On the Defcon safety convention in Las Vegas final weekend, hundreds of hackers competed in a red-team problem to search out flaws in generative AI chat platforms and assist higher safe these rising methods. In the meantime, researchers offered findings throughout the convention, together with new discoveries about methods to bypass a current addition to Apple’s macOS that’s imagined to flag doubtlessly malicious software program in your laptop.
Children are going through a large on-line rip-off marketing campaign that targets them with faux presents and promotions associated to the favored video video games Fortnite and Roblox. And the racket all traces again to at least one rogue digital advertising firm. The social media platform X, previously Twitter, has been submitting lawsuits and pursuing a strategic authorized offensive to oppose researchers who examine hate speech and on-line harassment utilizing knowledge from the social community.
On Thursday, an innovation company throughout the US Division of Well being and Human Providers introduced plans to fund analysis into digital defenses for well being care infrastructure. The aim is to quickly develop new instruments that may defend US medical methods towards ransomware assaults and different threats.
However wait, there’s extra! Every week, we spherical up the tales we didn’t cowl in depth ourselves. Click on the headlines to learn the total tales. And keep protected on the market.
A big phishing marketing campaign that’s been lively since Might has been concentrating on an array of firms with malicious QR codes in makes an attempt to steal Microsoft account credentials. Notably, researchers from the safety agency Cofense noticed the assaults towards “a serious Vitality firm primarily based within the US.” The marketing campaign additionally focused organizations in different industries, together with finance, insurance coverage, manufacturing, and tech. Malicious QR codes had been utilized in practically a 3rd of the emails reviewed by researchers. QR codes have disadvantages in phishing, since victims must be compelled to scan them for the assault to progress. However they make it tougher for victims to judge the trustworthiness of the URL they’re clicking on, and it’s extra possible that emails containing a QR code will attain their goal, as a result of it’s tougher for spam filters to evaluate QR photographs included in an attachment like a PDF.
It’s widespread apply for attackers—each prison actors and state-backed hackers—to rip-off or in any other case lure victims from a place to begin of mainstream companies like e mail, picture sharing, or social media. Now, analysis from the safety agency Recorded Future makes an attempt to categorize the sorts of malware most frequently distributed from these numerous jumping-off factors, and which methods are commonest. The aim was to provide defenders deeper perception into the companies they should prioritize securing. The evaluate discovered that cloud platforms are essentially the most utilized by attackers, however communication platforms like messaging apps, e mail, and social media are additionally extensively abused. Pastebin, Google Drive, and Dropbox had been all standard amongst attackers, as are Telegram and Discord.
In response to the “Downfall” Intel processor vulnerability disclosed by Google researchers final week, organizations have been releasing tailor-made fixes for the flaw. The bug could possibly be exploited by an attacker to seize delicate data like login credentials or encryption keys. Amazon Internet Providers, Google Cloud, Microsoft Azure, Cisco, Dell, Lenovo, VMWare, Linux distributions, and lots of others have all launched steerage on responding to the vulnerability. Previous to public disclosure, Intel spent a 12 months growing fixes to distribute throughout the trade and coordinating to encourage widespread patch launch from particular person distributors.