Experimental News Clipping Site

Tag: malicious activities

  • Alerts: CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/22/cisa-and-fbi-release-advisory-how-threat-actors-chained-vulnerabilities-ivanti-cloud-service Source: Alerts Title: CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications Feedly Summary: CISA, in partnership with the Federal Bureau of Investigation (FBI), released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. This advisory was crafted in response to active exploitation of vulnerabilities—CVE-2024-8963,…

  • Microsoft Security Blog: New Star Blizzard spear-phishing campaign targets WhatsApp accounts

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/01/16/new-star-blizzard-spear-phishing-campaign-targets-whatsapp-accounts/ Source: Microsoft Security Blog Title: New Star Blizzard spear-phishing campaign targets WhatsApp accounts Feedly Summary: In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group. This is the first…

  • Hacker News: Malicious extensions circumvent Google’s remote code ban

    by

    Kurt Seifried
    in

    Source URL: https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/ Source: Hacker News Title: Malicious extensions circumvent Google’s remote code ban Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses security vulnerabilities related to malicious browser extensions in the Chrome Web Store, focusing on how they can execute remote code and compromise user privacy. It critiques Google’s policies regarding…

  • Cloud Blog: Backscatter: Automated Configuration Extraction

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/backscatter-automated-configuration-extraction/ Source: Cloud Blog Title: Backscatter: Automated Configuration Extraction Feedly Summary: Written by: Josh Triplett Executive Summary Backscatter is a tool developed by the Mandiant FLARE team that aims to automatically extract malware configurations. It relies on static signatures and emulation to extract this information without dynamic execution, bypassing anti-analysis logic present in…

  • Schneier on Security: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/01/microsoft-takes-legal-action-against-ai-hacking-as-a-service-scheme.html Source: Schneier on Security Title: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme Feedly Summary: Not sure this will matter in the end, but it’s a positive move: Microsoft is accusing three individuals of running a “hacking-as-a-service” scheme that was designed to allow the creation of harmful and illicit…

  • Slashdot: New LLM Jailbreak Uses Models’ Evaluation Skills Against Them

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/01/12/2010218/new-llm-jailbreak-uses-models-evaluation-skills-against-them?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: New LLM Jailbreak Uses Models’ Evaluation Skills Against Them Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses a novel jailbreak technique for large language models (LLMs) known as the ‘Bad Likert Judge,’ which exploits the models’ evaluative capabilities to generate harmful content. Developed by Palo Alto…

  • Hacker News: Securely Disposing of Smart Devices

    by

    Kurt Seifried
    in

    Source URL: https://www.rapid7.com/blog/post/2025/01/06/out-with-the-old-in-with-the-new-securely-disposing-of-smart-devices/ Source: Hacker News Title: Securely Disposing of Smart Devices Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides critical insights on the security implications of improper disposal of smart devices, emphasizing the importance of factory resetting IoT devices before resale or disposal. This presents a significant privacy and security…

  • The Register: FireScam infostealer poses as Telegram Premium app to surveil Android devices

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/06/firescam_android_malware/ Source: The Register Title: FireScam infostealer poses as Telegram Premium app to surveil Android devices Feedly Summary: Once installed, it helps itself to your data like it’s a free buffet Android malware dubbed FireScam tricks people into thinking they are downloading a Telegram Premium application that stealthily monitors victims’ notifications, text messages,…

  • Krebs on Security: Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

    by

    system automation
    in

    Source URL: https://krebsonsecurity.com/2024/12/web-hacking-service-araneida-tied-to-turkish-it-firm/ Source: Krebs on Security Title: Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm Feedly Summary: Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as…