A Creative Trick Makes ChatGPT Spit Out Bomb-Making Instructions

Plus: New evidence emerges about who may have helped 9/11 hijackers, UK police arrest a teen in connection with an attack on London’s transit system, and Poland’s spyware scandal enters a new phase...

The FBI’s Director Compares Ransomware Threat to 9/11

Plus, a Supreme Court decision on a controversial anti-hacking law, a WhatsApp walk-back, and more of the week’s top security news...

CVE-2020-14258

CVE-2020-14258 affects HCL Notes (versions 9, 10, 11). A Denial of Service arises from improper validation of user-supplied input, enabling a remote, unauthenticated attacker to hang the client via a specially crafted email message. Affected components and exact root cause are described consisten...

aptdaemon File Existence Disclosure

Exploit Title: File Existence Disclosure in aptdaemon " sys.exit0 FILETOCHECK = sys.argv1 bus = dbus.SystemBus aptdbusobject = bus.getobject"org.debian.apt", "/org/debian/apt" aptdbusi...

A week in security (December 31, 2018 – January 6, 2019)

Last week on Labs, we looked back at 2018 as the year of data breaches, homed in on pre-installed malware on mobile devices, and profiled a malicious duo, Vidar and GandCrab. Other cybersecurity news 2019's first data breach: It took less than 24 hours. An unauthorized third-party downloaded 30,0...

Dark Overlord hackers publish first batch of “secret” 9/11 files

By Waqas The Dark Overlord hackers have fulfilled their promise and published the first batch of decryption keys for 650 documents in a 70 megabytes file related to the 9/11 attacks. Initially, the group had vowed to publish 10GB of data on Twitter account or on a Dark Web form called “KickAss.”...

Dark Overlord hackers vow to leak 9/11 related data stolen from law firm

By Waqas On Monday when the whole world was gearing up to celebrate New Year's Eve hackers from The Dark Overlord group made astonishing claims that they stole a trove of data from Hiscox Syndicates Ltd, a law firm responsible for handling insurance files related to 9/11 terrorist attacks. This w...

CVE-2018-7205

Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages - Edit template properties - Device Layouts - Create devic...

Do you believe in Serendipity?

In December 2016, after a month of mountain bike racing and touring in Nepal, I commenced the Executive Program in General Management at MIT. The first term was at Sloan School of Management in Cambridge and for the first time in my life, I finally could relate to studying. In fact, I was even...

August 23, 2017 – Morning Cyber Coffee Headlines – “Boston Celtics” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! August 23, 2017 - Headlines No U.S.-Russia Cyber Unit Without Trump Notifying...

Here's How Hackers Can Disrupt '911' Emergency System and Put Your Life at Risk

What would it take for hackers to significantly disrupt the US' 911 emergency call system? It only takes 6,000 Smartphones. Yes, you heard it right! According to new research published last week, a malicious attacker can leverage a botnet of infected smartphone devices located throughout the...

Privilege escalation

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability."...

CVE-2015-1689

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1705...

New Cyber Threat Center May Face Challenges

In the wake of news-making attacks on Sony Pictures, Home Depot and many others, the federal government is establishing a new information integration center to focus on cyber threats. The center will analyze intelligence contributed by several agencies, along with the private sector, a model that...

New Data Shows FBI Issued More Than 19k National Security Letters in 2013

The United States federal government issued more than 19,000 National Security Letters–perhaps its most powerful tool for domestic intelligence collection–in 2013, and those NSLs contained more than 38,000 individual requests for information. The new data was released by the Office of the Directo...

The NSA, Snowden and the Internet's Offensive Future

Despite everything that has transpired in the last year, Edward Snowden sounded calm, reflective and in some ways wistful yesterday discussing the fallout and consequences of the multitude of NSA programs and methods he’s revealed. Snowden bemoaned the fact that the NSA specifically and the...

Oversight Board Calls NSA Metadata Collection Illegal

Another independent review board investigating the National Security Agency’s collection of phone records metadata has come down hard on the program, calling it illegal, recommending the government end the program, and questioning its effectiveness in ferreting out terrorists. The Privacy and Civ...

The NSA, Obama and Straw Men

For the people expecting President Barack Obama to announce sweeping changes to the NSA’s surveillance programs, his speech on Friday likely was a major disappointment. Obama laid out some new controls and limits for some of the more controversial programs, specifically the phone metadata...

Cybersecurity Act of 2012 Introduced Without Emergency Presidential Powers Provisions

A bipartisan group of Senators introduced the Cybersecurity Act of 2012 yesterday. The bill aims to secure federal and private sector networks that provide essential services or that are deemed “critical” to the nation in some other way. According to a Homeland Security and Government Affairs...

NBC News Twitter account hacked & post fake news of 9/11

NBC News Twitter account hacked & post fake news of 9/11 Hackers have broken into the Twitter account of NBC News and posted messages claiming that there has been a terrorist attack at Ground Zero in New York. Coming two days before the tenth anniversary of the 9/11 attacks, the prank by a group...