Month: December 2022

The global political unrest from this year will seep into 2023 with serious ramifications for the security industry, according to Infosecurity Europe’s community of cybersecurity leaders. However, with stricter regulations and developments in Artificial Intelligence (AI) and Machine Learning (ML), CISOs may be in a stronger position to minimise threats next year.  The organisers of
Dec 30, 2022Ravie LakshmananBug Bounty / Privacy A security researcher was awarded a bug bounty of $107,500 for identifying security issues in Google Home smart speakers that could be exploited to install backdoors and turn them into wiretapping devices. The flaws “allowed an attacker within wireless proximity to install a ‘backdoor’ account on the device,
The first open-source equivalent of OpenAI’s ChatGPT has arrived, but good luck running it on your laptop — or at all. This week, Philip Wang, the developer responsible for reverse-engineering closed-sourced AI systems including Meta’s Make-A-Video, released PaLM + RLHF, a text-generating model that behaves similarly to ChatGPT. The system combines PaLM, a large language
What is credential theft? Credential theft is a type of cybercrime that involves stealing a victim’s proof of identity. Once credential theft has been successful, the attacker will have the same account privileges as the victim. Stealing credentials is the first stage in a credential-based attack. Credential theft allows criminals to reset passwords, lock victims
Dec 30, 2022Ravie LakshmananPatch Management The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two-years-old security flaws impacting TIBCO Software’s JasperReports product to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaws, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9), were addressed by TIBCO in April 2018
The grocery delivery company reportedly suffered a 75% valuation cut compared to its $39B peak Anna Heim 9 hours As much as we like to end the year with some good news, what we are hearing from grocery delivery company Instacart is not exactly that. According to The Information, citing “two people familiar with the
Dec 28, 2022Ravie LakshmananBlockchain / Android Malware Decentralized multi-chain crypto wallet BitKeep on Wednesday confirmed a cyberattack that allowed threat actors to distribute fraudulent versions of its Android app with the goal of stealing users’ digital currencies. “With maliciously implanted code, the altered APK led to the leak of user’s private keys and enabled the
2022 was the kind of year that made us think, “What a time to be alive and reporting on transportation.” This year was absolutely dominated by conversations around the realities of bringing self-driving cars to market, the potential upheaval of the gig worker economy, micromobility dramas and, of course, all things Tesla. We took a
Process injection is a technique used to inject malicious code into running processes. Because it evades detection techniques, innocent processes run the malicious injected code, unknowingly infecting the systems. A type of arbitrary code execution, process injection enables attackers to infiltrate systems, access networks and resources, and potentially elevate their privileges. Let’s take a deeper
A prolific botnet that spreads primarily through IoT and web application vulnerabilities has added new exploits and attack capabilities, Microsoft has warned. Zerobot (aka ZeroStresser) is a Go-based botnet sold on the cybercrime underground via a malware-as-a-service model, which makes it relatively easy for its developers to update functionality regularly. Mainly used for distributed denial