Microsoft Now Promises Extra Security for AI-Driven Recall
How in the world has Microsoft’s leadership managed to get the debut of its forthcoming Recall feature for Windows so wrong on the security and privacy fronts? Recall for Copilot+ is designed to capture screenshots of everything a user does on their Windows PC for potential replay later. To give Microsoft the benefit of the…
OpenAI Disrupts AI-Deployed Influence Operations
OpenAI said it disrupted five covert influence operations including from China and Russia that attempted to use its artificial intelligence services to manipulate public opinion amid elections. The threat actors used AI models to generate short comments and longer articles in multiple languages, made up names and bios for social media accounts, conducted open-source research,…
Microsoft: ‘Moonstone Sleet’ APT Melds Espionage, Financial Goals
Researchers at Microsoft have identified a North Korean threat group carrying out espionage and financial cyberattacks concurrently, using a grab bag of different attack techniques against aerospace, education, and software organizations and developers. In the beginning, Microsoft explained in a blog post, Moonstone Sleet heavily overlapped with the known DPRK advanced persistent threat (APT) Diamond…
Christie disclosed a data breach after a RansomHub attack
Auction house Christie’s disclosed a data breach after the ransomware group RansomHub threatened to leak stolen data. The security breach occurred earlier this month. The website of the auction house was unreachable after the attack. According to BBC, Christie had problems in selling art and other high-value items worth an estimated $840 million due to…
Cybercriminals are targeting elections in India with influence campaigns
Resecurity has identified a spike of malicious cyber activity targeting the election in India, which is supported by multiple independent hacktivist groups who arrange cyber-attacks and publication of stolen personal identifiable information (PII) belonging to Indian citizens on the Dark Web. India, with a population of over 1.4 billion and a GDP of over 3.417…
Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs
ESET researchers discovered two previously unknown backdoors named LunarWeb and LunarMail that were exploited to breach European ministry of foreign affairs. The two backdoors are designed to carry out a long-term compromise in the target network, data exfiltration, and maintaining control over compromised systems. The two backdoors compromised a European ministry of foreign affairs (MFA)…
Help Safeguard Retailers Against Social Engineering Attacks
Over the last decade, social engineering cyberthreats have surged among retailers just as the sector’s reliance on customer data, financial transactions and e-commerce platforms has intensified. Social engineering, in which malicious actors exploit human vulnerabilities to obtain personal or financial information, can pose serious risks to retailers. As a result, chief information security officers and…
How ‘Radical Transparency’ Can Bolster Cybersecurity
The concept of “responsible radical transparency” plays a critical role in efforts to improve the state of cybersecurity, said Suzanne Spaulding, former undersecretary, Department of Homeland Security, and Jim Richberg, head of global policy and field CISO as security firm Fortinet. “The shelf life of secrets is vanishingly short,” Spaulding said. “There are tremendous costs…
Criminal Use of AI Growing, But Lags Behind Defenders
In summary, Trend Micro has found only one criminal LLM: WormGPT. Instead, there is a growing incidence, and therefore potential use, of jailbreaking services: EscapeGPT, BlackHatGPT, and LoopGPT. (The RSA presentation is supported by a separate Trend Micro blog.) There is also an increasing number of ‘services’ whose purpose is unclear. These provide no demo…
Biden delivers updated take on security for critical infrastructure
Amid serious cyberattacks by Russian and Chinese threat actors, the Biden administration issued a new National Security Memorandum (NSM-22) to update Presidential Policy Director 21 (PPD-21) from the Obama administration to secure and enhance the resilience of US critical infrastructure in “a comprehensive effort to protect US infrastructure against all threats and hazards, current and…
