Uncle Sam warns deepfakes are coming for your brand and bank account

No, your CEO is not on Teams asking you to transfer money

Deepfakes are coming for your brand, bank accounts, and corporate IP, according to a warning from US law enforcement and cyber agencies.…

Airbus suffers data leak turbulence to cybercrooks' delight

Ransomware group nicked info from employee of airline, say researchers

Aerospace giant Airbus has fallen victim to a data breach, thanks in part to the inattention of a third party.…

CVE-2023-38146: Arbitrary Code Execution via Windows Themes

submitted by /u/gabe_k
[link] [comments]

3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack

submitted by /u/nareksays
[link] [comments]

France Halts iPhone 12 Sales Over Radiation Levels

Password Stealing Linux Malware Served For 3 Years And No One Noticed

Malicious AI Tools Flourish, Put Pressure On Lawmakers

Airbus Launches Investigation After Hacker Leaks Data

Mozilla Patches 0-Day Exploited For Spyware Delivery

Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints

Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities were released on August

Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service

More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities. "The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of which could be exploited to perform unauthorized actions,

Used cars? Try used car accounts: 15,000 up for grabs online at just $2 a pop

Cut and shut is so last century, now it's copy and clone

Researchers have found almost 15,000 automotive accounts for sale online and pointed at a credential-stuffing attack that targeted car makers.…

Webinar: Identity Threat Detection & Response (ITDR) – Rips in Your Identity Fabric

In today's digital age, SaaS applications have become the backbone of modern businesses. They streamline operations, enhance productivity, and foster innovation. But with great power comes great responsibility. As organizations integrate more SaaS applications into their workflows, they inadvertently open the door to a new era of security threats. The stakes? Your invaluable data and the trust

The US Congress Has Trust Issues. Generative AI Is Making It Worse

Senators are meeting with Silicon Valley's elite to learn how to deal with AI. But can Congress tackle the rapidly emerging tech before working on itself?

How to snoop on passwords with this one weird trick (involving public Wi-Fi signals)

Fun technique – but how practical is it?

Some smart cookies at institutions in China and Singapore have devised a technique for reading keystrokes and pilfering passwords or passcodes from Wi-Fi-connected mobile devices on public networks, without any hardware hacking.…

Read it right! How to spot scams on Reddit

Do you know what types of scams and other fakery you should look out for when using a platform that once billed itself as “the front page of the Internet”?

ESET Research Podcast: Sextortion, digital usury and SQL brute-force

Closing intrusion vectors force cybercriminals to revisit old attack avenues, but also to look for new ways to attack their victims

Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor

ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor

Will you give X your biometric data? – Week in security with Tony Anscombe

The update to X's privacy policy has sparked some questions among privacy and security folks, including how long X will retain users' biometric information and how the data will be stored and secured

Staying ahead of threats: 5 cybercrime trends to watch

New reports from Europol and the UK’s National Crime Agency (NCA) shed a light on how the battle against cybercrime is being fought

Getting off the hook: 10 steps to take after clicking on a phishing link

Phishing emails are a weapon of choice for criminals intent on stealing people’s personal data and planting malware on their devices. The healing process does not end with antivirus scanning.

Fake Signal and Telegram apps – Week in security with Tony Anscombe

ESET research uncovers active campaigns targeting Android users and spreading espionage code through the Google Play store, Samsung Galaxy Store and dedicated websites

What you need to know about iCloud Private Relay

If you want to try to enter the world of VPNs with a small dip, then iCloud Private Relay is your friend — but is it a true VPN service? The devil is in the details.

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps

ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs

Recovering from a supply-chain attack: What are the lessons to learn from the 3CX hack?

The campaign started with a trojanized version of unsupported financial software

How a Telegram bot helps scammers target victims – Week in security with Tony Anscombe

ESET researchers uncover a Telegram bot that enables even less tech-savvy scammers to defraud people out of their money

Telekopye: Hunting Mammoths using Telegram bot

Analysis of Telegram bot that helps cybercriminals scam people on online marketplaces

Scarabs colon-izing vulnerable servers

Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle

A Bard’s Tale – how fake AI bots try to install malware

The AI race is on! It’s easy to lose track of the latest developments and possibilities, and yet everyone wants to see firsthand what the hype is about. Heydays for cybercriminals!

Evacuation of 30,000 hackers – Week in security with Tony Anscombe

DEF CON, the annual hacker convention in Las Vegas, was interrupted on Saturday evening when authorities evacuated the event's venue due to a bomb threat

DEF CON 31: US DoD urges hackers to go and hack ‘AI’

The limits of current AI need to be tested before we can rely on their output

Mass-spreading campaign targeting Zimbra users

ESET researchers have observed a new phishing campaign targeting users of the Zimbra Collaboration email server.

