Information

24 May

White House Unveils New Efforts to Guide Federal Research of AI

Information, News

The White House on Tuesday announced new efforts to guide federally backed research on artificial intelligence as the Biden administration looks to get a firmer grip on understanding the risks and opportunities of the rapidly evolving technology. Among the moves unveiled by the administration was a tweak to the United States’ strategic plan on artificial intelligence research, which was last updated in 2019, to add greater emphasis on international collaboration with allies. White House officials…

Read More
23 May

Phone scamming kingpin gets 13 years for running “iSpoof” service

Information

by Naked Security writer In November 2022, we wrote about a multi-country takedown against a Cybercrime-as-a-Service (CaaS) system known as iSpoof. Although iSpoof advertised openly for business on a non-darkweb site, reachable with a regular browser via a non-onion domain name, and even though using its services might technically have been legal in your country (if you’re a lawyer, we’d love to hear your opinion on that issue once you’ve seen the historical website screenshots…

Read More
22 May

Interview With a Crypto Scam Investment Spammer

Information, Insights

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code. Renaud…

Read More
22 May

GAO Tells Federal Agencies to Fully Implement Key Cloud Security Practices

Information, News

A new US Government Accountability Office (GAO) report shows that the Departments of Agriculture, Homeland Security (DHS), Labor, and the Treasury have not fully implemented six key cloud security practices for their systems. According to the 60-page GAO report (PDF), only one agency fully implemented four practices for most of its systems, while three other agencies fully implemented three practices for their systems. The remaining practices, GAO says, were either partially implemented or not implemented…

Read More
22 May

Samsung Smartphone Users Warned of Actively Exploited Vulnerability

Information, News

Samsung smartphone users have been warned by the vendor and the US Cybersecurity and Infrastructure Security Agency (CISA) about a recently patched vulnerability being exploited in attacks. The flaw in question is CVE-2023-21492, described as a kernel pointer exposure issue related to log files. The security hole can allow a privileged local attacker to bypass the ASLR exploit mitigation technique. This indicates that it has likely been chained with other bugs. Samsung patched CVE-2023-21492 with…

Read More
20 May

The real cost of a free lunch – Week in security with Tony Anscombe

Information

Don’t download software from non-reputable websites and sketchy links – you might be in for more than you bargained for Chances are good that you have, at some point, searched for free stuff online, including software, movies, TV shows, or live streams of sports matches. But the truth is that this search for “free” may ultimately come at a high cost, especially if it involves the promise of effortlessly downloading a free version of what’s…

Read More
19 May

US Teenager Indicted for Credential Stuffing Attack on Fantasy Sports Website

Data Breaches, Information, News

A Wisconsin teenager has been charged with accessing tens of thousands of user accounts at a fantasy sports and betting website after launching a credential stuffing attack on the site. According to a six-count criminal complaint (PDF), the teenager, Joseph Garrison, of Wisconsin, launched the attack on the betting website on November 18, 2022, accessing roughly 60,000 accounts without authorization. In some cases, the defendant and others added a new payment method to the compromised…

Read More
19 May

Pimcore Platform Flaws Exposed Users to Code Execution

Information, News

Security researchers are warning that vulnerabilities patched in the open-source Pimcore platform could have led to the execution of arbitrary code when clicking on a link. A digital experience platform, Pimcore provides data and user experience management capabilities to over 100,000 organizations worldwide. In March 2023, version 10.5.19 of the Pimcore platform resolved two issues that could have been used together to achieve arbitrary code execution, open source software security company Sonar Source says. The…

Read More
19 May

What TikTok knows about you – and what you should know about TikTok

Information

As TikTok CEO attempts to placate U.S. lawmakers, it’s time for us all to think about the wealth of personal information that TikTok and other social media giants collect about us TikTok CEO Shou Zi Chew has appeared before the U.S. Congress to give his take on the app’s data security and privacy practices and possible links to the Chinese government amid a nationwide discussion about a blanket ban on TikTok in the US. The…

Read More
19 May

5 useful search engines for internet‑connected devices and services

Information

A roundup of some of the handiest tools that security professionals can use to search for and monitor devices that are accessible from the internet Internet security is a constant concern for technology and cybersecurity professionals. With the ever-increasing number of online devices and services, it is important to have a clear and accurate view of the online presence of these devices and services in order to protect them and data against online threats. Some…

Read More