The UK’s privacy regulator has warned of falling public trust in AI and said any use of the technology which breaks data protection law would be met with strong enforcement action. Speaking at techUK’s Digital Ethics Summit 2023 on Wednesday, information commissioner, John Edwards, pointed to organizations using AI for “nefarious purposes” in order to
Month: December 2023
Magnetic stripe cards were all the rage 20 or so years ago, but their security was fragile, and the requirement for signatures often added to the hassle of transactions – not to mention, they lacked data encryption, making them vulnerable to skimming and cloning by criminals. Chip-based cards emerged as a successor, offering enhanced security
Dec 08, 2023NewsroomCyber Espionage / Cryptocurrency The North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors on compromised systems. “The threat actor ultimately uses a backdoor to steal information and execute commands,” the AhnLab Security
In today’s digital world, businesses are just as vulnerable to cyber-attacks as they are to fire and theft. New research from insurance provider Aviva found that businesses are 67% more likely to experience a cyber incident than a physical theft and almost five times as likely to have an attack as a fire. Overall, at
Tracking has recently become a big bogeyman. The sheer amount of data that an app or an operating system (OS) can use to identify you and collect your data is enormous, depending on the method of tracking it uses. While it’s clear why manufacturers and sellers desire more data – to tailor their products, enhance
Dec 07, 2023The Hacker NewsMobile Security / Vulnerability A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices. Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code
The LockBit ransomware strain continues to be the primary digital extortion threat to all regions, and almost all industries globally, according to a report by ZeroFox. Researchers found that LockBit was leveraged in more than a quarter of global ransomware and digital extortion (R&DE) attacks in the seven quarters analyzed from January 2022 to September
Since the beginning of 2023, ESET researchers have observed an alarming growth of deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds. Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all
Dec 06, 2023NewsroomAccess Management / Cloud Security Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said
A prolific Russian state-sponsored APT group is actively exploiting a known vulnerability in Outlook to access email accounts in Exchange servers, Microsoft has warned. APT28 (aka Forest Blizzard, Strontium, Fancy Bear) is known to target government, energy, transportation and non-governmental organizations in the US, Europe and the Middle East, Microsoft Threat Intelligence claimed on X
Microsoft Copilot has been called one of the most powerful productivity tools on the planet. Copilot is an AI assistant that lives inside each of your Microsoft 365 apps — Word, Excel, PowerPoint, Teams, Outlook, and so on. Microsoft’s dream is to take the drudgery out of daily work and let humans focus on being
The Cyber Resilience Act (CRA), the EU’s upcoming legislation to boost the security of digital products, is now only one step away from being officially adopted. After days of debate within EU institutions, the European Parliament and the EU Council reached a political agreement on the legislation on December 3. First proposed by the EU
Dec 04, 2023NewsroomEncryption / Technology New research has unearthed multiple novel attacks that break Bluetooth Classic’s forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.8) and
The UK government has signed what it claims to be a “world-first” charter with some of the biggest technology companies on the planet, which will see the latter commit to blocking and removing fraudulent content from their platforms. Announced late yesterday, the Online Fraud Charter is a voluntary agreement for technology firms to better police fraud
Business Security While it may be too late to introduce wholesale changes to your security policies, it doesn’t hurt to take a fresh look at where the biggest threats are and which best practices can help neutralize them Phil Muncaster 28 Nov 2023 • , 6 min. read The holiday shopping season has begun in
Dec 02, 2023NewsroomCybercrime / Malware A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced. Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to the U.S. a month later. “Dunaev developed browser
Apple has been forced to patch yet another pair of zero-day vulnerabilities, bringing the total for the year to 20. The tech giant said that the two bugs in its WebKit browser engine were being actively exploited in the wild. The first vulnerability, CVE-2023-42916, is found in a range of Apple products: iPhone XS and
Video Several cases of children creating indecent images of other children using AI software add to the worries about harmful uses of AI technology 01 Dec 2023 It has been reported recently that children are using artificial intelligence (AI) image generators to create indecent images of other children. The reports came amid a few publicized
Dec 02, 2023Newsroom Organizations in the Middle East, Africa, and the U.S. have been targeted by an unknown threat actor to distribute a new backdoor called Agent Racoon. “This malware family is written using the .NET framework and leverages the domain name service (DNS) protocol to create a covert channel and provide different backdoor functionalities,”
The UK’s security agency has urged the nation’s water sector to apply best practice security measures after a US operator was breached via its industrial control systems. The US Cybersecurity and Infrastructure Security Agency (CISA) revealed earlier this week that an unnamed facility had been taken offline and switched to manual operation after its Unitronics
Business Security Failing to practice what you preach, especially when you are a juicy target for bad actors, creates a situation fraught with considerable risk Phil Muncaster 30 Nov 2023 • , 5 min. read When it comes to corporate cybersecurity, leading by example matters. Yes, it’s important for every employee to play their part
Dec 01, 2023NewsroomMobile Security / Banking Security Cybersecurity researchers have disclosed a new sophisticated Android malware called FjordPhantom that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023. “Spreading primarily through messaging services, it combines app-based malware with social engineering to defraud banking customers,” Oslo-based mobile