As security pros worry about AI taking their jobs, researchers at Microsoft insist that effective red-teaming still relies on human expertise, cultural awareness, and emotional intelligence — qualities that can’t be replicated by machines. The software giant says its AI red team rigorously tested more than 100 generative AI products and determined that human ingenuity […]
Threat actors are distributing information stealer malware masquerading as proof-of-concept (PoC) exploit code targeting a recent Windows Lightweight Directory Access Protocol (LDAP) vulnerability. Tracked as CVE-2024-49113 (CVSS score of 7.5) and leading to denial-of-service (DoS), the security defect was addressed on December 10 along with over 70 flaws, including a critical LDAP bug (CVE-2024-49112) that […]
The US Justice Department announced on Friday charges against three Russian nationals accused of operating two cryptocurrency mixers that were used for money laundering, including by ransomware groups. Charges of conspiracy to commit money laundering and operating an unlicensed money transmitting business were announced against Roman Vitalyevich Ostapenko, Alexander Evgenievich Oleynik, and Anton Vyachlavovich Tarasov. […]
An emerging ransomware group named FunkSec has risen to fame after claiming responsibility for attacks on more than 80 victims in December 2024, Check Point reports. FunkSec appears to be involved in both hacktivism and cybercrime activities and its members are likely inexperienced threat actors currently looking to gain visibility and recognition, Check Point’s investigation […]
Juniper Networks kicked off 2025 with security updates that address dozens of vulnerabilities in the Junos OS platform, including multiple high-severity bugs. Patches were released last week to resolve a high-severity out-of-bounds read flaw in the routing protocol daemon (RPD) of Junos OS and Junos OS Evolved that could lead to denial-of-service (DoS) when processing […]
Chinese cyberspies targeted several offices, including ones dealing with foreign investments and sanctions, in the recent cyberattack aimed at the US Treasury Department, according to news reports. Little technical information has been made public regarding the Treasury hack while authorities are investigating the full extent of the breach. It was revealed in late December 2024 […]
Italy’s Premier Giorgia Meloni said Thursday that her government is in talks with several private companies, including Elon Musk’s SpaceX, over the country’s telecoms security system, but denied having discussed the issue privately with Musk. “I never talked about this with Musk. It’s not my habit to use my public role to do favors to […]
SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, […]
The Banshee macOS information stealer has been updated to expand its target list to systems using the Russian language, cybersecurity firm Check Point reports. Banshee was first seen in mid-2024, when it was advertised on cybercrime forums for $3,000 per month, and is believed to have been created by Russian developers. The malware can collect […]
Healthcare and substance abuse treatment provider BayMark Health Services has started notifying patients that their personal information was stolen in a data breach resulting from a ransomware attack. The Texas-based company runs one of the largest addiction treatment services in the US, operating roughly 200 facilities and over 380 programs in 35 states, and treating […]