Friday, October 25th, 2024
Cybersecurity Week in Review (25/10/24)
New Cybersecurity Warning As 1,000 Elite Hackers Embrace AI
One of the significant shifts in the way AI is used by hackers can be seen in the top use case for generative platforms: last year, it was for task automation, and this year, it’s for data analysis. This should be a warning flag for all because data analysis, be that software or hardware-related, is the keystone for most hacking activity.
Internet Archive breached again through stolen access tokens
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens.
Tech giant Nidec confirms data breach following ransomware attack
Nidec Corporation is informing that hackers behind a ransomware attack it suffered earlier this year stole data and leaked it on the dark web.
The Japanese tech giant says the threat actors tried to extort the company and decided to leak the information after their demands were not met.
Hackers reportedly impersonate cyber firm ESET to target organizations in Israel
Unknown hackers have reportedly attempted to infect Israeli organizations with wiper malware delivered through phishing emails that impersonated the cybersecurity firm ESET.
Source: https://therecord.media/hackers-impersonate-eset-wiper-malware
Over 6,000 WordPress hacked to install plugins pushing infostealers
WordPress sites are being hacked to install malicious plugins that display fake software updates and errors to push information-stealing malware.
AWS, Azure auth keys found in Android and iOS apps used by millions
“Recent analysis has uncovered a troubling trend: several widely-used apps have been found to contain hardcoded and unencrypted cloud service credentials within their codebases,” a report from Symantec, a Broadcom company said.
SEC charges tech companies for downplaying SolarWinds breaches
The SEC has charged four companies—Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast—for allegedly misleading investors about the impact of their breaches during the massive 2020 SolarWinds Orion hack.
Bumblebee malware returns after recent law enforcement disruption
The Bumblebee malware loader has been spotted in new attacks recently, more than four months after Europol disrupted it during ‘Operation Endgame’ in May.
Severe flaws in E2EE cloud storage platforms used by millions
Several end-to-end encrypted (E2EE) cloud storage platforms are vulnerable to a set of security issues that could expose user data to malicious actors.
Cryptographic analysis from ETH Zurich researchers Jonas Hofmann and Kien Tuong Turong revealed issues with Sync, pCloud, Icedrive, Seafile, and Tresorit services, collectively used by more than 22 million people.
Hackers exploit Roundcube webmail flaw to steal email, credentials
Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union.
Contact Us
The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.