CyberSecure Specialist

06 Jun

OWASP lists 10 most critical large language model vulnerabilities

Data Breaches, Malware, Social Engineering

The Open Worldwide Application Security Project (OWASP) has published the top 10 most critical vulnerabilities often seen in large language model (LLM) applications, highlighting their potential impact, ease of exploitation, and prevalence. Examples of vulnerabilities include prompt injections, data leakage, inadequate sandboxing, and unauthorized code execution. The list aims to educate developers, designers, architects, managers, and organizations about the potential security risks when deploying and managing LLMs, raising awareness of vulnerabilities, suggesting remediation strategies, and…

Read More
05 Jun

RomCom ransomware is being spread via poisoned Google ads

Attacks, Data Breaches

RomCom ransomware is being spread via poisoned Google adverts for legitimate software companies including Chat-GPT, PDF Reader Pro and Devolutions’ Remote Desktop Manager. According to researchers at IT security company Trend Micro, malicious actors are using Google advertisements for trusted companies to entice people into clicking on the advert and downloading RomCom ransomware onto their devices. The malicious actors are doing this through the use of fake sites set up to look like legitimate ones…

Read More
05 Jun

What if the Current AI Hype Is a Dead End?

Information, News

As I discussed in my previous column on Cybersecurity Futurism for Beginners, we are applying methods and approaches commonly used in future studies, especially horizon scanning and scenario planning, to explore future scenarios for how AI such as LLM’s may impact security operations going forward. To quickly rehash, horizon scanning is not strictly speaking about predicting the future. Rather, it’s about the early detection of weak signals to identify drivers of emerging trends. We’re not…

Read More
05 Jun

Atomic Wallet hack leads to at least $35M in stolen crypto assets

Data Breaches, Malware, Social Engineering

A cyberattack on crypto wallet Atomic Wallet has resulted in at least $35 million worth of crypto assets being stolen since June 2, according to ZachXBT, an independent  on-chain investigator known for tracing stolen crypto funds and assisting with hacked projects. The five most significant losses account for $17 million.  “Think it could surpass $50m. Keep finding more and more victims sadly,” said  ZachXBT, in a tweet. The biggest victim of the Atomic Wallet was…

Read More
05 Jun

SAFE Security claims to predict data breaches with new generative AI offering

Data Breaches, Malware, Social Engineering

AI-based cyber risk management SaaS vendor SAFE Security has announced the release Cyber Risk Cloud of Cloud – a new offering it claims uses generative AI to help businesses predict and prevent cyber breaches. It does so by answering questions about a customer’s cybersecurity posture and generating likelihoods for different risk scenarios. These include the likelihood of a business suffering a ransomware attack in the next 12 months and the dollar impact of an attack,…

Read More
05 Jun

CISOs, IT lack confidence in executives’ cyber-defense knowledge

Data Breaches, Malware, Social Engineering

IT security teams lack confidence in their executives’ ability to prevent attacks on their personal hardware, systems, and network. This is according to a study sponsored by BlackCloak, a provider of digital privacy protection for high-profile executives, Ponemon Institute surveyed 553 US IT and IT security practitioners. Asked to rate from 1 to 10 how confident they were in CEOs and executives’ abilities to know how to recognize a phishing email, only 28% of respondents…

Read More
03 Jun

Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech

Information, News

Josh Lospinoso’s first cybersecurity startup was acquired in 2017 by Raytheon/Forcepoint.. His second, Shift5, works with the U.S. military, rail operators and airlines including JetBlue. A 2009 West Point grad and Rhodes Scholar, the 36-year-old former Army captain spent more than a decade authoring hacking tools for the National Security Agency and U.S. Cyber Command. Lospinoso recently told a Senate Armed Services subcommittee how artificial intelligence can help protect military operations. The CEO/programmer discussed the subject with…

Read More
03 Jun

API security in the spotlight – Week in security with Tony Anscombe

Information

Given the reliance of today’s digital world on APIs and the fact that attacks targeting them continue to rise sharply, API security cannot be an afterthought. Given the increasing reliance of today’s digital world on APIs and the fact that cyberattacks targeting them continue to rise sharply, API security cannot be an afterthought. Here is how a poorly protected application programming interface creates security risks, what the main API security risks are, and what organizations…

Read More
03 Jun

In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack 

Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless crucial for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
02 Jun

Russia points finger at US for iPhone exploit campaign that also hit Kaspersky Lab

Data Breaches, Malware, Social Engineering

The Russian federal security agency, the FSB, has put out a security alert claiming that US intelligence services are behind an attack campaign that exploits vulnerabilities in iOS and compromised thousands of iPhones devices in Russia, including those of foreign diplomats. In a separate report, Russian antivirus vendor Kaspersky Lab said that several dozen of its senior employees and upper management were targeted as part of the operation, although unlike the FSB, the company did…

Read More