Infosec News
- www.trendmicro.com Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft
We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites.
-
Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)
cloud.google.com Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575) | Google Cloud BlogMandiant collaborated with Fortinet to investigate mass zero-day exploitation of FortiManager appliances.
- therecord.media Wisconsin sued over voting system’s allegedly weak cyber protections
The lawsuit, filed by an election clerk and voter, seeks to block the state from using its online election portal due to purported cybersecurity deficiencies.
- thehackernews.com Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks
Threat actors exploit Amazon S3 in ransomware attacks, using AWS credentials for data theft.
-
Cybersecurity Compass: An Integrated Cyber Defense Strategy
www.trendmicro.com An Integrated Cyber Defense Strategy FrameworkCheck out the the Cybersecurity Compass, which is an integrated cyber defense strategy framework for 2024.
- therecord.media High-severity FortiManager bug being exploited by hackers
The bug carries a critical severity score of 9.8 and could allow hackers to steal troves of sensitive information that would facilitate further access.
- thehackernews.com CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)
CISA alerts on active exploitation of a SharePoint flaw, urging federal agencies to apply patches quickly.
-
Bringing Security Back into Balance
www.trendmicro.com Balancing SecOps & IT Cybersecurity StrategiesThis article by Trend Micro CEO Eva Chen brings focus back to striking the cybersecurity strategies balance between business C-suite and information technology (IT) departments.
- therecord.media Ransomware gang stoops to new low, targets prominent nonprofit for disabled people
Easterseals Central Illinois filed a breach notification with regulators. A ransomware gang known for attacks on hospitals appears to be extorting the nonprofit for more than $1 million.
- thehackernews.com New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection
New variants of Grandoreiro malware emerge, using advanced tactics to evade detection and targeting banks globally.
- www.trendmicro.com A Dive into Earth Baku’s Latest Campaign
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell...
- therecord.media Penn State fined $1.25 million for failing to meet cyber requirements in federal contracts
The Justice Department said Penn State had pledged to resolve cybersecurity shortcomings but “did not pursue plans of action to do so.”
- thehackernews.com Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large
Explore rising identity security concerns and key insights from Permiso's latest report on breaches.
- www.trendmicro.com Rogue AI is the Future of Cyber Threats
This is the first blog in a series on Rogue AI. Later articles will include technical guidance, case studies and more.
- therecord.media Russia-linked influence campaign shifts focus to US presidential election: report
Operation Overload, also referred to as Matryoshka and Storm-1679, has aimed "significant resources" at the U.S. presidential election and particularly Democrat Kamala Harris’ campaign, according to new research.
- thehackernews.com Think You’re Secure? 49% of Enterprises Underestimate SaaS Risks
Discover how organizational culture impacts SaaS security and why proactive measures are essential for protection.
-
Unmasking Prometei: A Deep Dive Into Our MXDR Findings
www.trendmicro.com Unmasking Prometei A Deep Dive Into Our MXDR FindingsHow does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflicts d...
- unit42.paloaltonetworks.com Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction
We examine an LLM jailbreaking technique called "Deceptive Delight," a technique that mixes harmful topics with benign ones to trick AIs, with a high success rate. We examine an LLM jailbreaking technique called "Deceptive Delight," a technique that mixes harmful topics with benign ones to trick AIs...
-
The Crypto Game of Lazarus APT: Investors vs. Zero-days
securelist.com Lazarus APT steals cryptocurrency and user data via a decoy MOBA gameKaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain.
- thehackernews.com Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models
Discover the new "Deceptive Delight" technique for jailbreaking AI models, posing significant cybersecurity risks.
- www.trendmicro.com How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack
Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt.
- github.com LinuxKernel-nday/CVE-2024-26926/CVE_2024_26926_Analysis.pdf at main · MaherAzzouzi/LinuxKernel-nday
Linux Kernel N-day Exploit/Analysis. Contribute to MaherAzzouzi/LinuxKernel-nday development by creating an account on GitHub.