Apple’s AI promise: “Your data is never stored or made accessible to Apple”
And publicly reviewable server code means experts can "verify this privacy promise."
Private Cloud Compute: A new frontier for AI privacy in the cloud
Secure and private AI processing in the cloud poses a formidable new challenge. To support advanced features of Apple Intelligence with larger foundation models, we created Private Cloud Compute (PCC), a groundbreaking cloud intelligence system designed specifically for private AI processing. Built with custom Apple silicon and a hardened operating system, Private Cloud Compute extends the industry-leading security and privacy of Apple devices into the cloud, making sure that personal user data sent to PCC isn’t accessible to anyone other than the user — not even to Apple. We believe Private Cloud Compute is the most advanced security architecture ever deployed for cloud AI compute at scale.
La SSR sur ses gardes face à l'éventualité de cyberattaques pendant le sommet du Bürgenstock
Si la Russie ne participera pas à la conférence sur la paix en Ukraine du Bürgenstock, l'Office fédéral de la cybersécurité met en garde contre d'éventuelles actions perturbatrices de sa part. Première responsable de la transmission d'informations, la SSR est sur le qui-vive.
Malicious VSCode extensions with millions of installs discovered
A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to
Russia-linked 'Lumma' crypto stealer now targets Python devs
Sonatype's automated malware detection systems identified a malicious PyPI package called crytic-compilers, connected to Russia-linked Lumma Windows stealer, and named very closely after a well-known legitimate Python library that is used by cryptocurrency developers.
Menace Unleashed: Excel File Deploys Cobalt Strike at Ukraine | Fortinet Blog
FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file. Learn more.
Microsoft hit with EU privacy complaints over schools' use of 365 Education suite
Microsoft's education-focused flavor of its cloud productivity suite, Microsoft 365 Education, is facing investigation in the European Union. Privacy
Major London hospitals disrupted by Synnovis ransomware attack
A ransomware attack affecting pathology and diagnostic services provider Synnovis has impacted healthcare services at multiple major NHS hospitals in London.
Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks
In this analysis, Morphisec Threat Labs details the latest Sticky Werewolf cyber threat group campaign targeting the aviation industry.
Revealed: Russian legal foundation linked to Kremlin activities in Europe | Russia | The Guardian
Leaked internal documents have exposed the activities of a Russian state-backed legal defence foundation that European intelligence agencies and analysts say is in fact a Kremlin influence operation active in 48 countries across Europe and around the world. Internal documents from the Fund for Support and Protection of the Rights of Compatriots Living Abroad (Pravfond) indicate that the foundation finances propaganda websites targeted at Europeans, helped pay for the legal defence of the convicted arms trafficker Viktor Bout and the assassin Vadim Krasikov, and has employed a number of former intelligence officers as the directors of its operations in European countries.
The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever | WIRED
The number of alleged hacks targeting the customers of cloud storage firm Snowflake appears to be snowballing into one of the biggest data breaches of all time.
Security Alert: CVE-2024-4577 - PHP CGI Argument Injection Vulnerability
While implementing PHP, the team did not notice the Best-Fit feature of encoding conversion within the Windows operating system. This oversight allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences. Arbitrary code can be executed on remote PHP servers through the argument injection attack.
No Way, PHP Strikes Again! (CVE-2024-4577)
Orange Tsai tweeted a few hours ago about “One of [his] PHP vulnerabilities, which affects XAMPP by default”, and we were curious to say the least. XAMPP is a very popular way for administrators and developers to rapidly deploy Apache, PHP, and a bunch of other tools, and any bug
Operation Crimson Palace: A Technical Deep Dive – Sophos News
Sophos Managed Detection and Response initiated a threat hunt across all customers after the detection of abuse of a vulnerable legitimate VMware executable (vmnat.exe) to perform dynamic link library (DLL) side-loading on one customer’s network. In a search for similar incidents in telemetry, MDR ultimately uncovered a complex, persistent cyberespionage campaign targeting a high-profile government organization in Southeast Asia. As described in the first part of this report, we identified at least three distinct clusters of intrusion activity present in the organization’s network from at least March 2023 through December 2023. The three security threat activity clusters—which we designated as Alpha (STAC1248), Bravo (STAC1870), and Charlie (STAC1305) – are assessed with high confidence to operate on behalf of Chinese state interests. In this continuation of our report, we will provide deeper technical analysis of the three activity clusters, including the tactics, techniques, and procedures (TTPs) used in the campaign, aligned to activity clusters where possible. We also provide additional technical details on prior compromises within the same organization that appear to be connected to the campaign.
