Microsoft issued a patch for a zero-day that researchers at Kaspersky said was used to deliver Nokoyawa ransomware. In a move meant to maximize the damage and reach of its ransomware campaign, a cybercrime group recently deployed a Microsoft zero-day vulnerability to execute a global digital extortion campaign against small and medium-sized businesses, researchers at the cybersecurity firm Kaspersky said Tuesday. READ MORE...
Bots like ChatGPT may not be able to pull off the next big Microsoft server worm or Colonial Pipeline ransomware super-infection but they may help criminal gangs and nation-state hackers develop some attacks against IT, according to Rob Joyce, director of the NSA's Cybersecurity Directorate. Joyce, speaking at CrowdStrike's Government Summit Tuesday, said he doesn't expect to see - at least not "in the near term" - AI used "for automated attacks that will rip through systems at speeds that are unfathomable today." READ MORE...
The developers of Kodi, the widely used open-source media player app, have revealed a data breach of its user forum. The breach did not happen due to a vulnerability. Instead, an unknown attacker used the account of a legitimate but inactive member of the forum admin team to access the MyBB admin console on two occasions: February 16 and 21, 2023. The attacker was able to create backups of databases, which they then downloaded and deleted. READ MORE...
Hackers are compromising websites to inject scripts that display fake Google Chrome automatic update errors that distribute malware to unaware visitors. The campaign has been underway since November 2022, and according to NTT's security analyst Rintaro Koike, it shifted up a gear after February 2023, expanding its targeting scope to cover users who speak Japanese, Korean, and Spanish. READ MORE...
Password managers aren't foolproof, but they do help mitigate risks from weak credentials and password reuse. Following best practices can contribute to a company's defenses. Over the past few months, several leading password managers have been victims of hacking and data breaches. For instance, LastPass, which experienced a massive breach last year, recently announced again that the company's password vault has been stolen. And thanks to the bad practice of reusing passwords too often, Norton LifeLock also reported compromises to its password manager. READ MORE...
The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to Red Access. Among the report's most critical findings is the revelation that browsing-based threats ranked as CISOs' number one concern, regardless of whether their organization was operating primarily in an in-office, hybrid, or remote setting. READ MORE...