Latest CyberSec News by @thecyberpicker

Cybersecurity News

A new Android malware has been discovered hidden inside trojanized versions of the Alpine Quest mapping app, which is reportedly used by Russian soldiers as part of war zone operational planning.

Blue Shield of California said an improper Google Analytics configuration exposed the data of more than 4.5 million people, while state regulators recently received more than a dozen other reports involving healthcare-related organizations.

New malware campaign targets Docker environments using unknown methods to secretly mine cryptocurrency, researchers warn.

The key findings from the 2024 FBI IC3 cybercrime report, including record-breaking losses, top scams, and ransomware trends.

Governments around the world have appeared to ease off from using internet shutdowns to silence protesters and control access to information, according to new data from internet infrastructure company Cloudflare.

WhatsApp has introduced a new Advanced Chat Privacy feature to protect sensitive information exchanged in private chats and group conversations.

DPRK hackers stole $137M in 2023 from TRON users via phishing, fueling nuclear programs and cyberattacks.

The dynamic nature of containers can make it challenging for security teams to detect runtime anomalies or pinpoint the source of a security incident, presenting an opportunity for attackers to stay undetected. Microsoft Threat Intelligence has observed threat actors taking advantage of unsecured workload identities to gain access to resources, including containerized environments. Microsoft data […]

Interesting research: “Guillotine: Hypervisors for Isolating Malicious AIs.” Abstract:As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a hypervisor architecture for sandboxing powerful AI models—models that, by accident or malice, can generate existential threats to humanity. Although Guillotine borrows some well-known virtualization techniques, Guillotine must also introduce fundamentally new isolation mechanisms to handle the unique threat model posed by existential-risk AIs. For example, a rogue AI may try to introspect upon hypervisor software or the underlying hardware substrate to enable later subversion of that control plane; thus, a Guillotine hypervisor requires careful co-design of the hypervisor software and the CPUs, RAM, NIC, and storage devices that support the hypervisor software, to thwart side channel leakage and more generally eliminate mechanisms for AI to exploit reflection-based vulnerabilities. Beyond such isolation at the software, network, and microarchitectural layers, a Guillotine hypervisor must also provide physical fail-safes more commonly associated with nuclear power plants, avionic platforms, and other types of mission critical systems. Physical fail-safes, e.g., involving electromechanical disconnection of network cables, or the flooding of a datacenter which holds a rogue AI, provide defense in depth if software, network, and microarchitectural isolation is compromised and a rogue AI must be temporarily shut down or permanently destroyed. ...

The DragonForce and Anubis groups are attempting to entice hackers to come and work with them by adopting affiliate models that would increase the volume of incidents their services can be used in.

Congress told the U.S. State Department how to approach global cyber challenges, but the administration’s plan would upend that strategy.

While AI-generated text in malicious emails has doubled, the rate of successful phishing breaches is stable.

Stolen credentials are becoming a more prevalent form of initial access, a report from Mandiant shows.

Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms.

After a 180% rise in last year’s report, the exploitation of vulnerabilities continues to grow, now accounting for 20% of all breaches

The FBI says cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year.

The FBI found that cybercrime losses climbed by 33% compared to 2023, driven by tactics like investment fraud and BEC

Phishing attacks now evade email filters, proxies, and MFA — making every attack feel like a zero-day. This article from Push Security breaks down why detection is failing and how real-time, in-browser analysis can help turn the tide.

ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers.

As AI research advances, model distillation will likely expand into new applications and improve the ability to address complex challenges like disinformation.

Synology renforce son positionnement sur le marché des solutions de sauvegarde avec ActiveProtect, une appliance tout-en-un pensée pour...-Publi-rédaction

Le patron du service messagerie russe considère que la création d’une backdoor par les autorités mettrait en danger la sécurité des données de...-Messagerie instantanée

UNC2428 used fake Israeli defense job ads in Oct 2024 to deploy MURKYTOUR malware, says Mandiant.

Mandiant’s M-Trends report found that credential theft rose significantly in 2024, driven by the growing use of infostealers

We share data, insights and recommendations from the incident response frontlines in the latest edition of our annual report.

Android spyware hidden in Alpine Quest targets Russian military, stealing files and locations via Telegram.

This week in cybersecurity from the editors at Cybercrime Magazine

Cisco Talos discovered a sophisticated attack on critical infrastructure by ToyMaker and Cactus, using the LAGTOY backdoor to orchestrate a relentless double extortion scheme.

It’s no secret that cyber criminals go after data. What’s often overlooked is shoring up direct protection where that data typically resides: in enterprise storage systems. That’s beginning to change. Related: The data storage economy Enterprise storage security has moved to the front burner. The emerging best practice is to approach it as a core