Tag: tool
-
Microsoft’s AI Recall Tool Is Still Sucking Up Credit Card and Social Security Numbers
by
in SecurityNewsPlus: The US indicts North Koreans in fake IT worker scheme, file-sharing firm Cleo warns customers to patch a vulnerability amid live attacks, and more. First seen on wired.com Jump to article: www.wired.com/story/microsoft-recall-credit-card-social-security-numbers/
-
Time of Reckoning Reviewing My 2024 Cybersecurity Predictions
by
in SecurityNews
Tags: ai, attack, automation, awareness, breach, business, chatgpt, china, compliance, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, disinformation, election, espionage, exploit, healthcare, incident response, infrastructure, jobs, law, linkedin, malware, monitoring, moveIT, phishing, privacy, ransomware, regulation, risk, russia, service, software, supply-chain, technology, threat, tool, ukraine, update, vulnerability, warfare, zero-dayThe brutal reality is that cybersecurity predictions are only as valuable as their accuracy. As 2024 comes to a close, I revisit my forecasts to assess their utility in guiding meaningful decisions. Anyone can make predictions (and far too many do), but actually being correct is another matter altogether. It is commonplace for security companies…
-
Generative AI Security Tools Go Open Source
by
in SecurityNewsBusinesses deploying large language models and other GenAI systems have a growing collection of open source tools for testing AI security. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/generative-ai-breaking-tools-go-open-source
-
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
by
in SecurityNewsA now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials.The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to “mysterious unattributed threat”) by Datadog…
-
2024 Sees Sharp Increase in Microsoft Tool Exploits
by
in SecurityNewsSophos found observed a significant rise in Microsoft LOLbins abused by attackers in H1 2024 compared to 2023 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/increase-microsoft-tool-exploits/
-
PUMA creeps through Linux with a stealthy rootkit attack
by
in SecurityNewsA new loadable kernel module (LKM) rootkit has been spotted in the wild compromising Linux systems with advanced stealth and privilege escalation features.PUMAKIT, as called by the Elastic Security researchers who discovered it during routine threat hunting on VirusTotal, was deployed as part of a multi-stage malware architecture that consists of a dropper, two memory-resident…
-
What is gRPC and How Does it Enhance API Security?
by
in SecurityNewsAs the reliance on APIs grows, so do the challenges of ensuring they are both fast and secure. Enter gRPC”, a high-performance, open-source framework that has revolutionised how systems communicate in real time. More than just a tool for building APIs, gRPC brings an added layer of efficiency and robust security features to the table.…
-
New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection
by
in SecurityNewsCybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection.”PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with First seen on…
-
Experts discovered the first mobile malware families linked to Russia’s Gamaredon
by
in SecurityNewsThe Russia-linked APT Gamaredon used two new Android spyware tools called BoneSpy and PlainGnome against former Soviet states. Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, and ACTINIUM). These are the first known mobile malware families linked to the Russian APT. The cyberespionage group is behind a…
-
Sophos Report: Angreifer missbrauchen zunehmend legitime Windows-Tools
by
in SecurityNewsine zentrale Erkenntnis des Berichts ist die verstärkte Verwendung von vertrauenswürdigen Windows-Anwendungen durch Angreifer. Diese Strategie zielt darauf ab, Sicherheitsmechanismen zu umgehen und länger in kompromittierten Netzwerken unentdeckt zu bleiben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-report-angreifer-missbrauchen-zunehmend-legitime-windows-tools/a39249/
-
FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized
by
in SecurityNewsThe U.S. Department of Justice (DoJ) on Thursday announced the shutdown of an illicit marketplace called Rydox (“rydox.ru” and “rydox[.]cc”) for selling stolen personal information, access devices, and other tools for conducting cybercrime and fraud.In tandem, three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, have been arrested. Ardit…
-
Der Wolf im Schafspelz Cyberkriminelle setzten vermehrt auf vertrauenswürdige Anwendungen für ihre Angriffe
by