Europe's cybersecurity chief says disruptive attacks have doubled in 2024, sees Russia behind many
The top European Union cybersecurity official says that disruptive digital attacks have doubled in the 27-member bloc in recent months and election-related services are also being targeted.
Vulnerability in Cisco Webex cloud service exposed government authorities, companies
A previously discovered vulnerability affecting self-hosted Cisco Webex instances similarly affected the Webex cloud service.
Cyberattack on telecom giant Frontier claimed by RansomHub
The Dallas-based company had said in a regulatory filing in April that a cybercrime group was responsible for a data breach. The gang added Frontier to its leak site on June 1.
CVE-2024-27822: macOS PackageKit Privilege Escalation
Another fun exploit! This time with local privilege escalation through Apple’s PackageKit.framework when running ZSH-based PKGs 🎉.
Ransomware attack hits major London hospitals
Pathology lab provider targeted, affecting blood transfusions and surgeries
Analysts join the call for Microsoft to recall Recall
If Microsoft intended the 2024 Build event to be overshadowed by controversy then it succeeded as calls intensify for the company to rethink its strategy around Recall. The Windows Recall feature, still in preview, takes a snapshot of a Copilot+ PC user's screen every couple of seconds and then sends it to disk, letting the user scroll the archive of snapshots when looking for something or use an AI system to recall screenshots by text.
Un prestataire externe de la Ville d'Yverdon-les-Bains victime d'une cyberattaque
Un prestataire externe du Service des énergies de la ville d'Yverdon-les-Bains (VD) a été victime fin mai d'une cyberattaque. Près de 12'300 particuliers et entreprises pourraient être concernés. Mais à ce stade, rien n'indique que des données aient été consultées ou copiées.
PikaBot: a Guide to its Deep Secrets and Operations - Sekoia.io Blog
Uncover an in-depth analysis of PikaBot, a malware loader used by Initial Access Brokers for network compromise and ransomware deployment.
TikTok fails 'disinformation test' before EU vote, study shows
Wildly popular social network TikTok approved adverts containing political disinformation ahead of European polls, a report showed Tuesday (4 June), flouting its own guidelines and raising questions about its ability to detect election falsehoods.
Live Nation confirms Ticketmaster breach after hackers hawk stolen info of 560 million
The company has confirmed that the leaked data was from a database hosted on Snowflake — one of the largest cloud storage companies.
Crooks threaten to leak 2.9B records of personal info
Billions of records detailing people's personal information may soon be dumped online after being allegedly obtained from a Florida firm that handles background checks and other requests for folks' private info. A criminal gang that goes by the handle USDoD put the database up for sale for $3.5 million on an underworld forum in April, and rather incredibly claimed the trove included 2.9 billion records on all US, Canadian, and British citizens. It's believed one or more miscreants using the handle SXUL was responsible for the alleged exfiltration, who passed it onto USDoD, which is acting as a broker.
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive the traffic from the vulnerable server:
Telegram Combolists and 361M Email Addresses
Last week, a security researcher sent me 122GB of data scraped out of thousands of Telegram channels. It contained 1.7k files with 2B lines and 361M unique email addresses of which 151M had never been seen in HIBP before. Alongside those addresses were passwords and, in many cases, the website the data pertains to. I've loaded it into Have I Been Pwned (HIBP) today because there's a huge amount of previously unseen email addresses and based on all the checks I've done, it's legitimate data. That's the high-level overview, now here are the details:
Google Leak Reveals Thousands of Privacy Incidents
An internal Google database obtained by 404 Media shows Google recording childrens' voices, saving license plates from Street View, and many other self-reported incidents, large and small.
Detecting and Preventing Unauthorized User Access: Instructions
Snowflake recently observed and is investigating an increase in cyber threat activity targeting some of our customers’ accounts. We believe this is the result of ongoing industry-wide, identity-based attacks with the intent to obtain customer data. Research indicates that these types of attacks are performed with our customers’ user credentials that were exposed through unrelated cyber threat activity. To date, we do not believe this activity is caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product. Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted. This post will assist with investigating any potential threat activity within Snowflake customer accounts and provide guidance in the “Recommended Actions” section below.
Molding lies into reality || Exploiting CVE-2024-4358
Progress Report Server Unauthenticated Remote Code Execution Chain