IT Security Newsletter

IT Security Newsletter - 7/3/2023

Written by Cadre | Mon, Jul 3, 2023

The huge power and potential danger of AI-generated code

In June 2021, GitHub announced Copilot, a kind of auto-complete for computer code powered by OpenAI's text-generation technology. It provided an early glimpse of the impressive potential of generative artificial intelligence to automate valuable work. Two years on, Copilot is one of the most mature examples of how the technology can take on tasks that previously had to be done by hand. READ MORE...

TSMC says some of its data was swept up in a hack on a hardware supplier

Chipmaker TSMC said on Friday that one of its hardware suppliers experienced a "security incident" that allowed the attackers to obtain configurations and settings for some of the servers the company uses in its corporate network. The disclosure came a day after the LockBit ransomware crime syndicate listed TSMC on its extortion site and threatened to publish the data unless it received a payment of $70 million. READ MORE...

One third of security breaches go unnoticed by security professionals

While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches aren't spotted by IT and security professionals, according to Gigamon. According to Flexera, 74% of organizations now exist in the hybrid cloud and this infrastructure is considered the 'norm' by Forrester analysts. READ MORE...

New technique can defeat voice authentication "after only six tries"

Voice authentication is back in the news with another tale of how easy it might be to compromise. University of Waterloo scientists have discovered a technique which they claim can bypass voice authentication with "up to a 99% success rate after only six tries". In fact this method is apparently so successful that it is said to evade spoofing countermeasures. Voice authentication is becoming increasingly popular for crucial services we make use of on a daily basis. READ MORE...

A proxyjacking campaign is looking for vulnerable SSH servers

A researcher at Akamai has posted a blog about a worrying new trend-proxyjacking-where criminals sell your bandwidth to a third-party proxy service. To understand how proxyjacking works, we'll need to explain a few things. There are several legitimate services that pay users to share their surplus Internet bandwidth, such as Peer2Profit and HoneyGain. The participants install software that adds their systems to the proxy-network of the service. READ MORE...

Russian Hacktivist Platform 'DDoSia' Grows Exponentially

After being launched by Russian hacktivist group "NoName057(16)" in the summer of 2022 and quickly gaining a substantial number of members and active users, the crowdsourced DDoS project known as "DDoSia" has grown exponentially, by 2,400%. The platform now has 10,000 active members compared with the 400 it had when it first launched. It also has 45,000 subscribers on its primary Telegram channel, compared with just 13,000 last summer. READ MORE...

How bad code fuels security mishaps

Bad code is still causing big problems. Synopsys and the Consortium for Information and Software Quality estimate that bad software costs the U.S. $2.41 trillion per year, recent research shows. Those costs come mostly from cybercrime, technical debt and software supply chain issues. That's a big, expensive challenge. But identifying and eliminating code that messes up operations or leaves gaping security holes isn't always easy. READ MORE...

Samsung Phone Flaws Added to CISA 'Must Patch' List Likely Exploited by Spyware Vendor

The US Cybersecurity and Infrastructure Security Agency (CISA) has added half a dozen flaws affecting Samsung smartphones to its Known Exploited Vulnerabilities Catalog, and they have all likely been exploited by a commercial spyware vendor. CISA added eight new vulnerabilities to its catalog on Thursday, including two D-Link router and access point vulnerabilities exploited by a Mirai botnet variant. READ MORE...

200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in 'Ultimate Member' Plugin

More than 200,000 WordPress websites are exposed to ongoing attacks targeting a critical vulnerability in the Ultimate Member plugin. Designed to make it easy for users to register and log in on sites, the plugin allows site owners to add user profiles, define roles, create custom form fields and member directories, and more. Some of the plugin's users have observed the creation of rogue accounts and reported them this week, but the attacks appear to have been ongoing at least since the beginning of June. READ MORE...

  • ...in 1775, George Washington assumes command of the Continental Army.
  • ...in 1863, Union troops at Gettysburg neutralize an ill-planned infantry charge by Confederate Maj. Gen. George Pickett, marking a decisive turning point in the Civil War.
  • ...in 1962, Jackie Robinson becomes the first African American to be inducted into the National Baseball Hall of Fame.
  • ...in 2013, Egyptian President Mohamed Morsi is overthrown by military coup after four days of protests calling for his resignation.