CyberSecure Specialist

27 Nov

Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass

Information, News

Open-source file-sharing and collaboration software ownCloud is plagued by critical vulnerabilities that could lead to the exposure of credentials and other sensitive information and to authentication and validation bypass. The most serious issue, which carries a CVSS score of 10/10, impacts the graphapi app, which uses a third-party library providing a URL that, when accessed, reveals the PHP environment’s configuration details (phpinfo). “This information includes all the environment variables of the webserver. In containerized deployments,…

Read More
26 Nov

CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development

Attacks, Insights, Malware

Today, in a landmark collaboration, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC) are proud to announce the release of the Guidelines for Secure AI System Development. Co-sealed by 23 domestic and international cybersecurity organizations, this publication marks a significant step in addressing the intersection of artificial intelligence (AI), cybersecurity, and critical infrastructure. The Guidelines, complementing the U.S. Voluntary Commitments on Ensuring Safe, Secure, and Trustworthy AI,…

Read More
25 Nov

Telekopye’s tricks of the trade – Week in security with Tony Anscombe

Information

Video ESET’s research team reveals details about the onboarding process of the Telekopye scam operation and the various methods that the fraudsters use to defraud people online 24 Nov 2023 How do aspiring fraudsters become members of a scam operation that helps them defraud people on online marketplaces? ESET researchers recently discovered and analyzed Telekopye, a Telegram bot that helps less tech-savvy scammers pull off their tricks. This week, the research team published details about…

Read More
24 Nov

Telekopye: Chamber of Neanderthals’ secrets

Information

We recently published a blogpost about Telekopye, a Telegram bot that helps cybercriminals scam people in online marketplaces. Telekopye can craft phishing websites, emails, SMS messages, and more. In the first part, we wrote about technical details of Telekopye and hinted at hierarchical structure of its operational groups. In this second part, we focus on what we were able to learn about Neanderthals, the scammers who operate Telekopye, their internal onboarding process, different tricks of…

Read More
24 Nov

North Korean Software Supply Chain Attack Hits North America, Asia 

Information, News

A North Korean threat group breached a Taiwanese software company and leveraged its systems to deliver malware to devices in North America and Asia, Microsoft reported this week. The threat actor is tracked by the tech giant as Diamond Sleet (Zinc). Previously described as a sub-group of the notorious Lazarus, the hacker gang has been conducting attacks for data theft, espionage, destruction and financial gain. In the past, it was observed targeting security researchers, penetration…

Read More
24 Nov

In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking

Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
24 Nov

IOTW: Data breach exposes sensitive information of Canadian Government employees

Attacks, Data Breaches

The Canadian government has disclosed a data breach after contractor hacks exposed the sensitive information of an undisclosed number of employees. The breaches occurred last month (October 19) and impacted Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, which provide location services to Government workers. In a statement, the Government said that, upon learning about the incident, it took immediate action to investigate the breach which involves information held by the…

Read More
23 Nov

Your voice is my password

Information

Digital Security AI-driven voice cloning can make things far too easy for scammers – I know because I’ve tested it so that you don’t have to learn about the risks the hard way. Jake Moore 22 Nov 2023  •  , 6 min. read The recent theft of my voice brought me to a new fork in the road in terms of how AI already has the potential of causing social disruption. I was so taken aback by…

Read More
23 Nov

Broadcom Planning to Complete Deal for $69 Billion Acquisition of VMWare After Regulators Give OK

Information, News

Computer chip and software maker Broadcom has announced it has cleared all regulatory hurdles and plans to complete its $69 billion acquisition of cloud technology company VMware on Wednesday. The company, based in San Jose, California, announced it planned to move ahead with the deal after China joined the list of countries that had given a go-ahead for the acquisition. Broadcom is paying $61 billion in cash and stock for VMware and taking on $8…

Read More
22 Nov

Fuel for thought: Can a driverless car get arrested?

Information

Digital Security What happens when problems caused by autonomous vehicles are not the result of errors, but the result of purposeful attacks? 21 Nov 2023  •  , 7 min. read Fleets of robotaxis hit the brakes, citing the need to “rebuild public trust”. This story had been brewing for a while. It seemed fairly inconsequential at first, or at least not the start of a big security story: A video shared on social networking site…

Read More