August 28, 2024 at 12:00PM A threat actor has targeted the manufacturing sector with spear-phishing emails, impersonating real companies like Periscope Holdings and R.S. Hughes. When clicked, the emails direct victims to a counterfeit Microsoft page to input their password, allowing the hacker to harvest credentials and potentially compromise sensitive data. BlueVoyant researchers advise monitoring … Read more
August 25, 2024 at 12:48PM The Department of Justice’s Office of the Inspector General found “significant weaknesses” in FBI’s management and disposal of sensitive electronic media, posing potential security risks. After reviewing the meeting notes, it appears that an audit by the Department of Justice’s Office of the Inspector General has revealed “significant weaknesses” in … Read more
August 18, 2024 at 02:03PM Google is testing a new feature for Chrome on Android that redacts sensitive form fields, like credit card details and passwords, during screen sharing and recording. The feature is under testing and may be available in Chrome Canary in the coming weeks. It aims to address the issue of leaking … Read more
June 17, 2024 at 07:52PM Two consulting firms, Guidehouse and Nan McKay and Associates, agreed to pay a total of $11.3 million to settle allegations of cybersecurity failings in the rollout of COVID-19 assistance. The fines were split with Guidehouse paying $7.6 million and NMA $3.7 million. The firms failed to perform required cybersecurity testing, … Read more
February 26, 2024 at 06:09AM OWASP published the “OWASP Top 10 For Large Language Models,” reflecting the evolving nature of Large Language Models and their potential vulnerabilities. The article discusses techniques like “prompt injection,” the accidental disclosure of secrets, and offers tips such as secret rotation, data cleaning, and regular patching to secure LLMs. From … Read more
February 13, 2024 at 10:38AM LockBit ransomware’s attack on a technology partner resulted in the exposure of sensitive information, such as Social Security numbers, belonging to over 57,000 banking customers. Based on the meeting notes, the key takeaway is that a technology partner was attacked by LockBit ransomware, resulting in the exposure of sensitive information, … Read more
November 23, 2023 at 10:06AM A new phishing attack carried out by a cyber espionage group called Konni has been observed. The attackers are using a Russian-language Microsoft Word document to deliver malware that can collect sensitive information from compromised Windows hosts. The group is known for targeting Russia and uses spear-phishing emails and malicious … Read more
November 20, 2023 at 12:27PM The Canadian government has reported that two of its contractors, Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, were hacked, resulting in the exposure of sensitive information belonging to government employees. The breach, reportedly attributed to the LockBit ransomware gang, has affected data dating back to … Read more
November 17, 2023 at 02:54AM U.S. cybersecurity and intelligence agencies have issued a joint advisory about a cybercriminal group called Scattered Spider, known for using sophisticated phishing tactics. The group engages in data theft for extortion and has recently used BlackCat/ALPHV ransomware. Scattered Spider relies on social engineering techniques and has connections to the Gen … Read more
November 14, 2023 at 06:20PM Intel has fixed a high-severity CPU vulnerability that affects modern desktop, server, mobile, and embedded CPUs, including the latest microarchitectures. The flaw, known as CVE-2023-23583, allows attackers to escalate privileges, access sensitive information, or cause denial of service. Intel recommends updating affected processors with the latest microcode and provides mitigation … Read more