Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30533 bookmarks
Custom sorting
Service desks are under attack: What can you do about it?
Service desks are under attack: What can you do about it?
Service desks are on the front lines of defense—and attackers know it. Attackers are using social engineering attacks to trick agents into changing passwords, disabling MFA, and granting access. Learn more from Specops Software on how to secure your service desk.
·bleepingcomputer.com·
Service desks are under attack: What can you do about it?
RVTools hit in supply chain attack to deliver Bumblebee malware
RVTools hit in supply chain attack to deliver Bumblebee malware
The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack where hackers replaced a DLL in the distributed installer to drop the Bumblebee malware loader on users' machines.
·bleepingcomputer.com·
RVTools hit in supply chain attack to deliver Bumblebee malware
High-Profile AI Failures Teach Us About Resilience | CSA
High-Profile AI Failures Teach Us About Resilience | CSA
When AI fails, it often fails fast and loud. Apply CSA’s AI Resilience Benchmarking Model to 4 real incidents to get a better understanding of AI failures.
·cloudsecurityalliance.org·
High-Profile AI Failures Teach Us About Resilience | CSA
Duping Cloud Functions: An emerging serverless attack vector
Duping Cloud Functions: An emerging serverless attack vector
Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure.
·blog.talosintelligence.com·
Duping Cloud Functions: An emerging serverless attack vector
DoorDash Hack - Schneier on Security
DoorDash Hack - Schneier on Security
A DoorDash driver stole over $2.5 million over several months: The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the others involved had created. Devagiri would then mark the undelivered orders as complete and prompt DoorDash’s system to pay the driver accounts. Then he’d switch those same orders back to “in process” and do it all over again. Doing this “took less than five minutes, and was repeated hundreds of times for many of the orders,” writes the US Attorney’s Office...
·schneier.com·
DoorDash Hack - Schneier on Security
Mounting GenAI Cyber Risks Spur Investment in AI Security
Mounting GenAI Cyber Risks Spur Investment in AI Security
Thales found that 73% of organizations are investing in AI-specific security tools, amid surging takeup of GenAI tools in enterprises
·infosecurity-magazine.com·
Mounting GenAI Cyber Risks Spur Investment in AI Security
Consent Phishing: Bypassing MFA with OAuth | CSA
Consent Phishing: Bypassing MFA with OAuth | CSA
Explore how consent phishing exploits OAuth to bypass MFA, granting attackers persistent access to SaaS apps. Learn strategies to defend against this threat.
·cloudsecurityalliance.org·
Consent Phishing: Bypassing MFA with OAuth | CSA
Malware-infected printer delivered something extra to Windows users
Malware-infected printer delivered something extra to Windows users
You'd hope that spending $6,000 on a printer would give you a secure experience, free from viruses and other malware. However, in the case of Procolored printers, you'd be wrong.
·malwarebytes.com·
Malware-infected printer delivered something extra to Windows users
OpenAI plans to combine multiple models into GPT-5
OpenAI plans to combine multiple models into GPT-5
OpenAI is planning to combine multiple products (features or models) into its next foundational model, which is called GPT-5.
·bleepingcomputer.com·
OpenAI plans to combine multiple models into GPT-5