The sudden rise of DeepSeek has raised concerns and questions, especially about the origin and destination of the training data, as well as the security of the data. For those returning from a short holiday away from the news, DeepSeek is a new player on the Artificial Intelligence (AI) field. The Chinese startup has certainly taken the app stores by storm: In just a week after the launch it topped the charts as the most downloaded free app in the US. READ MORE...
The Federal Bureau of Investigation, along with several other international law enforcement departments, has seized control of several high-profile online platforms linked to cybercrime in a sweeping operation aimed at disrupting digital marketplaces for stolen credentials and hacking tools. The domains of forums Cracked[.]io and Nulled[.]to now redirect to FBI-controlled servers, signaling efforts to dismantle infrastructure that supports cybercriminal activity. READ MORE...
New York Blood Center Enterprises (NYBCe) is currently in its fifth day of handling a ransomware attack that has led to system disruption. Limited information is known at present, other than the usual boilerplate details which readers have come to expect from ransomware incident disclosures. The breach was detected on January 26 and NYBCe called in outside experts to assist with the remediation. READ MORE...
Graphics tablet maker Wacom has warned customers their credit card details may well have been stolen by miscreants while they were buying stuff from its website. We're told people's payment information was likely pilfered from the biz's online store between the end of November and early January, and that if you get a message from Wacom about this then consider yourself affected. If not, don't worry about it for now. READ MORE...
Law firm Berman & Rabin is notifying roughly 152,000 individuals that their personal information was compromised in a July 2024 ransomware attack. On July 8, the company said in a notification letter to the impacted individuals, Berman & Rabin identified suspicious activity on its systems, which included the encryption of certain data. The law firm determined that the threat actor behind the attack had access to its network between July 5 and July 8. READ MORE...
Yet another Mirai botnet variant is making the rounds, this time offering distributed denial-of-service (DDoS) as-a-service by exploiting flaws in Mitel SIP phones. It also features a unique capability to communicate with attacker command-and-control (C2). Researchers at the Akamai Security Intelligence and Response Team (SIRT) identified the variant of the infamous botnet, dubbed Aquabot. READ MORE...
DeepSeek has quickly upended markets with the release of an R1 model that is competitive with OpenAI's best-in-class reasoning models. But some have expressed worry that the model's Chinese origins mean it will be subject to limits when talking about topics sensitive to the country's government. The team at AI engineering and evaluation firm PromptFoo has tried to measure just how far the Chinese government's control of DeepSeek's responses goes. READ MORE...
Malware hunters at GreyNoise are reporting active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices alongside warnings that there are no patches available from the vendor. GreyNoise, which monitors the internet for malicious activity, described the flaw as a critical command injection issue that opens the door for attackers to gain full system compromise. The company cautions that there are more than 1,500 devices currently exposed to exploitation. READ MORE...
A new attack called 'Browser Syncjacking' demonstrates the possibility of using a seemingly benign Chrome extension to take over a victim's device. The new attack method, discovered by security researchers at SquareX, involves several steps, including Google profile hijacking, browser hijacking, and, eventually, device takeover. Despite the multi-stage process, the attack is stealthy, requires minimal permissions, and almost no victim interaction. READ MORE...
A ChatGPT jailbreak flaw, dubbed "Time Bandit," allows you to bypass OpenAI's safety guidelines when asking for detailed instructions on sensitive topics, including the creation of weapons, information on nuclear topics, and malware creation. The vulnerability was discovered by cybersecurity and AI researcher David Kuszmar, who found that ChatGPT suffered from "temporal confusion," making it possible to put the LLM into a state where it did not know whether it was in the past, present, or future. READ MORE...