The FBI is warning the public of a recent nationwide increase in “Phantom Hacker” scams, significantly impacting senior citizens. This Phantom Hacker scam is an evolution of more general tech support scams, layering imposter tech support, financial institution, and government personas to enhance the trust victims place in the scammers and identify the most […]
National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers Pierluigi Paganini October 02, 2023 The National Logistics Portal (NLP), a newly launched platform to manage all port operations in India, left public access to sensitive data, posing the risk of a potential takeover by threat actors. On September […]
The potential for AI workloads at the edge is growing, with two vendors introducing new servers this month. Custom storage vendor Unigen released a ruggedized, compact edge AI server known as Cupcake, and Lenovo released its ThinkEdge SE455 V3 server. Both products aim to achieve a similar goal: making trained AI models actionable at the […]
Progress Software released fixes for eight vulnerabilities in WS_FTP, including one with a maximum severity score, but evidence of exploitation was discovered shortly after.
LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property (IP) for extortion. LUCR-3 targets Fortune 2000 companies across various sectors, including but not limited to Software, Retail, […]
As we realize exciting new advancements in the application of generative pre-trained transformer (GPT) technology, our adversaries are finding ingenious ways to leverage these capabilities to inflict harm. There’s evidence to suggest that offensive actors are using AI and machine learning techniques to carry out increasingly sophisticated, automated attacks. Rather than running from the potential […]
The official website of the UK’s royal family was taken offline by a distributed denial of service (DDoS) attack on Sunday, according to reports. The Royal.uk site was unavailable for around 90 minutes, starting at 10am local time, according to The Independent. It was fully functional again soon after, although Cloudflare checks were in place […]
Cloud computing giant AWS says an internal threat intel decoy system called MadPot has been used successfully to trap malicious activity, including nation state-backed APTs like Volt Typhoon and Sandworm. MadPot, the brainchild of AWS software engineer Nima Sharifi Mehr, is described as “a sophisticated system of monitoring sensors and automated response capabilities” that entraps malicious […]
In-the-wild exploitation of a critical vulnerability in JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server started just days after the availability of a patch was announced. The vulnerability, tracked as CVE-2023-42793, impacts the on-premises version of TeamCity and it allows an unauthenticated attacker with access to a targeted server to achieve remote code execution […]