Philip Choo

A leading UK security agency has claimed there’s a low risk of ChatGPT and tools like it effectively democratizing cybercrime for the masses, but it warned that they could be useful for those with “high technical capabilities.” National Cyber Security Centre (NCSC) tech director for platforms research, David C, and tech director for data science
Mar 16, 2023Ravie LakshmananCyber Crime / Cryptocurrency A coalition of law enforcement agencies across Europe and the U.S. announced the takedown of ChipMixer, an unlicensed cryptocurrency mixer that began its operations in August 2017. “The ChipMixer software blocked the blockchain trail of the funds, making it attractive for cybercriminals looking to launder illegal proceeds from
In pursuing new incident response roles, job candidates may find themselves fielding interview questions likely to challenge even highly experienced IT security practitioners. Hiring managers sometimes contrive stump-worthy questions to separate the most skilled candidates from the pack. Preparation is key, as such questions are often challenging in ways that aren’t entirely intuitive. For example,
Mar 15, 2023Ravie LakshmananServer Security / Cryptocurrency Cybersecurity researchers have discovered the first-ever illicit cryptocurrency mining campaign used to mint Dero since the start of February 2023. “The novel Dero cryptojacking operation concentrates on locating Kubernetes clusters with anonymous access enabled on a Kubernetes API and listening on non-standard ports accessible from the internet,” CrowdStrike
Intellect, the Singapore-based mental health platform that now serves over three million users in 20 countries, is getting ready for a new phase of growth after striking a strategic partnership with IHH Healthcare, Asia’s largest private healthcare group. IHH Healthcare will work with Intellect to develop and customize digital mental health programs for its patients,
The Housing Authority of the City of Los Angeles (HACLA) has finally issued a public notice outlining the impact of a ransomware breach first reported at the start of this year. The public agency, which claims to hold the largest stock of affordable housing in the city, acknowledged a “cyber-event that resulted in disruption to
Mar 14, 2023Ravie LakshmananNetwork Security / Botnet A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. “GoBruteforcer chose a Classless Inter-Domain Routing (CIDR) block for scanning the network during the attack, and it targeted all IP addresses within that
UK law enforcers claimed on Friday to have dismantled a major money laundering gang after its final three members were sentenced following a five-year investigation. Aurimas Bielskis, 41, Vitalijs Slapkins-Slapkovs, 34, and Nedas Kiviliauskas, 34, were sentenced at Kingston Crown Court in west London. Bielskis and Slapkins-Slapkovs were each handed 22 months in prison, suspended for
Mar 13, 2023Ravie LakshmananBrowser Security / Artificial Intelligence A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. “By hijacking high-profile Facebook business accounts, the threat actor creates an elite
As Silicon Valley Bank collapsed before our eyes on Thursday, a founder told me that the world felt like it did when COVID-19 first bared its teeth. I scoffed at his analogy at first: are we really using a still on-going and devastating pandemic to describe the fall of a prominent bank? But then I
Editor’s Note: Adam Bertram originally wrote this article and Brien Posey has expanded it. PowerShell is an incredibly comprehensive and easy-to-use language. But administrators need to protect their organization from bad actors who use PowerShell for criminal purposes. PowerShell’s extensive capabilities as a native tool in Windows make it tempting for an attacker to exploit
The White House has allocated a total of $3.1bn to cybersecurity infrastructure in its latest budget report. Published on Thursday, the document shows $145m of this figure will go toward making the Cybersecurity and Infrastructure Security Agency (CISA) “more resilient and defensible.” Of the remaining funds, $98m will be invested in implementing the Cyber Incident Reporting
Mar 11, 2023Ravie LakshmananCyber Threat Intelligence The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI’s ChatGPT, Spotify, Tableau, and Zoom.
Brett Adcock Contributor Brett Adcock is the founder of Figure, an AI robotics company building a general-purpose humanoid robot. Previously, he founded Archer Aviation, an urban air mobility company that went public at $2.7B and Vettery, a machine learning-based talent marketplace that was acquired for $110M. Yesterday, the U.S. experienced its second-largest bank failure in
A new variant of the Xenomorph Android banking trojan has been spotted by ThreatFabric security researchers and classified as Xenomorph.C. The variant, developed by the threat actor known as Hadoken Security Group, represents a substantial upgrade from the malware previously observed by ThreatFabric, according to an advisory published by the company earlier today. “This new