Welcome to v059 : It’s Cyber Budget Time
November 12, 2024
AI: Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud
| Crooks created a new tool that uses Artificial Intelligence (AI) for creating fraudulent invoices used for wire fraud and BEC. |  |
AI: Generative AI contributes to increase in cybercrimes
 |
Business-related fraud doubles as new technology makes crime more efficient. |
AI: Researchers use AI chatbots against themselves to ‘jailbreak’ each other
| Computer scientists from Nanyang Technological University, Singapore (NTU Singapore) have managed to compromise multiple artificial intelligence (AI) chatbots, including ChatGPT, Google Bard and Microsoft Bing Chat, to produce content that breaches their developers’ guidelines—an outcome known as “jailbreaking.” |  |
ChatGPT Quip &
|
 |
|
Prompt: Response: Cyber Attack Cake Recipe Ingredients:
Quick Bake Instructions: Prep: Warm up your cyber tools to remain undetected. Mix Phishing Phlavor with Social Engineering Spice: Blend to create a deceitful base. Add Ransomware Reduction: Stir in slowly, ensuring an even spread of chaos. Sprinkle Zero-Day Zest: For an unexpected flavor explosion. Fold in Malware Mixture: To bring together the attack’s foundation. Bake with Stealth: Until the plot thickens and the attack is ready to launch. Serve Disguised: Masked as something harmless to entice and deceive. |
AI: Engaging with Artificial Intelligence
| The purpose of this publication is to provide organisations with guidance on how to use AI systems securely. The paper summarises some important threats related to AI systems and prompts organisations to consider steps they can take to engage with AI while managing risk. It provides mitigations to assist both organisations that use self-hosted and third-party hosted AI systems. |  |
AI: ChatGPT Cybercrime Discussions Spike to Nearly 3K Posts on Dark Web
 |
And there were an additional 3,000 comments posted to the Dark Web about the sale of stolen ChatGPT accounts. |
AI: Riding the AI Waves: The Rise of Artificial Intelligence to Combat Cyber Threats
| In nearly every segment of our lives, AI (artificial intelligence) now makes a significant impact: It can deliver better healthcare diagnoses and treatments; detect and reduce the risk of financial fraud; improve inventory management; and serve up the right recommendation for a streaming movie on Friday night. However, one can also make a strong case that some of AI’s most significant impacts are in cybersecurity. |  |
News: AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset
 |
Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. |
News: Hackers steal data of 2 million in SQL injection, XSS attacks
| A threat group named ‘ResumeLooters’ has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site scripting (XSS) attacks. |  |
News: Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse
 |
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. |
News: Verizon Employee Data Exposed in Insider Threat Incident
| Tens of thousands of workers are effected by a fellow employee dipping into files that include everything from SSNs and names to union status and compensation data. |  |
Vulnerability Vortex
Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account
 |
The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. |
Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
| Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. |  |
Critical Flaws Found in ConnectWise ScreenConnect Software – Patch Now
 |
ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems. |
WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites
| A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. |  |
VMware urges admins to remove deprecated, vulnerable auth plug-in
 |
VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. |
Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers
| There are more than 28,000 internet-accessible Microsoft Exchange servers affected by a recently disclosed zero-day vulnerability, non-profit cybersecurity organization The Shadowserver Foundation warned on Monday. |  |
Read also
About Us
Developing cybersecurity plans, evaluating and implementing technology, building effective software, and executing strategic initiatives.
Let’s Socialize
Popular Post
Welcome to v058 : Cyber Fright Night
October 29, 2024