Microsoft Bets $10,000 on Prompt Injection Protections of LLM Email Client

December 10, 2024 at 08:27AM Microsoft has launched the LLMail-Inject hacking challenge, offering $10,000 in prizes for breaking defenses in a simulated email client using an instruction-tuned large language model. The challenge runs until January 20, 2025, featuring 40 unique scenarios. Participants can form teams of up to five and must register via GitHub. ### … Read more

Webinar Today: Inside a Hacker’s Playbook – How Cybercriminals Use Deepfakes

December 10, 2024 at 08:19AM Join SecurityWeek on December 10th at 1:00 PM ET for a session featuring Rachel Tobac and Mahmood Khan, focusing on how cybercriminals use social engineering, deepfake technology, and BEC to steal funds. Learn about attack methods, emerging threats, and actionable defense strategies for your organization. ### Meeting Notes Summary: Cybersecurity … Read more

The Future of Network Security: Automated Internal and External Pentesting

December 10, 2024 at 08:06AM As cyber threats evolve, automated internal and external pentesting becomes essential for organizations. These cost-effective solutions enable frequent and thorough security assessments, addressing both insider and perimeter risks. Automated tools, like vPenTest, offer detailed insights, streamline compliance, and empower IT teams to enhance their security posture proactively. ### Key Takeaways … Read more

Astrix Security Banks $45M Series B to Secure Non-Human Identities

December 10, 2024 at 08:04AM Astrix Security, a startup focusing on securing non-human identities, has raised $45 million in Series B funding, totaling $85 million. Investors include Menlo Ventures, Workday Ventures, and BVP. The company addresses identity management challenges and has expanded its workforce significantly to serve major clients like Workday and Netapp. ### Meeting … Read more

Microsoft 365 outage takes down Office web apps, admin center

December 10, 2024 at 07:48AM Microsoft is currently investigating a significant and ongoing outage affecting Microsoft 365, specifically impacting Office web apps and the Microsoft 365 admin center. **Meeting Takeaways: Microsoft 365 Outage Investigation** 1. **Current Situation**: Microsoft is currently investigating a widespread outage affecting Microsoft 365 services. 2. **Impact**: The outage primarily impacts Office … Read more

Chinese hackers use Visual Studio Code tunnels for remote access

December 10, 2024 at 07:48AM Chinese hackers are utilizing Visual Studio Code tunnels to maintain persistent remote access to compromised IT service providers in Southern Europe, in a campaign dubbed ‘Operation Digital Eye.’ Initiating access through SQL injection and employing various techniques, these activities were detected by SentinelLabs, raising alarms about this emerging threat. ### … Read more

Heart surgery device maker’s security bypassed, data encrypted and stolen

December 10, 2024 at 07:38AM Artivion reported a cybersecurity incident resembling a ransomware attack on November 21, 2024, resulting in data theft and file encryption. The company is investigating, has engaged external advisors, and is working to restore systems. The incident has disrupted operations but is not expected to impact finances significantly, aided by cyber … Read more

Cisco Says Flaws in Industrial Routers, BGP Tool Remain Unpatched 8 Months After Disclosure

December 10, 2024 at 07:21AM Cisco’s Talos unit has revealed several unpatched vulnerabilities in MC Technologies’ industrial router and GoCast’s BGP tool, despite responsible disclosure to vendors months ago. Notably, the MC LR router has four high-severity command injection flaws, while GoCast has three critical vulnerabilities, both potentially exploitable through crafted HTTP requests. ### Meeting … Read more

Phone Phishing Gang Busted: Eight Arrested in Belgium and Netherlands

December 10, 2024 at 06:54AM Belgian and Dutch authorities arrested eight suspects linked to a “phone phishing” gang operating from the Netherlands, targeting victims worldwide to steal financial data. Law enforcement executed 17 searches, seizing cash, firearms, and luxury goods. The crime network, involving call centers, profited millions from phishing and bank fraud. ### Meeting … Read more

Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage

December 10, 2024 at 06:54AM A cyber espionage group linked to China has targeted IT service providers in Southern Europe, utilizing Microsoft Visual Studio Code Remote Tunnels for command and control. Detected between June and July 2024, the attacks aimed to establish footholds for future data breaches, leveraging legitimate tools to evade detection, highlighted by … Read more