Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say
A small western Pennsylvania water authority was just one of multiple organizations breached in the United States by Iran-affiliated hackers who targeted a specific industrial control device because it is Israeli-made, U.S. and Israeli authorities say. "The victims span multiple U.S. states," the FBI, the Environmental Protection Agency, the Cybersecurity and Infrastructure Security Agency, known as CISA, as well as Israel's National Cyber Directorate said in an advisory late Friday. READ MORE...
Scores of US credit unions offline after ransomware infects backend cloud outfit
A ransomware infection at a cloud IT provider has disrupted services for 60 or so credit unions across the US, all of which were relying on the attacked vendor. This is according to the National Credit Union Administration, which on Friday told The Register it is fire-fighting the situation with the credit unions downed this week by the intrusion. The NCUA regulates and insures these financial orgs. READ MORE...
New Relic Says Hackers Accessed Internal Environment Using Stolen Credentials
Technology infrastructure monitoring firm New Relic on Friday disclosed a cyber incident that impacted an internal environment. The environment, the company said in an incident notification, hosts information related to how customers are using New Relic, as well as certain logs. According to San Francisco-based New Relic, the attackers gained access to the environment using social engineering and stolen credentials for an employee account. READ MORE...
Booking[.]com customers targeted in hotel booking scam
Scammers are hijacking hotels' Booking[.]com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. "Customers of multiple properties received email or in-app messages from Booking[.]com that purported to be from hotel owners requesting confirmation of payment details for upcoming stays," Secureworks researchers warn. READ MORE...
Update your iPhones! Apple fixes two zero-days in iOS
Apple has released emergency security updates for iOS 17.1.2 and iPadOS 17.1.2 to patch for two zero-day vulnerabilities that may have been actively exploited. Apple said both vulnerabilities were in the WebKit component, which is the engine that powers Safari browser on Macs as well as all browsers on iPhones and iPads. It is also the web browser engine used by Mail, App Store, and many other apps on macOS, iOS, and Linux. READ MORE...
US Health Dept urges hospitals to patch critical Citrix Bleed bug
The U.S. Department of Health and Human Services (HHS) warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks. Ransomware gangs are already using Citrix Bleed (tracked as CVE-2023-4966) to breach their targets' networks by circumventing login requirements and multifactor authentication protections. READ MORE...
UEFI flaws allow bootkits to pwn potentially hundreds of devices using images
Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers. Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could allow attackers to hijack poorly maintained image libraries to quietly deliver malicious payloads that bypass Secure Boot, Intel Boot Guard, AMD Hardware-Validated Boot, and others. READ MORE...
Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks
Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws. The mail systems run a software version that is currently unsupported and no longer receives any type of updates, being vulnerable to multiple security issues, some with a critical severity rating. Internet scans from The ShadowServer Foundation show that there are close to 20,000 Microsoft Exchange servers currently reachable over the public internet. READ MORE...
1960s chatbot ELIZA beat OpenAI's GPT-3.5 in a recent Turing test study
In a preprint research paper titled "Does GPT-4 Pass the Turing Test?", two researchers from UC San Diego pitted OpenAI's GPT-4 AI language model against human participants, GPT-3.5, and ELIZA to see which could trick participants into thinking it was human with the greatest success. But along the way, the study, which has not been peer-reviewed, found that human participants correctly identified other humans in only 63 percent of the interactions-and that a 1960s computer program surpassed the AI model that powers the free version of ChatGPT. READ MORE...
- ...in 1956, the Million Dollar Quartet (Elvis Presley, Jerry Lee Lewis, Carl Perkins, and Johnny Cash) have their first (and last) recording session at Sun Studio.
- ...in 1966, comedic actor and musician Fred Armisen ("Saturday Night Live", "Portlandia") is born in Hattiesburg, MS.
- ...in 1980, Led Zeppelin formally announces its breakup.
- ...in 1991, US airline Pan American World Airways ends its operations after 64 years.
