Month: January 2023

Software Security

Issued by: DataBreach Today

Cybercriminals have lost little time in converting the artificial intelligence capabilities of ChatGPT to malicious purposes by using it to generate malware scripts. Security researchers at Check Point found members of the low-level hacking community Breach Forums posting over the past few weeks the results of interactions with the OpenAI-developed tool. They include a machine-learning…

Malware & Threats

Issued by: Security Affairs

Airline company Air France-KLM announced it has suffered a data breach, data belonging to customers of its loyalty program Flying Blue were exposed. The Flying Blue loyalty program is used by other airlines, including Aircalin, Kenya Airways, TAROM, and Transavia. The company did not provide details about the security breach, it is not clear if…

Software Security

Issued by: Dark Reading

The recent ransomware incident at Rackspace that took down the company’s hosted Microsoft Exchange server environment has focused attention on the often-risky gamble that security teams take when choosing to mitigate a vulnerability — rather than apply a patch for it. Last week, Rackspace disclosed that a Dec. 2 intrusion into the hosting company’s Exchange…

Malware & Threats

Issued by: Dark Reading

A hacking group — suspected to be the Russia-linked Turla Team — reregistered at least three old domains associated with the decade-old Andromeda malware, allowing the group to distribute its own reconnaissance and surveillance tools to Ukrainian targets. Cybersecurity firm Mandiant stated in a Thursday advisory that Turla Team APT, also known by Mandiant’s designation…

Cloud Security

Issued by: Dark Reading

More information has become available on “PurpleUrchin,” a malicious campaign in which a threat group called Automated Libra is using DevOps and continuous integration/continuous deployment (CI/CD) practices to mine cryptocurrency on cloud platforms using free trial accounts. The campaign began in August 2019 and has mainly targeted platforms such as GitHub, Heroku, and ToggleBox. Security…

Application Security

Issued by: Dark Reading

Businesses of all sizes and across all industries routinely rely on internal APIs to unite their line-of-business apps, and on external APIs to share data or services with vendors, customers, or partners. Because a single API may have access to multiple applications or services, compromising the API is an easy way to compromise a broad…

Network Security

Issued by: Dark Reading

Picture it: the company boardroom, two weeks ago: Due to “an uncertain economic outlook,” the expanded security budget and new hires you asked for in 2023 have been denied. As the company “tightens its belt,” you may even lose existing budget and some headcount. You had plans to use those resources to help you shore…

Software Security

Issued by: Dark Reading

An unknown attacker slipped a malicious binary into the PyTorch machine learning project by registering a malicious project with the Python Package Index (PyPI), infecting users’ machines if they downloaded a nightly build between Dec. 25 and Dec. 30. The PyTorch Foundation stated in an advisory on Dec. 31 that the effort was a dependency…