13 matches found
DOJ Charges Binance With Vast Money-Laundering Scheme and Sanctions Violations
From Russia to Iran, the feds have charged Binance with conducting well over $1 billion in transactions with sanctioned countries and criminal actors...
A Closer Look at ChatGPT's Role in Automated Malware Creation
This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models...
New "Whiffy Recon" Malware Triangulates Infected Device Location via Wi-Fi Every Minute
The SmokeLoader malware is being used to deliver a new Wi-Fi scanning malware strain called Whiffy Recon on compromised Windows machines. "The new malware strain has only one operation. Every 60 seconds it triangulates the infected systems' positions by scanning nearby Wi-Fi access points as a da...
Massive HTTP DDoS Attack Hits Record High of 71 Million Requests/Second
Web infrastructure company Cloudflare on Monday disclosed that it thwarted a record-breaking distributed denial-of-service DDoS attack that peaked at over 71 million requests per second RPS. "The majority of attacks peaked in the ballpark of 50-70 million requests per second RPS with the largest...
FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food
The Federal Bureau of Investigation FBI, the Food and Drug Administration Office of Criminal Investigations FDA OCI, and the U.S. Department of Agriculture USDA have released a joint Cybersecurity Advisory CSA detailing recently observed incidents of criminal actors using business email compromis...
Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities
Microsoft is warning of an uptick among nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page Digital Defense Report, said it has "observed a reduction in the time between the...
FBI warns food and agriculture to brace for seasonal ransomware attacks
The Federal Bureau of Investigation FBI recently released a Private Industry Notification warning agriculture cooperatives also known as "farmers co-ops" of the looming danger of well-timed ransomware attacks. The agency warns that during the critical planting and harvesting seasons, attacks coul...
Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild
A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild. Tracked as CVE-2022-22954, the security shortcoming relates to a remote code execution vulnerability...
FBI Warn Hackers are Using Hijacked Home Security Devices for 'Swatting'
Stolen email passwords are being used to hijack smart home security systems to “swat” unsuspecting users, the Federal Bureau of Investigation warned this week. The announcement comes after concerned device manufacturers alerted law enforcement about the issue. Swatting is a dangerous prank where...
Universal Plug and Play (UPnP): What you need to know
Universal Plug and Play UPnP is a widely used protocol with a decade-long history of flawed implementations across a wide range of consumer devices. In this paper, we will cover how these aws are still present on devices, how these vulnerabilities are actively being abused, and how a...
More on the Vulnerabilities Equities Process
Richard Ledgett -- a former Deputy Director of the NSA -- argues against the US government disclosing all vulnerabilities: Proponents argue that this would allow patches to be developed, which in turn would help ensure that networks are secure. On its face, this argument might seem to make sense ...
Setting Expectations Between States on Cyberwar
A a panel of security experts at the RSA Conference on Wednesday said there is a lack of agreement on a definition of cyberwarfare and of the tools used to fight them. “Words matter and it’s important to have definitions. But one of the challenges is the pace of innovation gets in front of doctri...
ModPOS: Highly-Sophisticated, Stealthy Malware Targeting US POS Systems with High Likelihood of Broader Campaigns
Today, iSIGHT Partners is sharing details about a highly sophisticated criminal malware framework that has been used to target point-of-sale POS systems at US-based retailers. We believe this very hard to detect malware is likely being used in broader campaigns and are disclosing details to help...