The sensitive data of several Israeli athletes in the Paris Olympic Games was published on Telegram in an alleged doxing attack on Friday. The information includes blood test results and login credentials that required France's Anti-Cybercrime Office (OFAC) to seek removal of the data after it was first reported. A hacking group calling itself "Zeus" is allegedly responsible, and also purportedly leaked the military status of Israeli athletes on social media a day prior. READ MORE...
An India-aligned nation-state threat actor has been targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea in recent attacks, BlackBerry reports. The advanced persistent threat (APT) actor, tracked as SideWinder, Rattlesnake, and Razor Tiger, has been active since at least 2012, mainly targeting government, military, and businesses in Pakistan, Afghanistan, China, and Nepal, for cyberespionage. READ MORE...
Data breaches are painfully expensive and the cost for impacted businesses has grown every year since 2020. The global average cost of a data breach is nearly $4.9 million this year, up nearly 10% from almost $4.5 million in 2023, IBM said Tuesday in its annual Cost of a Data Breach report. U.S. organizations led the world with the highest average data breach cost of almost $9.4 million, a dubious distinction it has earned for the 14th straight year. READ MORE...
Generative AI (GenAI) is making waves across the world. Its popularity and widespread use has also attracted the attention of cybercriminals, leading to various cyberthreats. Yet much discussion around threats associated with tools like ChatGPT has focused on how the technology can be misused to help fraudsters create convincing phishing messages, produce malicious code or probe for vulnerabilities. READ MORE...
A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. Bitdefender first documented Mandrake in 2020, with the researchers highlighting the malware's sophisticated spying capabilities and noting that it has operated in the wild since at least 2016. READ MORE...
Estimated financial losses due to the recent massive IT outage triggered by the faulty CrowdStrike update are counted in billions, but the unfortunate incident is having several positive effects, as well. As CrowdStrike was forced to explain, in great detail, how they roll out updates for its Falcon Sensors, what testing they perform beforehand, and how they plan to improve the whole process to prevent similar accidents from happening in the future. READ MORE...
Microsoft is urging users of VMware's ESXi hypervisor to take immediate action to ward off ongoing attacks by ransomware groups that give them full administrative control of the servers the product runs on. The vulnerability, tracked as CVE-2024-37085, allows attackers who have already gained limited system rights on a targeted server to gain full administrative control of the ESXi hypervisor. READ MORE...
Meta's machine-learning model for detecting prompt injection attacks - special prompts to make neural networks behave inappropriately - is itself vulnerable to, you guessed it, prompt injection attacks. Prompt-Guard-86M, introduced by Meta last week in conjunction with its Llama 3.1 generative model, is intended "to help developers detect and respond to prompt injection and jailbreak inputs," the social network giant said. READ MORE...
A threat actor on BreachForums is claiming to have harvested email addresses and associated hashes from more than 105 ServiceNow databases after exploiting two recently disclosed critical vulnerabilities in the cloud-based IT service management platform. Researchers from Resecurity's HUNTER threat team warned late last week that the two ServiceNow vulnerabilities were being actively exploited in the wild. READ MORE...