Proton launches privacy-respecting encrypted AI assistant Lumo
Proton has launched a new tool called Lumo, offering a privacy-first AI assistant that does not log user conversations and doesn't use their prompts for training.
Hackers fooled Cognizant help desk, says Clorox in $380M cyberattack lawsuit
Clorox is suing IT giant Cognizant for gross negligence, alleging it enabled a massive August 2023 cyberattack by resetting an employee's password for a hacker without first verifying their identity.
Russia turns to Kyrgyzstan’s booming crypto sector to evade sanctions, researchers say
According to a new report by blockchain intelligence firm TRM Labs, Kyrgyz-registered exchanges have repeatedly been used by sanctioned Russian entities.
US nuclear weapons agency hacked in Microsoft SharePoint attacks
Unknown threat actors have breached the National Nuclear Security Administration's network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain.
NPM package ‘is’ with 2.8M weekly downloads infected devs with malware
The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices.
Cisco network access security platform vulnerabilities under active exploitation | CyberScoop
The software defects, which have a maximum-severity rating, do not require authentication and allow remote attackers to execute code arbitrarily on the underlying system.
Authorities in Ukraine nab alleged admin of Russian-language cybercrime forum | CyberScoop
Officials accuse the unnamed suspect of running XSS.is, a key and long-running marketplace with more than 50,000 registered users. The suspect allegedly made more than $8.2 million.
« Vous voudriez savoir si c’était vous ? », il se fait pirater son mot de passe et provoque la faillite de son entreprise
En Grande-Bretagne, la saga de la société de transport KNP restera dans les annales comme l’un des plus retentissants effondrements industriels causés par une cyberattaque. Victime d’un ransomware en 2023, cette entreprise historique, fondée il y a 158 ans, a été précipitée dans la faillite à cause d’un mot de passe
US nuclear weapons agency reportedly hacked in SharePoint attacks
Unknown threat actors have reportedly breached the National Nuclear Security Administration's (NNSA) network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain.
5 Nevada men sentenced to prison for running Jetflicks pirated content site
The Justice Department said it ended “the largest internet privacy case… ever to go to trial as well as the first illegal streaming case ever to go to trial.”
How to harden your Active Directory against Kerberoasting
Kerberoasting gives attackers offline paths to crack service account password, without triggering alerts. Learn from Specops Software how to protect your Active Directory with stronger SPN password policies and reduced attack surfaces.
Clorox lawsuit says help-desk contractors handed over passwords in 2023 cyberattack
Help desk workers from the IT services company Cognizant were directly responsible for an August 2023 cyberattack that disrupted operations at the Clorox Company, the cleaning products giant alleges in a lawsuit.
CISA warns of hackers exploiting SysAid vulnerabilities in attacks
CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts.
Ukraine arrests suspected admin of XSS Russian hacking forum
The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor's office.
« Les données de 340 000 demandeurs d’emploi ont été consultées », êtes-vous concerné par le nouveau piratage de France Travail ?
Depuis quelques jours, de nombreux inscrits à France Travail ont reçu un courriel inquiétant : des personnes non autorisées ont accédé à leurs données personnelles hébergées sur la plateforme. Que s'est-il réellement passé ? Qui est concerné ? France Travail a déroulé la chronologie des faits pour Numerama. L’alerte
npm 'accidentally' removes Stylus package, breaks builds and pipelines
npm has taken down all versions of the Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package.