DEF CON 31: Robot vacuums may be doing more than they claim

When it comes to privacy, it remains complicated and near impossible for a consumer to make an informed decision.

Black Hat 2023: Hacking the police (at least their radios)

Hiding behind a black box and hoping no one will hack it has been routinely proven to be unwise and less secure.

Black Hat 2023: How AI changes the monetization of search

Search engines, AI, and monetization in the new era

Black Hat 2023: AI gets big defender prize money

Black Hat is big on AI this year, and for a good reason

Black Hat 2023: ‘Teenage’ AI not enough for cyberthreat intelligence

Current LLMs are just not mature enough for high-level tasks

20k security folks in the desert – Week in security with Tony Anscombe

Unsurprisingly, artificial intelligence took the center stage at this year's edition of Black Hat, one of the world's largest gatherings of cybersecurity professionals

Black Hat 2023: Cyberwar fire-and-forget-me-not

What happens to cyberweapons after a cyberwar?

ESET Research Podcast: Unmasking MoustachedBouncer

Listen as ESET's Director of Threat Research Jean-Ian Boutin unravels the tactics, techniques and procedures of MoustachedBouncer, an APT group taking aim at foreign embassies in Belarus

MoustachedBouncer: Espionage against foreign diplomats in Belarus

Long-term espionage against diplomats, leveraging email-based C&C protocols, C++ modular backdoors, and adversary-in-the-middle (AitM) attacks… Sounds like the infamous Turla? Think again!

Time is money, and online game scammers have lots of it

Gamers and cybersecurity professionals have something in common – the ever-terrible presence of hacking, scams, and data theft – but how and why would anyone want to target gamers?

Check cybersecurity pre-invest – Week in security with Tony Anscombe

When you invest in a company, do you check its cybersecurity? The U.S. Securities and Exchange Commission has adopted new cybersecurity rules.

Fingerprints all over: Can browser fingerprinting increase website security?

Browser fingerprinting is supposedly a more privacy-conscious tracking method, replacing personal information with more general data. But is it a valid promise?

The grand theft of Jake Moore’s voice: The concept of a virtual kidnap

With powerful AI, it doesn’t take much to fake a person virtually, and while there are some limitations, voice-cloning can have some dangerous consequences.

Quantum computing: Will it break crypto security within a few years?

Current cryptographic security methods watch out - quantum computing is coming for your lunch.

Is backdoor access oppressive? – Week in security with Tony Anscombe

Bills granting access to end-to-end encrypted systems, opportunity for cybercriminals, abuse by authority, human rights, and tech companies leaving the UK?

Gathering dust and data: How robotic vacuums can spy on you

Mitigate the risk of data leaks with a careful review of the product and the proper settings.

Dear all, What are some common subject lines in phishing emails?

Scammers exploit current ongoing events, account notifications, corporate communication, and a sense of urgency.

What happens if AI is wrong? – Week in security with Tony Anscombe

Responses generated by ChatGPT about individual people could be misleading or harmful or spill their personal information. What are the takeaways for you as a ChatGPT user?

8 common work-from-home scams to avoid

That ‘employer’ you’re speaking to may in reality be after your personal information, your money or your help with their illegal activities

Child identity theft: how do I keep my kids’ personal data safe?

Why is kids’ personal information in high demand, how do criminals steal it, and what can parents do to help prevent child identity theft?

Protect yourself from ticketing scams ahead of the Premier League Summer Series USA Tour

There is a significant secondary marketplace where tickets can sell for several times their original value, opening the opportunity for scammers and fraud

Key findings from ESET Threat Report H1 2023 – Week in security with Tony Anscombe

Here's how cybercriminals have adjusted their tactics in response to Microsoft's stricter security policies, plus other interesting findings from ESET's new Threat Report

The danger within: 5 steps you can take to combat insider threats

Some threats may be closer than you think. Are security risks that originate from your own trusted employees on your radar?

ESET Research Podcast: Finding the mythical BlackLotus bootkit

Here's a story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat

ESET Threat Report H1 2023

A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Emotet: sold or on vacation? – Week in security with Tony Anscombe

Originally a banking trojan, Emotet later evolved into a full-blown botnet and went on to become one of the most dangerous cyberthreats worldwide

What’s up with Emotet?

A brief summary of what happened with Emotet since its comeback in November 2021

Deepfaking it: What to know about deepfake-driven sextortion schemes

Criminals increasingly create deepfake nudes from people’s benign public photos in order to extort money from them, the FBI warns