CyberSecure Specialist

09 Jun

Google Introduces SAIF, a Framework for Secure AI Development and Use

Information, News

The Google SAIF (Secure AI Framework) is designed to provide a security framework or ecosystem for the development, use and protection of AI systems. All new technologies bring new opportunities, threats, and risks. As business concentrates on harnessing opportunities, threats and risks can be overlooked. With AI, this could be disastrous for business, business customers, and people in general. SAIF offers six core elements to ensure maximum security in AI. Expand strong security foundations to…

Read More
09 Jun

Key role targeted cyber attacks are on the rise

Attacks, Data Breaches

Research by Ponemon Institute and cyber security company BlackCloak has found that hackers have been directly targeting C-suite executives and their family members with cyber attacks via their personal email addresses.  In Understanding the serious risks to executives’ personal cybersecurity and digital lives, which was released on June 5, researchers found that 42 percent of organizations said that an executive or an executive’s family member had been the direct target of a cyber attack. This…

Read More
08 Jun

ACT government falls victim to Barracuda’s ESG vulnerability

Data Breaches, Malware, Social Engineering

The Australian Capital Territory government is one of the victims of a vulnerability found in Barracuda’s email security gateway (ESG). In a press conference on 8 June, ACT government chief digital officer Bettina Konti said there is a likelihood that some personal information is involved but the harms assessment needs to completed for that to be clear. Barracuda had first identified the CVE-2023-2838 vulnerability on 19 May issuing a patch worldwide on 20 May followed…

Read More
08 Jun

North Korean APT group targets email credentials in social engineering campaign

Data Breaches, Malware, Social Engineering

Researchers warn of a social engineering campaign by the North Korean APT group known as Kimsuky that attempts to steal email credentials and plant malware. The campaign, focused on experts in North Korean affairs, is part of this group’s larger intelligence gathering operations that target research centers, think tanks, academic institutions, and news outlets globally. “Kimsuky, a suspected North Korean advanced persistent threat (APT) group whose activities align with the interests of the North Korean…

Read More
08 Jun

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Information, Insights

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no…

Read More
08 Jun

Hear no evil: Ultrasound attacks on voice assistants

Information

How  your voice assistant could do the bidding of a hacker – without you ever hearing a thing Regular WeLiveSecurity readers won’t be stunned to read that cyberattacks and their methods keep evolving as bad actors continue to enhance their repertoire. It’s also become a common refrain that as security vulnerabilities are found and patched (alas, sometimes after being exploited), malicious actors find new chinks in the software armor. Sometimes, however, it is not “just”…

Read More
08 Jun

Firefox 114 is out: No 0-days, but one fascinating “teachable moment” bug

Information

by Paul Ducklin Firefox’s latest major update is out, following Mozilla’s usual every-fourth-Tuesday release cycle. The list of security fixes this month (like full moons, there are sometimes two Firefox releases in a calendar month, but most months only have one) is splendidly short, and there aren’t any critical bugs or zero-days in the list. But there’s a fascinating bug that acts as a reminder that it’s hard to write responsive, user-friendly browser code that’s…

Read More
08 Jun

S3 Ep138: I like to MOVEit, MOVEit

Information

by Paul Ducklin BACKDOORS, EXPLOITS, AND LITTLE BOBBY TABLES No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Backdoors, exploits, and the triumphant return of Little Bobby…

Read More
08 Jun

Google Cloud launches Cryptomining Protection Program

Data Breaches, Malware, Social Engineering

Google Cloud has launched its Cryptomining Protection Program for Security Command Center (SCC) Premium customers with up to $1 million to cover unauthorized Google Cloud compute expenses associated with undetected cryptomining attacks. SCC Premium customers will have access to the new product for free. SCC Premium works with a pay-as-you-go pricing, and as one-year and multi-year fixed-price subscriptions.  According to Google Cybersecurity Action Team (GCAT) September 2022 Threat Horizons Report, threat actors frequently targeted weak and default…

Read More
08 Jun

Consolidate Vendors and Products for Better Security

Information, News

Organizations everywhere are evolving in new ways, whether it’s embracing remote work or developing new digital business initiatives. Although these changes can be crucial to business growth and employee retention, they often expand the attack surface, which leads to greater day-to-day operational complexity for Security Operations Center (SOC) teams. At the same time the attack surface is increasing, threats are also on the upswing. Cyberattacks are becoming more sophisticated and organizations of all sizes across…

Read More