Experimental News Clipping Site

Tag: attack

  • Slashdot: Ransomware Payments Dropped 35% In 2024

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/02/07/0049222/ransomware-payments-dropped-35-in-2024?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Ransomware Payments Dropped 35% In 2024 Feedly Summary: AI Summary and Description: Yes Summary: The text outlines a significant decline in ransomware payments despite an increase in the frequency of attacks in 2024, highlighting the influence of law enforcement operations against major ransomware groups. It emphasizes the improved resilience…

  • The Register: Apple missed screenshot-snooping malware in code that made it into the App Store, Kaspersky claims

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/07/infected_apps_google_apple_stores/ Source: The Register Title: Apple missed screenshot-snooping malware in code that made it into the App Store, Kaspersky claims Feedly Summary: OCR plugin great for extracting crypto-wallet secrets from galleries Kaspersky eggheads say they’ve spotted the first app containing hidden optical character recognition spyware in Apple’s App Store. Cunningly, the software nasty…

  • The Register: If Ransomware Inc was a company, its 2024 results would be a horror show

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/07/ransomware_costs_analysis/ Source: The Register Title: If Ransomware Inc was a company, its 2024 results would be a horror show Feedly Summary: 35% drop in payments across the year as your backups got better and law enforcement made a difference Ransomware extortion payments fell in 2024, according to blockchain analyst biz Chainalysis this week.……

  • Rekt: Ionic Money – Rekt

    by

    Kurt Seifried
    in

    Source URL: https://www.rekt.news/ionic-money-rekt Source: Rekt Title: Ionic Money – Rekt Feedly Summary: Fake LBTC, real losses. Social engineering artists convinced Ionic Money on Mode Network to accept counterfeit collateral, walked away with $6.9M, and left sister protocols holding toxic bags. Previously exploited twice as Midas – third time rekt’s the charm. AI Summary and Description:…

  • The GenAI Bug Bounty Program | 0din.ai: Poison in the Pipeline: Liberating models with Basilisk Venom

    by

    Kurt Seifried
    in

    Source URL: https://0din.ai/blog/poison-in-the-pipeline-liberating-models-with-basilisk-venom Source: The GenAI Bug Bounty Program | 0din.ai Title: Poison in the Pipeline: Liberating models with Basilisk Venom Feedly Summary: AI Summary and Description: Yes Summary: The provided text highlights a significant incident of data poisoning in generative AI models, emphasizing the long-term implications of malicious data insertion and its potential impact…

  • Anton on Security – Medium: 15+ Years of Loading Threat Intel into SIEM: Why Does This Still Suck?

    by

    Kurt Seifried
    in

    Source URL: https://medium.com/anton-on-security/15-years-of-loading-threat-intel-into-siem-why-does-this-still-suck-37e5e5653828?source=rss—-8e8c3ed26c4c—4 Source: Anton on Security – Medium Title: 15+ Years of Loading Threat Intel into SIEM: Why Does This Still Suck? Feedly Summary: AI Summary and Description: Yes Summary: The text elaborates on the evolution of Security Information and Event Management (SIEM) systems, particularly focusing on the integration of threat intelligence (TI) feeds.…

  • Microsoft Security Blog: Code injection attacks using publicly disclosed ASP.NET machine keys

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/02/06/code-injection-attacks-using-publicly-disclosed-asp-net-machine-keys/ Source: Microsoft Security Blog Title: Code injection attacks using publicly disclosed ASP.NET machine keys Feedly Summary: Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. In the course of investigating, remediating, and…

  • The Register: Dems want answers on national security risks posed by hiring freeze, DOGE

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/06/democrat_trump_admin_letter/ Source: The Register Title: Dems want answers on national security risks posed by hiring freeze, DOGE Feedly Summary: Are cybersecurity roles included? Are Elon’s enforcers vetted? Inquiring minds want to know Elected officials are demanding answers as to whether the Trump administration and Elon Musk’s Department of Government Efficiency (DOGE) are hamstringing…

  • Alerts: CISA Adds Five Known Exploited Vulnerabilities to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/02/06/cisa-adds-five-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Five Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added five vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability CVE-2022-23748 Dante Discovery Process Control Vulnerability CVE-2024-21413 Microsoft Outlook Improper Input Validation Vulnerability CVE-2020-29574 CyberoamOS…

  • CSA: Agentic AI Threat Modeling Framework: MAESTRO

    by

    Kurt Seifried
    in

    Source URL: https://cloudsecurityalliance.org/blog/2025/02/06/agentic-ai-threat-modeling-framework-maestro Source: CSA Title: Agentic AI Threat Modeling Framework: MAESTRO Feedly Summary: AI Summary and Description: Yes Summary: The text presents MAESTRO, a novel threat modeling framework tailored for Agentic AI, addressing the unique security challenges associated with autonomous AI agents. It offers a layered approach to risk mitigation, surpassing traditional frameworks such…