Month: March 2023

Malware & Threats

Issued by: Dark Reading

A proof-of-concept, artificial intelligence (AI)-driven cyberattack that changes its code on the fly can slip past the latest automated security-detection technology, demonstrating the potential for creating undetectable malware. Researchers from HYAS Labs demonstrated the proof-of-concept attack, which they call BlackMamba, which exploits a large language model (LLM) — the technology on which ChatGPT is based…

Malware & Threats

Issued by: Security Week

Russia is continuing its campaign of disinformation around the Ukraine war through advanced social engineering delivered by a threat group tracked as TA499. According to a report from Proofpoint, TA499 targets US and European politicians, and leading businessmen and celebrities who have spoken out against Putin’s invasion. The primary purpose is to persuade the victims…

Application Security

Issued by: Dark Reading

A production API in Toyota’s C360 customer relationship management (CRM) tool loaded with the personal information of an unknown number of the carmaker’s customers in Mexico was found to expose reams of sensitive data. A disclosure from threat hunter Eaton Zveare outlines how it was possible to access Toyota customers’ names, addresses, phone numbers, emails,…

Software Security

Issued by: Dark Reading

Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn’t in place for the service. In a recent…

Mobile Security

Issued by: Dark Reading

A version of the Shein shopping application in the Google Play store with more than 100 million downloads was unnecessarily accessing Android-device clipboard contents, creating a potential security threat, according to Microsoft. The software giant said in a blog post from Microsoft Threat Intelligence that it asked Shein to remove the feature from its Android…

News

Issued by: Dark Reading

On Feb. 28, multiple police forces carried out a coordinated action against two suspected members of the cybercrime gang behind the DoppelPaymer ransomware. These latest raids, revealed on March 6 by Europol, follow a series of other law enforcement campaigns against prominent ransomware groups in recent years. “We’ve seen an increase in the velocity of…

News

Issued by: DataBreach Today

Russian-speaking ransomware gang BlackCat is leaking data stolen from a Pennsylvania-based healthcare group, including photos of breast cancer patients. On Saturday, the ransomware group posted on its dark leak site a message taunting Lehigh Valley Health Network. “We have been in your network a long time and have had time to study your business,” the…

News

Issued by: Security Affairs

Reuters reported that the phone of an opposition-linked Polish mayor was infected with the Pegasus spyware. According to rumors, the Polish special services are using surveillance software to spy on government opponents. The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware…

Vulnerabilities

Issued by: Dark Reading

As electric vehicle (EV) charging infrastructure rushes to keep pace with the dramatic rise in sales of electric vehicles in the United States, cyberattackers and security researchers alike have already started focusing on security weaknesses in the infrastructure. In February, researchers with energy-network cybersecurity firm Saiflow discovered two vulnerabilities in the Open Charge Point Protocol…

Malware & Threats

Issued by: Dark Reading

Indigo Books, the company behind Chapters stores and the largest bookseller in Canada, let the deadline to pay a ransomware demand expire, risking the release of employee data. A LockBit ransomware affiliate group set a Thursday at 3:39 p.m. EST deadline to pay, but Indigo flatly rejected the notion, explaining the extortion money could “end…