Tag: data exfiltration

Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-cloud-security-can-adapt-ransomware-threats/ Source: Cloud Blog Title: Cloud CISO Perspectives: How cloud security can adapt to today’s ransomware threats Feedly Summary: Welcome to the second Cloud CISO Perspectives for January 2025. Iain Mulholland, senior director, Security Engineering, shares insights on the state of ransomware in the cloud from our new Threat Horizons Report. The research…

The Register: Lazarus Group cloned open source projects to plant backdoors, steal credentials

—

by

Source URL: https://www.theregister.com/2025/01/29/lazarus_groups_supply_chain_attack/ Source: The Register Title: Lazarus Group cloned open source projects to plant backdoors, steal credentials Feedly Summary: Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? North Korea’s Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing…

Unit 42: CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia

—

by

Source URL: https://unit42.paloaltonetworks.com/?p=138128 Source: Unit 42 Title: CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia Feedly Summary: A Chinese-linked espionage campaign targeted entities in South Asia using rare techniques like DNS exfiltration, with the aim to steal sensitive data. The post CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia appeared first…

Cloud Blog: Adversarial Misuse of Generative AI

—

by

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/adversarial-misuse-generative-ai/ Source: Cloud Blog Title: Adversarial Misuse of Generative AI Feedly Summary: Rapid advancements in artificial intelligence (AI) are unlocking new possibilities for the way we work and accelerating innovation in science, technology, and beyond. In cybersecurity, AI is poised to transform digital defense, empowering defenders and enhancing our collective security. Large language…

Hacker News: Microsoft Probing If DeepSeek-Linked Group Improperly Obtained OpenAI Data

—

by

Source URL: https://www.bloomberg.com/news/articles/2025-01-29/microsoft-probing-if-deepseek-linked-group-improperly-obtained-openai-data Source: Hacker News Title: Microsoft Probing If DeepSeek-Linked Group Improperly Obtained OpenAI Data Feedly Summary: Comments AI Summary and Description: Yes Summary: Microsoft and OpenAI are reportedly investigating a potential data exfiltration incident involving their technology linked to a Chinese AI startup, DeepSeek. This raises critical concerns about security and integrity in…

Bulletins: Vulnerability Summary for the Week of December 16, 2024

Jan 27, 2025

—

by

Source URL: https://www.cisa.gov/news-events/bulletins/sb24-358 Source: Bulletins Title: Vulnerability Summary for the Week of December 16, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Attendance Tracking Management System A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is…

Hacker News: Hacker infects 18,000 "script kiddies" with fake malware builder

Jan 25, 2025

—

by

Source URL: https://www.bleepingcomputer.com/news/security/hacker-infects-18-000-script-kiddies-with-fake-malware-builder/ Source: Hacker News Title: Hacker infects 18,000 "script kiddies" with fake malware builder Feedly Summary: Comments AI Summary and Description: Yes Summary: A recent report by CloudSEK reveals how a Trojanized version of the XWorm RAT builder was weaponized and distributed, unknowingly compromising low-skilled hackers, or “script kiddies”. This incident underscores the…

Simon Willison’s Weblog: Lessons From Red Teaming 100 Generative AI Products

Jan 18, 2025

—

by

Source URL: https://simonwillison.net/2025/Jan/18/lessons-from-red-teaming/ Source: Simon Willison’s Weblog Title: Lessons From Red Teaming 100 Generative AI Products Feedly Summary: Lessons From Red Teaming 100 Generative AI Products New paper from Microsoft describing their top eight lessons learned red teaming (deliberately seeking security vulnerabilities in) 100 different generative AI models and products over the past few years.…

CSA: Unpacking the LastPass Hack: A Case Study

Jan 15, 2025

—

by