admin

China has unveiled a new cyber capability powered by artificial intelligence, enabling the automatic generation of images for influence operations. These operations aim to mimic US voters across the political spectrum, fueling controversy along racial, economic and ideological lines. The findings come from a new report released by Microsoft Threat Analysis Center (MTAC) on Thursday.

The UK’s data protection regulator is set to review how period and fertility tracking applications process user information, after revealing that many women have concerns. The Information Commissioner’s Office (ICO) said it has contacted the developers of many of these apps to find out more. It also wants users to come forward and share their

A left-leaning think tank has urged a new UK Labour government to place cybersecurity front-and-center of its policymaking, borrowing from the Biden administration playbook where necessary. Progressive Britain’s new paper, CyberSecuronomics: Cybersecurity and Labour’s Modern Industrial Strategy, argued that the current Conservative government’s commitment to cyber is “insufficiently ambitious.” It said the UK still invests

Ukraine’s Computer Emergency Response Team (CERT-UA) issued an alert on September 5, 2023, about a cyber-attack attempted by Russian threat actor APT28 against a Ukrainian critical power infrastructure facility. The perpetrators planned to implement their intent using bulk emails from a fake address and a link to a ZIP archive, which, when opened, could have

A north London school and a Berkshire schools group have become the latest victims of serious cyber-attacks ahead of the new term, according to local reports. Highgate Wood School in Crouch End will now begin accepting pupils on September 11 rather than September 5 as originally intended. The secondary school, which serves local students aged 11–16, appears

Gigabytes of sensitive data related to British military and intelligence sites have been exposed by the infamous LockBit ransomware group. Zaun, a Wolverhampton-based manufacturer of fencing systems, has revealed it was hit by a cyber-attack carried out by LockBit on August 5-6. “In an otherwise up-to-date network, the breach occurred through a rogue Windows 7

SapphireStealer, an open-source information stealer, has emerged as a growing threat since its public debut last year. This malware is designed to pilfer sensitive data, including corporate credentials, and has since seen active usage and modifications by various threat actors. SapphireStealer was initially released on GitHub on December 25 2022. The malware targets browser credential databases

A Chinese-speaking cyber-criminal group named “Smishing Triad” has been observed conducting a large-scale smishing campaign targeting US citizens. This campaign has skillfully impersonated various postal and delivery services, including Royal Mail (UK), New Zealand Postal Service, Correos (Spain), PostNord (Sweden), Poste Italiane, Italian Revenue Service, USPS, Poczta Polska (Poland), J&T Express (Indonesia) and New Zealand Post. 

Fortinet has observed significant threat exploitation targeting Adobe ColdFusion, a web development computing platform. This is despite a series of security updates (APSB23-40, APSB23-41, and APSB23-47) released by Adobe in July following reports of several critical vulnerabilities in its platform. Since those updates, however, Fortinet’s FortiGuard Labs IPS telemetry data has continued to detect numerous

The UK and its Five Eyes partners (Australia, Canada, New Zealand and the US) officially support Ukraine’s attribution of Infamous Chisel, a new piece of malware infecting Ukraine’s military personnel’s mobile phones, to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). In a joint report published on

The creators of ChatGPT, OpenAI, have launched ChatGPT Enterprise which it claims to be the “most powerful version of ChatGPT yet”. The company also claims that with the new version of its generative AI chatbot, users will get “enterprise-grade security and privacy”. Other features include unlimited higher-speed GPT-4 access, longer context windows for processing longer

by Paul Ducklin US food delivery compeny PurFoods, which trades as Mom’s Meals, has just admitted to a cyberintrusion that took place from 2023-01-16 to 2023-02-22. The company stated officially that: [The] cyberattack […] included the encryption of certain files in our network. Because the investigation identified the presence of tools that could be used

Microsoft has observed a proliferation of adversary-in-the-middle (AiTM) techniques deployed through phishing-as-a-service (PhaaS) platforms, the company explained in a series of tweets posted on August 28, 2023. On the one hand, there has been an increasing number of new AiTM-capable PhaaS platforms throughout 2023; on the other, established phishing services, such as PerSwaysion, have also

The North Korean state-sponsored actor Lazarus Group recently started a new campaign targeting internet backbone infrastructure and healthcare entities in Europe and the US, security researchers from Cisco Talos have found. The researchers said that the attackers began exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) in January 2023, only five days after it was disclosed. This

The FBI has urged users of affected Barracuda appliances to replace them immediately, after warning that they’re still being targeted by a Chinese APT group. A Flash update issued by the agency this week revealed that zero-day vulnerability CVE-2023-2868 continues to be exploited by the group, dubbed UNC4841 by Mandiant, in cyber-espionage attacks. “Barracuda customers

Security researchers are urging Azure Active Directory (AD) users to monitor for abandoned reply URLs after revealing a critical vulnerability in the Microsoft Power Platform. Secureworks said it discovered the reply URL takeover bug earlier in April and it was fixed by Microsoft within 24 hours. More specifically, the researchers had found an abandoned reply