Fake AI video generators infect Windows, macOS with infostealers

November 16, 2024 at 03:20PM Fake AI image and video generator websites are distributing Lumma Stealer for Windows and AMOS for macOS, both designed to steal credentials and cryptocurrency wallets. These sites impersonate a legitimate application, EditProAI, leading users to malicious downloads. Users should reset compromised passwords and enable multi-factor authentication. ### Meeting Takeaways 1. … Read more

ChatGPT Exposes Its Instructions, Knowledge & OS Files

November 15, 2024 at 05:24PM ChatGPT’s architecture may expose sensitive data and internal instructions, raising security concerns. Despite OpenAI’s claim of intentional design, experts warn this could enable malicious users to reverse-engineer vulnerabilities and access confidential information stored in custom GPTs. Users are cautioned to avoid uploading sensitive data due to potential leaks. ### Meeting … Read more

Microsoft Power Pages misconfigurations exposing sensitive data

November 15, 2024 at 01:39AM Misconfigured Microsoft Power Pages websites are exposing sensitive data of millions, including personal identifiable information (PII), due to lax access controls. Aaron Costello of AppOmni highlights significant leaks, such as one affecting 1.1 million NHS employees. Organizations must enhance security measures for external-facing sites to prevent data breaches. **Meeting Takeaways:** … Read more

Microsoft Power Pages Leak Millions of Private Records

November 14, 2024 at 08:09AM Misconfigured access controls in Microsoft Power Pages are exposing millions of sensitive records online, as many sites fail to implement necessary security measures. This widespread issue affects various industries, allowing unauthorized access to personal data, including that of 1.1 million NHS employees. Awareness exists, but negligence persists among developers. ### … Read more

Idaho Man Sentenced to 10 Years in Prison for Hacking, Data Theft, Extortion

November 14, 2024 at 07:39AM Robert Purbeck received a 10-year prison sentence for stealing personal information from over 132,000 individuals and committing extortion. This case highlights serious concerns regarding data security and cybercrime. ### Meeting Notes Takeaways: – **Individual Involved**: Robert Purbeck – **Offense**: Hacking, data theft, and extortion – **Sentence**: 10 years in prison … Read more

HTTP your way into Citrix’s Virtual Apps and Desktops with fresh exploit code

November 12, 2024 at 11:14AM Researchers have revealed a proof of concept for a serious vulnerability in Citrix’s Virtual Apps and Desktops, allowing unauthenticated remote code execution through HTTP requests. This flaw lets attackers gain system privileges and impersonate users. Citrix disputes the severity and has issued hotfixes, urging customers to apply them immediately. ### … Read more

Managing third-party risks in complex IT environments

November 12, 2024 at 10:14AM Join the webinar on December 3rd at 11 AM ET with Steve Toole from SailPoint, discussing risks of third-party access to systems and data. Learn about identifying risks, mitigation strategies, and fostering a security-first culture. Ideal for IT managers and security professionals. Register to enhance third-party risk management practices. **Meeting … Read more

Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware

November 11, 2024 at 01:36AM Cybersecurity researchers revealed a new phishing campaign exploiting Remcos RAT, utilizing a malicious Excel attachment to execute a fileless variant. This allows attackers to remotely control compromised computers and gather sensitive data. Additionally, phishing tactics have evolved to include using legitimate DocuSign accounts and ZIP file concatenation to bypass security … Read more

Preparing for DORA Amid Technical Controls Ambiguity

November 8, 2024 at 03:17PM The Digital Operational Resilience Act (DORA) becomes effective in January 2025, mandating financial entities to enhance IT security and data resilience. Organizations must prepare by conducting thorough gap analyses, improving risk management strategies, and ensuring continuous monitoring to comply with DORA’s complex regulations and mitigate potential threats effectively. ### Meeting … Read more

Malwarebytes Acquires VPN Provider AzireVPN

November 8, 2024 at 09:40AM Malwarebytes has acquired AzireVPN, a Sweden-based privacy-focused VPN provider, to enhance its product range. This move aims to strengthen Malwarebytes’ offerings in the cybersecurity and privacy sectors. The announcement was made on SecurityWeek. **Meeting Takeaways:** 1. **Acquisition Announcement**: Malwarebytes has acquired AzireVPN, a VPN provider based in Sweden. 2. **Strategic … Read more