The DeepSeek controversy: Authorities ask where does the data come from and how safe is it?
The sudden rise of DeepSeek has raised concerns and questions, especially about the origin and destination of the training data, as well as the security of the data. For those returning from a short holiday away from the news, DeepSeek is a new player on the Artificial Intelligence (AI) field. The Chinese startup has certainly taken the app stores by storm: In just a week after the launch it topped the charts as the most downloaded free app in the US. READ MORE...
FBI seizes major cybercrime forums in coordinated domain takedown
The Federal Bureau of Investigation, along with several other international law enforcement departments, has seized control of several high-profile online platforms linked to cybercrime in a sweeping operation aimed at disrupting digital marketplaces for stolen credentials and hacking tools. The domains of forums Cracked[.]io and Nulled[.]to now redirect to FBI-controlled servers, signaling efforts to dismantle infrastructure that supports cybercriminal activity. READ MORE...
Ransomware attack at New York blood services provider - donors turned away during shortage crisis
New York Blood Center Enterprises (NYBCe) is currently in its fifth day of handling a ransomware attack that has led to system disruption. Limited information is known at present, other than the usual boilerplate details which readers have come to expect from ransomware incident disclosures. The breach was detected on January 26 and NYBCe called in outside experts to assist with the remediation. READ MORE...
Wacom says crooks probably swiped customer credit cards from its online checkout
Graphics tablet maker Wacom has warned customers their credit card details may well have been stolen by miscreants while they were buying stuff from its website. We're told people's payment information was likely pilfered from the biz's online store between the end of November and early January, and that if you get a message from Wacom about this then consider yourself affected. If not, don't worry about it for now. READ MORE...
152,000 Impacted by Data Breach at Berman & Rabin
Law firm Berman & Rabin is notifying roughly 152,000 individuals that their personal information was compromised in a July 2024 ransomware attack. On July 8, the company said in a notification letter to the impacted individuals, Berman & Rabin identified suspicious activity on its systems, which included the encryption of certain data. The law firm determined that the threat actor behind the attack had access to its network between July 5 and July 8. READ MORE...
Mirai Variant 'Aquabot' Exploits Mitel Device Flaws
Yet another Mirai botnet variant is making the rounds, this time offering distributed denial-of-service (DDoS) as-a-service by exploiting flaws in Mitel SIP phones. It also features a unique capability to communicate with attacker command-and-control (C2). Researchers at the Akamai Security Intelligence and Response Team (SIRT) identified the variant of the infamous botnet, dubbed Aquabot. READ MORE...
The questions the Chinese government doesn't want DeepSeek AI to answer
DeepSeek has quickly upended markets with the release of an R1 model that is competitive with OpenAI's best-in-class reasoning models. But some have expressed worry that the model's Chinese origins mean it will be subject to limits when talking about topics sensitive to the country's government. The team at AI engineering and evaluation firm PromptFoo has tried to measure just how far the Chinese government's control of DeepSeek's responses goes. READ MORE...
New Zyxel Zero-Day Under Attack, No Patch Available
Malware hunters at GreyNoise are reporting active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices alongside warnings that there are no patches available from the vendor. GreyNoise, which monitors the internet for malicious activity, described the flaw as a critical command injection issue that opens the door for attackers to gain full system compromise. The company cautions that there are more than 1,500 devices currently exposed to exploitation. READ MORE...
New Syncjacking attack hijacks devices using Chrome extensions
A new attack called 'Browser Syncjacking' demonstrates the possibility of using a seemingly benign Chrome extension to take over a victim's device. The new attack method, discovered by security researchers at SquareX, involves several steps, including Google profile hijacking, browser hijacking, and, eventually, device takeover. Despite the multi-stage process, the attack is stealthy, requires minimal permissions, and almost no victim interaction. READ MORE...
Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics
A ChatGPT jailbreak flaw, dubbed "Time Bandit," allows you to bypass OpenAI's safety guidelines when asking for detailed instructions on sensitive topics, including the creation of weapons, information on nuclear topics, and malware creation. The vulnerability was discovered by cybersecurity and AI researcher David Kuszmar, who found that ChatGPT suffered from "temporal confusion," making it possible to put the LLM into a state where it did not know whether it was in the past, present, or future. READ MORE...
- ...in 1882, the 32nd President of the United States, Franklin Delano Roosevelt, is born in Hyde Park, NY.
- ...in 1930, actor Gene Hackman ("The French Connection", "The Royal Tenenbaums") is born in San Bernardino, CA.
- ...in 1969, the Beatles put on their last public performance, an impromptu concert on the roof of Apple Records in London.
- ...in 1982, programmer Rich Skrenta writes the Apple II Elk Cloner virus, believed to be the very first computer virus devised for a PC.
