18
Aug
Black Hat 2023: How AI changes the monetization of search
Search engines, AI, and monetization in the new era
Read More
18
Aug
20k security folks in the desert – Week in security with Tony Anscombe
Unsurprisingly, artificial intelligence took the center stage at this year’s edition of Black Hat, one of the world’s largest gatherings of cybersecurity professionals
Read More
18
Aug
DEF CON 31: Robot vacuums may be doing more than they claim
When it comes to privacy, it remains complicated and near impossible for a consumer to make an informed decision.
Read More
18
Aug
S3 Ep148: Remembering crypto heroes
by Paul Ducklin CELEBRATING THE TRUE CRYPTO BROS No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG. ATM skimmers, ransomware servers, and a warning from the FBI. All…
Read More
18
Aug
Israel, US to Invest $4 Million in Critical Infrastructure Security Projects
Government agencies in Israel and the US have announced plans to invest $3.85 million in projects meant to improve the security of critical infrastructure in both countries. The investment is made through the BIRD Cyber Program, a joint initiative from the Israel National Cyber Directorate (INCD), the Israel-US Binational Industrial Research and Development (BIRD) Foundation, and the US Department of Homeland Security (DHS) Science and Technology Directorate (S&T). As part of the program, four grants…
Read More
17
Aug
Karma Catches Up to Global Phishing Service 16Shop
You’ve probably never heard of “16Shop,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. INTERPOL said authorities in Indonesia arrested the 21-year-old…
Read More
17
Aug
FBI warns about scams that lure you in as a mobile beta-tester
by Paul Ducklin The US Federal Bureau of Investigation (FBI) has just published an official public service announcement headlined with with a very specific warning: Cybercriminals Targeting Victims through Mobile Beta-Testing Applications. The Feds didn’t go as far as naming any specific vendors or services here, but one of the main reasons that crooks go down the “beta-testing” route is to lure users of Apple iPhones into installing software that didn’t come from the App…
Read More
17
Aug
Exploitation of Citrix ShareFile Vulnerability Spikes as CISA Issues Warning
Exploitation attempts targeting a remote code execution flaw in Citrix’s ShareFile product have spiked just as the US Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities Catalog. The vulnerability affecting the ShareFile file sharing and collaboration product is tracked as CVE-2023-24489 and it has been assigned a ‘critical’ severity rating. It can allow an unauthenticated attacker to upload arbitrary files and possibly achieve remote code execution. When details of the…
Read More
15
Aug
2,000 Citrix NetScaler Instances Backdoored via Recent Vulnerability
A threat actor has automated the exploitation of a recent Citrix vulnerability and has infected roughly 2,000 NetScaler instances with a backdoor, British information assurance firm NCC Group reports. Tracked as CVE-2023-3519, the critical vulnerability was disclosed last month as a zero-day, being exploited since June 2023, including in attacks against critical infrastructure organizations. The issue allows unauthenticated, remote attackers to execute arbitrary code on vulnerable Citrix Application Delivery Controller (ADC) and Gateway appliances that…
Read More
15
Aug
Crimeware server used by NetWalker ransomware seized and shut down
by Paul Ducklin It’s taken nearly ten years, but the US Department of Justice (DOJ) has just announced the court-approved seizure of a web domain called LolekHosted.net that was allegedly connected to a wide range of crimeware-as-a-service activities. The DOJ also charged a 36-year-old Polish man named Artur Karol Grabowski in connection with running the service, but his current whereabouts are unknown. In the DOJ’s blunt words, “Grabowski remains a fugitive.” The downed site is…
Read More