Estée Lauder takes down some systems following cyberattack
Estée Lauder took some of its systems down as a proactive measure in response to a cyberattack that involved the theft of corporate data, the company said Tuesday. The ALPHV ransomware group, which claims to be behind the attack, said it first contacted Estée Lauder leadership via corporate and personal email accounts on July 15. The group claims Estée Lauder has not responded and listed the company on its leak site Tuesday, according to activity observed by Emsisoft Threat Analyst Brett Callow. READ MORE...
Attackers find new ways to deliver DDoSes with "alarming" sophistication
The protracted arms race between criminals who wage distributed denial-of-service attacks and the defenders who attempt to stop them continues, as the former embraces "alarming" new methods to make their online offensives more powerful and destructive, researchers from content-delivery network Cloudflare reported Wednesday. With a global network, Cloudflare has visibility into these types of attacks that's shared by only a handful of other companies. READ MORE...
Adobe emergency patch fixes new ColdFusion zero-day used in attacks
Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in attacks. As part of today's out-of-band update, Adobe fixed three vulnerabilities: a critical RCE tracked as CVE-2023-38204 (9.8 rating), a critical Improper Access Control flaw tracked as CVE-2023-38205 (7.8 rating), and a moderate Improper Access Control flaw tracked as CVE-2023-38206 (5.3 rating). READ MORE...
New P2PInfect worm malware targets Linux and Windows Redis servers
Earlier this month, security researchers discovered a new peer-to-peer (P2P) malware with self-spreading capabilities that targets Redis instances running on Internet-exposed Windows and Linux systems. The Unit 42 researchers who spotted the Rust-based worm (named P2PInfect) on July 11 also found that it hacks into Redis servers that have been left vulnerable to the maximum severity CVE-2022-0543 Lua sandbox escape vulnerability. READ MORE...
SophosEncrypt Ransomware Fools Security Researchers
The SophosEncrypt ransomware-as-a-service (RaaS) threat has emerged, after flying under the radar by impersonating cybersecurity vendor Sophos. The incident was discovered by MalwareHunterTeam (@malwrhunterteam), which posted a series of four images on Twitter with the caption "'### Encryption program -SOPHOS ###' Sophos ransomware?" In response, Sophos (@SophosXOps) tweeted back: "Thanks @malwrhunterteam for the heads up, we found this on [VirusTotal] VT earlier and have been investigating." READ MORE...
Microsoft offers free security logs amid backlash from State Department hack
Microsoft agreed to provide cloud security log features available to customers for free, after enduring days of withering criticism following the state-linked email hacks against 25 of its customers, including the U.S. State Department. The Cybersecurity and Infrastructure Security Agency announced the partnership with Microsoft to provide access to the cloud logging features by default Wednesday. READ MORE...
Tech support scammers go analog, ask victims to mail bundles of cash
Cybercriminals are taking their business offline in a new approach to familiar technical support scams recently identified by the US Federal Bureau of Investigation. In a bulletin published yesterday, the FBI's Internet Crime Complaint Center says it's noticed a recent uptick in technical support scams across the US that, rather than urging victims to wire funds, send cryptocurrency or hand over gift card codes, is asking them to mail magazine-wrapped wads of cash. READ MORE...
Docker Hub images found to expose secrets and private keys
Numerous Docker images shared on Docker Hub are exposing sensitive data, according to a study conducted by researchers at the German university RWTH Aachen. Needless to say, this poses a significant security risk. In traditional software development, programmers code an application in one computing environment only to find bugs or errors when it's deployed in another environment. READ MORE...
Study claims ChatGPT is losing capability, but some experts aren't convinced
On Tuesday, researchers from Stanford University and University of California, Berkeley released a research paper that purports to show changes in GPT-4's outputs over time. The paper fuels a common-but-unproven belief that the AI language model has grown worse at coding and compositional tasks over the past few months. Some experts aren't convinced by the results, but they say that the lack of certainty points to a larger problem with how OpenAI handles its model releases. READ MORE...
- ...in 1903, the Ford Motor Company ships its first automobile.
- ...in 1932, Korean-American artist Nam June Paik, creator of the "Metrobot" sculpture outside Cincinnati's Contemporary Arts Center, is born in Seoul, South Korea.
- ...in 1965, Bob Dylan releases "Like a Rolling Stone".
- ...in 1969, Apollo 11's crew successfully makes the first manned landing on Earth's Moon, touching down on the Sea of Tranquility.
