OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation
OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating AI-generated profile pictures for fake accounts […]
Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems
Cybersecurity security researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck. « A vulnerability in the […]
6 Simple Steps to Eliminate SOC Analyst Burnout
The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and incidents. As a result, SOC analysts often leave in search of […]
Vol de données : Marriott va payer 52 millions $
Le gendarme américain de la consommation et de la concurrence condamne le groupe hôtelier Marriott pour ses mauvaises pratiques en matière de sécurité des données.
Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms
Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. « At first glance, the thing that stood out was the script’s obfuscation, which seemed a bit bizarre because of all the accented characters, » Jscrambler researchers said in an analysis. « The heavy use […]
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb. « A
Firefox Zero-Day Under Attack: Update Your Browser Immediately
Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component. « An attacker was able to achieve code execution in the content process by exploiting […]
Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale
Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams. The initiative, which has been codenamed the Global Signal Exchange (GSE), is designed to create real-time insights into scams, fraud, and other forms of cybercrime pooling together threat signals from different data […]
Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries
Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments. « The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution, » Claroty researchers Mashav Sapir and Vera
N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware
Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview that Palo Alto Networks Unit 42 first disclosed in November 2023. […]