All the latest blog posts from the most relevant cyber security companies in the business.

In summary, Trend Micro has found only one criminal LLM: WormGPT. Instead, there is a growing incidence, and therefore potential use, of jailbreaking services: EscapeGPT, BlackHatGPT, and LoopGPT. (The RSA presentation is supported by a separate Trend Micro blog.) There is also an increasing number of ‘services’ whose purpose is unclear. These provide no demo…

The case is yet another reason why everyone — not just politicians and celebrities — should be concerned about this increasingly powerful deep-fake technology, experts say. “Everybody is vulnerable to attack, and anyone can do the attacking,” said Hany Farid, a professor at the University of California, Berkeley, who focuses on digital forensics and misinformation….

The company disclosed the incident in a regulatory filing on March 10, when it admitted that the attack caused some disruption and involved unauthorized access to some of its IT systems. However, MarineMax said at the time that the breached environment did not store any sensitive data. Roughly 10 days later, the Rhysida ransomware group…

The first of the high-severity bugs, CVE-2024-20321, exists because External Border Gateway Protocol (eBGP) traffic “is mapped to a shared hardware rate-limiter queue”, allowing an unauthenticated, remote attacker to send large amounts of traffic and cause a denial-of-service (DoS) condition. According to Cisco, under certain conditions, the security defect impacts Nexus 3600 series switches and…

Biden’s Executive Order covers personal and sensitive information such as biometric, financial, genomic, geolocation, and personal health data, as well as specific types of personally identifiable information. “Bad actors can use this data to track Americans (including military service members), pry into their personal lives, and pass that data on to other data brokers and…

Yoon’s office said the cyberattack only affected the personal account of the unidentified employee, who violated security protocols by partially using commercial email services to handle official duties. Officials did not specify what type of information was stolen from the staff member’s personal emails but stressed that the office’s overall security system was not affected….

“[We] have confirmed that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations in the continental and non-continental United States and its territories, including Guam,” CISA said in an advisory, warning that the hacking team’s choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering…