Recherche : [E*N] - Cyberveille

Researchers Say the Deepfake Biden Robocall Was Likely Made With Tools From AI Startup ElevenLabs https://www.wired.com/story/biden-robocall-deepfake-elevenlabs/

27/01/2024 11:12:05

Two fake-audio experts say that the deepfake robocall of President Biden received by some voters last week was likely created with technology from Silicon Valley’s favorite voice-cloning startup.

Ransomware Cases Increased Greatly in 2023 https://www.sans.org/blog/ransomware-cases-increased-greatly-in-2023/

26/01/2024 17:44:22

As we move further into 2024, we must be cautious (maybe even fearful!) of ransomware cases increasing even more than in previous years. Though governments around the world are taking more interest in the worldwide threat, we can see from the increase of cases that our actions have not been enough to thwart the ransomware threat. As new groups continue to form, former groups continue to evolve into new brands, and the big players continue to ramp up their efforts, we must remain vigilant and focus on our preparation and early detection capabilities.

Russian developer of Trickbot malware sentenced to five years in prison https://therecord.media/trickbot-developer-sentenced-to-prison

26/01/2024 14:20:44

A Russian developer of Trickbot malware has been sentenced to five years and four months in prison, the U.S. Department of Justice said on Thursday.

Midnight Blizzard: Guidance for responders on nation-state attack https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/

26/01/2024 14:03:29

The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.

23andMe data breach: Hackers stole raw genotype data, health reports https://www.bleepingcomputer.com/news/security/23andme-data-breach-hackers-stole-raw-genotype-data-health-reports/

26/01/2024 12:08:23

Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27.
#23andMe #Breach #Computer #Credential #DNA #Data #Genetics #Health #InfoSec #Leak #Security #Stuffing

Inside a Global Phone Spy Tool Monitoring Billions https://www.404media.co/inside-global-phone-spy-tool-patternz-nuviad-real-time-bidding/

26/01/2024 09:58:43

A wide-spanning investigation by 404 Media reveals more details about a secretive spy tool that can tracks billions of phone profiles through the advertising industry called Patternz. Google has taken action in response to 404 Media's inquiries.

X is being flooded with graphic Taylor Swift AI images https://www.theverge.com/2024/1/25/24050334/x-twitter-taylor-swift-ai-fake-images-trending

26/01/2024 09:58:13

Fake sexually explicit images of Taylor Swift have been circulating on X over the last day in the latest example of the proliferation of AI-generated pornography.

HPE reveals Russian attackers accessed internal emails https://www.theregister.com/2024/01/25/hpe_russia_email_attack/

25/01/2024 10:06:48

Moscow-backed Cozy Bear may have had access to the green rectangular email cloud for six months

Over 5,300 GitLab servers exposed to zero-click account takeover attacks https://www.bleepingcomputer.com/news/security/over-5-300-gitlab-servers-exposed-to-zero-click-account-takeover-attacks/

24/01/2024 21:55:12

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.

AI will make scam emails look genuine, UK cybersecurity agency warns https://www.theguardian.com/technology/2024/jan/24/ai-scam-emails-uk-cybersecurity-agency-phishing

24/01/2024 21:36:36

NCSC says generative AI tools will soon allow amateur cybercriminals to launch sophisticated phishing attacks

SEC says X account hack was due to SIM swapping https://therecord.media/sec-x-account-takeover-sim-swapping

24/01/2024 08:28:40

An “unauthorized party” hijacked the cell phone number of the person running the SEC’s X account before taking over the social media feed and posting messages.

In a statement on Monday, an SEC spokesperson explained that two days after the January 9 account takeover, the government agency spoke to its telecom carrier and discovered that someone “obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack.”

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT | Rapid7 Blog https://www.rapid7.com/blog/post/2024/01/23/etr-cve-2024-0204-critical-authentication-bypass-in-fortra-goanywhere-mft/

23/01/2024 21:27:31

On 1/22/24, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.

Info Stealing Packages Hidden in PyPI https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi

23/01/2024 10:08:55

An info-stealing PyPI malware author was identified discreetly uploading malicious packages.

Atlassian Confluence Server RCE attacks underway https://www.theregister.com/2024/01/22/atlassian_confluence_server_rce/

23/01/2024 10:04:43

If you're still running a vulnerable instance then 'assume a breach'

178,000 SonicWall firewalls are vulnerable to old DoS bugs https://www.theregister.com/2024/01/16/more_than_178000_sonicwall_firewalls/?is=e4f6b16c6de31130985364bb824bcb39ef6b2c4e902e4e553f0ec11bdbefc118

22/01/2024 11:21:46

Majority of public-facing devices still unpatched against critical vulns from as far back as 2022

Technology News Government News Get more insights with the Recorded Future Intelligence Cloud. Learn more. In alerting about two Citrix bugs, CISA recommends immediate attention for one https://therecord.media/cisa-citrix-bugs-immediate-attention-for-one

22/01/2024 10:49:55

Two bugs in Citrix technology are drawing serious attention this week from the Cybersecurity and Infrastructure Security Agency.

CISA says federal agencies much patch one of the vulnerabilities — tagged as CVE-2023-6548 — by January 24. It’s one of the rare times the cyber agency has put a remediation date of less than three weeks on a vulnerability.

CISA did not respond to requests for comment about why the remediation timeline was shorter than most.

The other bug — listed as CVE-2023-6548 — must be fixed by February 7. CISA’s alerts are aimed at federal agencies but often serve as general warnings for the public.

A backdoor with a cryptowallet stealer inside cracked macOS software https://securelist.com/new-macos-backdoor-crypto-stealer/111778/

22/01/2024 10:41:52

We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.

Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

21/01/2024 00:24:48

Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability https://thehackernews.com/2024/01/balada-injector-infects-over-7100.html

20/01/2024 21:19:56

Over 7,100 WordPress sites have been hit by the 'Balada Injector' malware, which exploits sites using a vulnerable version of the Popup Builder plugin

Microsoft network breached through password-spraying by Russian-state hackers https://arstechnica.com/security/2024/01/microsoft-network-breached-through-password-spraying-by-russian-state-hackers/

20/01/2024 10:03:08

Senior execs' emails accessed in network breach that wasn't caught for 2 months.

Liens par page

Filtres