ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities
By code or by command, cybercriminals are circumventing ethical and safety restrictions to use generative AI chatbots in the way that they want.
https://www.darkreading.com/application-security/chatgpt-jailbreaking-forums-dark-web-communities
Millions of Facebook Business Accounts Bitten by Python Malware
The "MrTonyScam" has a surprisingly high success rate, spreading a Python-based stealer to some 100,000 business accounts per week.
https://www.darkreading.com/endpoint/millions-facebook-business-accounts-python-malware
The Double-Edged Sword of Cyber Espionage
State-sponsored attacks are alarming and difficult to prevent, but they suffer from a fundamental weakness that can be leveraged by defenders.
https://www.darkreading.com/attacks-breaches/double-edged-sword-cyber-espionage
'Anonymous Sudan' Sets Its Sights on Telegram in DDoS Attack
Telegram has not stated why it has suspended the group's primary account, but it is likely due to its use of bots.
https://www.darkreading.com/attacks-breaches/anonymous-sudan-sets-sights-telegram-ddos-attack
Cloudflare Announces Unified Data Protection Suite to Address Risks of Modern Coding and Increased AI Use
Rich security suite enables seamless and secure path to transition corporate networks to the cloud, and accelerate innovation.
Google and Acalvio Partner to Deliver Active Defense to Protect Customers From Advanced Threats
World Security Report Finds Physical Security Incidents Cost Companies USD $1T in 2022
Iran's Charming Kitten Pounces on Israeli Exchange Servers
Archrivals face off in the cyber plane, as opportunistic hackers prey on the unpatched and generally negligent.
https://www.darkreading.com/dr-global/irans-charming-kitten-israeli-exchange-servers
'Steal-It' Campaign Uses OnlyFans Models as Lures
Custom PowerShell scripts are being deployed against geofenced targets in Australia, Belgium, and Poland to exfiltrate data.
https://www.darkreading.com/application-security/steal-it-campaign-onlyfans-models-lures
Being Flexible Can Improve Your Security Posture
Changing your approach when you realize you could be more efficient pays dividends, especially in six areas of your cybersecurity program.
https://www.darkreading.com/edge-articles/being-flexible-can-improve-your-security-posture
Iranian APT Hits US Aviation Org via ManageEngine, Fortinet Bugs
Known security vulnerabilities in the enterprise products allowed unauthorized access through a public-facing application, US Cyber Command said.
Attackers Abuse Google Looker Studio to Evade DMARC, Email Security
Cyberattackers are tapping the legitimacy of the Web-based data-visualization tool in a campaign aimed at stealing credentials and defrauding hundreds of business users.
https://www.darkreading.com/endpoint/phishers-abuse-google-looker-studio-dmarc-email-security
Overcoming the Rising Threat of Session Hijacking
Passkeys and multifactor authentication aren't enough for combating infostealer malware, which can exfiltrate corporate data before anyone knows an attack happened.
https://www.darkreading.com/vulnerabilities-threats/overcoming-rising-threat-session-hijacking
Navigating Rwanda's New Data Protection Law
As the law's October 2023 transition deadline approaches, it's critical for organizations doing business in Rwanda to understand its requirements and implications.
https://www.darkreading.com/dr-global/navigating-rwanda-new-data-protection-law
Microsoft, Google Take on Obsolete TLS Protocols
Google shortened the lifetime of Transport Layer Security (TLS) certificates, and Microsoft plans to downgrade support for older versions, giving companies more data security but also removing visibil...
https://www.darkreading.com/dr-tech/microsoft-google-take-on-obsolete-tls-protocols
Critical Security Bug Opens Cisco BroadWorks to Complete Takeover
Cyberattackers could exploit CVE-2023-20238 to carry out a variety of nefarious deeds, from data theft and code execution to phishing, fraud, and DoS.
3 Ways to Expand Cyber Talent Pool From Splash Pad to Watering Hole
Why — and how — "unqualified" candidates will fill the reservoir with the security workers America is thirsty for.
https://www.darkreading.com/edge/3-ways-to-expand-cyber-talent-pool-from-splash-pad-to-watering-hole
'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users
Legitimate-seeming Telegram "mods" available in the official Google Play store for the encrypted messaging app signal the rise of a new enterprise threat.
https://www.darkreading.com/attacks-breaches/evil-telegram-spyware-campaign-infects-60k-mobile-users
Kenya Initiates Public Sector Digital Skills Training, No Mention of Cybersecurity
Training will cover cloud skills and working in a paperless environment, but any mention of a cybersecurity element is conspicuously lacking.
Trickbot, Conti Sanctions Affect Top Cybercrime Brass
US Treasury officials said the sanctions move is part of its effort to combat Russian state-sponsored cybercrime.
https://www.darkreading.com/threat-intelligence/trickbot-conti-sanctions-affect-top-cybercrime-brass