Category:
Security News
Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity
Companies must do a delicate dance between consumer privacy protection, upholding their product’s efficacy, and de-risking cyber breaches to run the business.
Read More
U.S., U.K., and Global Partners Release Secure AI System Development Guidelines
The U.K. and U.S., along with international partners from 16 other countries, have released new guidelines for the development of secure artificial intelligence (AI) systems.
“The approach prioritizes ownership of security outcomes for customers, embraces radical transparency and accountability, and establishes organizational structures where secure design is a top priority,” the U.S.
General Electric investigates claims of cyber attack, data theft
General Electric is investigating claims that a threat actor breached the company’s development environment in a cyberattack and leaked allegedly stolen data. […]
Read More
UK and South Korea: Hackers use zero-day in supply-chain attack
A joint advisory by the National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou […]
Read More
Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks
A new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts.
The activity has been attributed to a threat actor called Konni, which is assessed to share overlaps with a North Korean cluster tracked as Kimsuky (aka APT43).
“This campaign relies on a remote access trojan
Exploit for Critical Windows Defender Bypass Goes Public
Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.
Read More
73% of Organizations Affected by Ransomware Attacks Globally in 2023, According to Statista
I recently wrote about how 1 in 34 organizations globally has experienced an attempted ransomware attack. But that statistic doesn’t provide enough context around the impact felt by the organizations that do business in one form or another with those that are attacked.
Read More
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography
Phishing attacks are steadily becoming more sophisticated, with cybercriminals investing in new ways of deceiving victims into revealing sensitive information or installing malicious software. One of the latest trends in phishing is the use of QR codes, CAPTCHAs, and steganography. See how they are carried out and learn to detect them.
Quishing
Quishing, a phishing technique resulting from the
Researchers extract RSA keys from SSH server signing errors
A team of academic researchers from universities in California and Massachusetts demonstrated that it’s possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH (secure shell) connection attempts. […]
Read More
Beware of new Ransomware Tactic
2 days ago ALPHV/BlackCat in a bid to apply further pressure to get their latest victim MeridanLink to pay, filed a compliant against them with the U.S. Securities and Exchange Commission (SEC) for failing to report a breach! This is an interesting tactic and will apply even more pressure on organisations, CISOs’ and Boards to…
Read MoreRecent Posts
Lvl 17, Angel Place,
123 Pitt Street,
Sydney
NSW 2000
(02) 7230 1350