imagine receiving a call from a loved one, only to discover it’s not them but a convincing replica created by voice cloning technology. This scenario might sound like something out of a sci-fi movie, but it became a chilling reality for a Brooklyn couple featured in a New Yorker article who thought their loved ones…
-
Using AI-Generated Legislative Amendments as a Delaying Technique
Canadian legislators proposed 19,600 amendments—almost certainly AI-generated—to a bill in an attempt to delay its adoption. I wrote about many different legislative delaying tactics in A Hacker’s Mind, but this is a new one. Read More
-
EU Elections: Pro-Russian Propaganda Exploits Meta’s Failure to Moderate Political Ads
This year’s EU elections will be a stress test to see whether the newly adopted Digital Services Act can efficiently mitigate misinformation threats Read More
-
Introduction to Software Composition Analysis and How to Select an SCA Tool
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Software code is constantly growing and becoming more complex, and there is a worrying trend: an increasing number of open-source components are vulnerable…
-
Ivanti Patches Two Critical Avalanche Flaws in Major Update
Ivanti has fixed two critical vulnerabilities in its Avalanche MDM product which could lead to remote code execution Read More