MOVEit attack spree makes Clop this summer's most-prolific ransomware group
Clop was responsible for one-third of all ransomware attacks in July, positioning the financially-motivated threat actor to become the most prolific ransomware threat actor this summer, according to multiple threat intelligence reports. Clop's mass exploit of a zero-day vulnerability in the MOVEit file transfer service rapidly catapulted the group to the head of the global ransomware threat actor pack. READ MORE...
Scraped data of 2.6 million Duolingo users released on hacking forum
The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information. Duolingo is one of the largest language learning sites in the world, with over 74 million monthly users worldwide. In January 2023, someone was selling the scraped data of 2.6 million DuoLingo users on the now-shutdown Breached hacking forum for $1,500. READ MORE...
Criminals go full Viking on CloudNordic, wipe all servers and customer data
CloudNordic has told customers to consider all of their data lost following a ransomware infection that encrypted the large Danish cloud provider's servers and "paralyzed CloudNordic completely," according to the IT outfit's online confession. The intrusion happened in the early-morning hours of August 18 during which miscreants shut down all of CloudNordic's systems, wiping both company and customers' websites and email systems. READ MORE...
Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist
CISA has added a vulnerability - cataloged as CVE-2023-26359 - to the Known Exploited Vulnerabilities Catalog with a CVSS score of 9.8 due to active exploitation. The vulnerability is a deserialization flaw affecting Adobe ColdFusion 2018 (Update 15 and earlier) and Adobe ColdFusion 2021 (Update 5 and earlier) and has the potential to result in arbitrary code execution. READ MORE...
First Weekly Chrome Security Update Patches High-Severity Vulnerabilities
Google this week announced a Chrome 116 security update that patches five memory safety vulnerabilities reported by external researchers, including four issues rated 'high severity'. Based on the bug bounty reward Google paid out for these flaws, the most severe of them is CVE-2023-4430, a use-after-free bug in Vulkan, the cross-platform, open standard for 3D graphics. READ MORE...
Akira ransomware targets Cisco VPNs to breach organizations
There's mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data. Akira ransomware is a relatively new ransomware operation launched in March 2023, with the group later adding a Linux encryptor to target VMware ESXi virtual machines. Cisco VPN solutions are widely adopted across many industries to provide secure, encrypted data transmission between users and corporate networks. READ MORE...
Zoom's AI terms overhaul sets stage for broader data use scrutiny
Zoom updated its terms and conditions - again - on Friday following persistent criticism related to language that allowed the company to use customer data to train its AI systems. The latest iteration of the terms allows Zoom to access customer content for legal, security and safety purposes, but the company will not use any audio, video, chat or screen-sharing data to train third-party or its internal AI models. READ MORE...
Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.
In large metropolitan areas, tourists are often easy to spot because they're far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like data theft and ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior. READ MORE...
How ChatGPT turned generative AI into an "anything tool"
The chief technology officer of a robotics startup told me earlier this year, "We thought we'd have to do a lot of work to build 'ChatGPT for robotics.' Instead, it turns out that, in a lot of cases, ChatGPT is ChatGPT for robotics." Until recently, AI models were specialized tools. Using AI in a particular area, like robotics, meant spending time and money creating AI models specifically and only for that area. READ MORE...
- ...in 1889, the first ship-to-shore wireless message is received.
- ...in 1966, the unmanned Lunar Orbiter 1 spacecraft takes the first-ever photograph of Earth from orbit around the Moon.
- ...in 1990, West and East Germany announce their formal reunification, to be made effective on October 3, 1990.
- ...in 1991, the World Wide Web is first opened to the general public.
