'

Report: World governments must act to create generative AI safeguards

Report: World governments must act to create generative AI safeguards

Generative AI’s fast-flowering utility in the cybersecurity field means that governments must take steps to regulate the technology as its use by malicious actors becomes increasingly common, according to a report issued this week by the Aspen Institute. The report called generative AI a “technological marvel,” but one that is reaching the broader public in … Read more

Deprecated npm packages that appear active present open-source risk

Deprecated npm packages that appear active present open-source risk

Security researchers warn that many npm packages are being deprecated and abandoned by their maintainers without a clear warning to users. Such packages can accumulate serious vulnerabilities over time and sometimes their maintainers even abandon them particularly because they don’t have the time or interest to fix reported security issues. Out of the top 50,000 … Read more

Exploitation of Recently Patched VMware Bug Started in 2021

Exploitation of Recently Patched VMware Bug Started in 2021

A Chinese threat group exploited a critical-severity remote code execution flaw in VMware’s centralized management utility, vCenter Server, for almost two years before patches were released. VMware released fixes for the flaw (CVE-2023-34048) in October 2023, but at the time the company said it had not seen evidence of exploitation. On Wednesday, VMware updated its … Read more

Categories duo

Microsoft at Legalweek: Secure data and gain efficiencies with Microsoft Purview eDiscovery enhanced by generative AI

Microsoft at Legalweek: Secure data and gain efficiencies with Microsoft Purview eDiscovery enhanced by generative AI

The legal profession is known for being cautious or hesitant to adopt new technologies. However, when it comes to AI, it seems like legal professionals are ready to be on the leading edge of AI implementation. A Thomson Reuters survey of legal professionals found that 82% agree that AI can be useful in legal work … Read more

New Microsoft Incident Response guides help security teams analyze suspicious activity

New Microsoft Incident Response guides help security teams analyze suspicious activity

Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for and uses daily to provide our customers with evidence of Threat Actor activity in their tenant. With more than 3,000 … Read more

New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs

New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs

Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign, Mint Sandstorm used bespoke phishing lures in an attempt to socially engineer targets into … Read more

Canadian Man Stuck in Triangle of E-Commerce Fraud

Canadian Man Stuck in Triangle of E-Commerce Fraud

A Canadian man who says he’s been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name. His case appears to involve “triangulation fraud,” which occurs when a consumer purchases something online — from a seller on Amazon or eBay, for example — but the seller doesn’t actually own the item … Read more

71 Million Emails Added to Have I Been Pwned From Naz.API Stolen Account List

71 Million Emails Added to Have I Been Pwned From Naz.API Stolen Account List

Almost 71 million email addresses linked to compromised accounts from the Naz.API dataset have been incorporated into the data breach notification service of Have I Been Pwned. The Naz.API dataset, consisting of 1 billion credentials, is an extensive compilation derived from credential stuffing lists and data pilfered by information-stealing malware. Credential stuffing lists comprise login … Read more

Russian hacker Coldriver extends tactics to include custom malware

Russian hacker Coldriver extends tactics to include custom malware

Russian state-sponsored actor Coldriver, known for using spearphishing attacks on high-profile government accounts in Western countries for cyberespionage, has evolved tacts to include custom malware in its campaigns, according to a Google Threat Analysis Group (TAG) report. Also tracked as UNC4057, Star Blizzard, Blue Charlie, and Callisto, the Russian-backed advanced persistent threat (APT) has been … Read more

New CISO appointments 2024

New CISO appointments 2024

The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security. Follow this column to keep … Read more