in SecurityNewsDie kriminelle Verwendung von Anwendungen und Tools auf Windows-Systemen, gemeinhin als »Living Off the Land«-Binärdateien bezeichnet, steigt um 51 %. Lockbit ist trotz staatlicher Intervention die Ransomware Nummer 1. Sophos hat seinen neuesten Active Adversary Report unter dem Titel »The Bite from Inside« veröffentlicht, der einen detaillierten Blick auf die veränderten Verhaltensweisen und Techniken… First…
-
FuzzyAI: Open-source tool for automated LLM fuzzing
by
in SecurityNewsFuzzyAI is an open-source framework that helps organizations identify and address AI model vulnerabilities in cloud-hosted and in-house AI models, like guardrail bypassing and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/13/fuzzyai-automated-llm-fuzzing/
-
Chinese Cops Caught Using Android Spyware to Track Mobile Devices
Law enforcement across mainland China have been using EagleMsgSpy surveillance tool to collect mobile device data since at least 2017, new research shows. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-cops-using-android-spyware-track-mobile-devices
-
Turla attacks against Ukraine involve other cybercrime groups’ tools
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/turla-attacks-against-ukraine-involve-other-cybercrime-groups-tools
-
FBI warns of rising AI tools deployment in financial fraud schemes
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/fbi-warns-of-rising-ai-tools-deployment-in-financial-fraud-schemes
-
Google Launches Gemini 2.0 with Autonomous Tool Linking
by
in SecurityNewsGemini 2.0 Flash is available now, with other model sizes coming in January. It adds multilingual voice output, image output, and some trendy “agentic” capabilities. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/google-gemini-two-generative-ai-agent/
-
Microsoft Windows ‘Best Fit’ character conversion ‘ripe for exploitation’
by
in SecurityNews
Tags: api, application-security, attack, cve, exploit, flaw, injection, malicious, microsoft, mitigation, office, programming, software, switch, technology, tool, vulnerability, windowsSecurity researchers have outlined a novel attack vector that exploits the “Best Fit” character conversion technology built into Windows.The technology comes into play in string conversions, particularly when characters cannot be directly represented in a target character set.However, application security experts Orange Tsai and Splitline Huang from Taiwanese firm DEVCORE used a presentation at Black…
-
Cultivating a Hacker Mindset in Cybersecurity Defense
by
in SecurityNewsSecurity isn’t just about tools, it’s about understanding how the enemy thinks and why they make certain choices. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cultivating-hacker-mindset-cybersecurity-defense
-
Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement
Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather data from Android devices, as detailed by Lookout. Researchers at the Lookout Threat Lab discovered a surveillance tool, dubbed EagleMsgSpy, used by Chinese law enforcement to spy on mobile devices. The researchers analyzed multiple samples of the malware and gained access to internal documents obtained from…
-
Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet States
The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns.”BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims,” Lookout said in an analysis. “Both…
-
For Russian spies, existing cybercrime tools become avenues into Ukrainian military devices
by
in SecurityNewsA Kremlin-backed group tracked as Secret Blizzard or Turla recently used existing cybercrime infrastructure for an espionage campaign aimed at Ukrainian military devices.]]> First seen on therecord.media Jump to article: therecord.media/turla-secret-blizzard-russia-espionage-ukraine-cybercrime-tools
-
Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement
Lookout details EagleMsgSpy, a surveillance tool used by Chinese law enforcement to collect data from Android devices. The post Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/mobile-surveillance-tool-eaglemsgspy-used-by-chinese-law-enforcement/
-
Top 10 dmarcian Alternatives: Features, Pricing, Pros, and Cons
by
in SecurityNewsSearching for dmarcian alternatives? Explore the top DMARC management tools, compare features and pricing, and choose the best solution for your email security needs. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/top-10-dmarcian-alternatives-features-pricing-pros-and-cons/
-
How to Choose the Right Test Data Management Tools
by
in SecurityNewsIn today’s fast-paced, compliance-focused world, choosing the right test data management (TDM) tools is vital for development and QA teams. These tools go beyond simple data masking”, they manage, secure, and optimize test data across multiple environments to ensure regulatory compliance, enhance testing efficiency, and support fast release cycles. With so many options available, each…