Nissan Oceania Breached; 100K People Affected Down Under

A possible ransomware attack has exposed government and personal data of Australians and New Zealanders, encompassing the carmaker's customers, dealers, and employees.

https://www.darkreading.com/cyberattacks-data-breaches/nissan-oceania-breached-100k-customers-employees-dealers-affected

ChatGPT vs. Gemini: Which Is Better for 10 Common Infosec Tasks?

Compare how well OpenAI's and Google's generative AI products handle infosec professionals' top 10 tasks.

https://www.darkreading.com/cybersecurity-operations/chatgpt-vs-gemini-which-is-better-for-10-common-infosec-tasks-

How to Identify a Cyber Adversary: What to Look For

There are many factors involved in attributing a cyber incident to a specific threat actor.

https://www.darkreading.com/cyberattacks-data-breaches/how-to-identify-a-cyber-adversary-what-to-look-for

Patch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes

Attackers can remotely execute code with system privileges by exploiting a vulnerability in the source code of the open source container management system.

https://www.darkreading.com/cloud-security/patch-now-kubernetes-flaw-allows-for-full-takeover-of-windows-nodes

Why You Need to Know Your AI's Ancestry

Securing AI can't wait an hour, let alone a decade.

https://www.darkreading.com/vulnerabilities-threats/why-you-need-to-know-your-ai-ancestry

Critical ChatGPT Plugin Vulnerabilities Expose Sensitive Data

The vulnerabilities found in ChatGPT plugins — since remediated — heighten the risk of proprietary information being stolen and the threat of account takeover attacks.

https://www.darkreading.com/vulnerabilities-threats/critical-chatgpt-plugin-vulnerabilities-expose-sensitive-data

'PixPirate' RAT Invisibly Triggers Wire Transfers From Android Devices

A multitooled Trojan cuts apart Brazil's premier wire transfer app. Could similar malware do the same to Venmo, Zelle, or PayPal?

https://www.darkreading.com/application-security/pixpirate-rat-invisibly-triggers-wire-transfers-android-devices

Israeli Universities Hit by Supply Chain Cyberattack Campaign

Iranian hacktivist group known as Lord Nemesis and Nemesis Kitten targeted an academic sector software firm in Israel to gain access to its customers.

https://www.darkreading.com/cyberattacks-data-breaches/israeli-universities-hit-by-supply-chain-cyberattack-campaign

Google's Post-Quantum Upgrade Doesn't Mean We're All Protected Yet

Just because Google has put in the work to quantum-proof Chrome doesn't mean post-quantum security is all set.

https://www.darkreading.com/cloud-security/google-s-post-quantum-upgrade-doesn-t-mean-we-re-all-protected-yet

Microsoft Discloses Critical Hyper-V Flaws in Low-Volume Patch Update

Microsoft has disclosed fewer flaws and zero-days in the first three months of 2024 compared with the first quarter of the prior four years.

https://www.darkreading.com/vulnerabilities-threats/microsoft-discloses-two-critical-hyper-v-flaws-low-volume-patch-update

GAO: CISA's OT Teams Inadequately Staffed

The response teams have a staging shortage, leaving them ill-prepared to take on significant threats from different places at once.

https://www.darkreading.com/ics-ot-security/cisa-ot-teams-are-inadequately-staffed-reports-gao

'Magnet Goblin' Exploits Ivanti 1-Day Bug in Mere Hours

A prolific but previously hidden threat actor turns public vulnerabilities into working exploits before companies have time to patch.

https://www.darkreading.com/threat-intelligence/magnet-goblin-exploits-ivanti-1-day-bug-mere-hours

Cyberattack Targets Regulator Database in South Africa

The Companies and Intellectual Property Commission (CIPC), which handles registration of businesses and intellectual property rights for the nation, called the breach "isolated."

https://www.darkreading.com/cyberattacks-data-breaches/cyberattack-targets-south-african-regulator-database

How to Identify a Cyber Adversary: Standards of Proof

Identifying the who, what, and how behind a cyberattack is crucial for preventing future strikes.

https://www.darkreading.com/cyberattacks-data-breaches/how-to-identify-cyber-adversary-standards-of-proof

To Spot Attacks Through AI Models, Companies Need Visibility

Rushing to onboard AI, companies and their developers are downloading a variety of pre-trained machine-learning models, but verifying security and integrity remains a challenge.

https://www.darkreading.com/cyber-risk/ai-models-take-off-leaving-security-behind

Google's Gemini AI Vulnerable to Content Manipulation

Like ChatGPT and other GenAI tools, Gemini is susceptible to attacks that can cause it to divulge system prompts, reveal sensitive information, and execute potentially malicious actions.

https://www.darkreading.com/cyber-risk/google-gemini-vulnerable-to-content-manipulation-researchers-say

IT-Harvest Reaches Milestone With Ingestion of 10K Cybersecurity Products Into Dashboard

https://www.darkreading.com/cybersecurity-operations/it-harvest-reaches-milestone-with-ingestion-of-10k-cybersecurity-products-into-dashboard

Ivanti Breach Prompts CISA to Take Systems Offline

CISA has not confirmed which two systems it took offline or what kind of data was accessed.

https://www.darkreading.com/cyberattacks-data-breaches/ivanti-breach-cisa-systems-offline

The CISO Role Is Changing. Can CISOs Themselves Keep Up?

What happens to security leaders that don't communicate security well enough? "Ask SolarWinds."

https://www.darkreading.com/cybersecurity-operations/ciso-role-changing-can-cisos-keep-up

Typosquatting Wave Shows No Signs of Abating

A spate of recent typosquatting attacks show the scourge of this type of attack is still very much with us, even after decades of cyberdefender experience with it.

https://www.darkreading.com/threat-intelligence/typosquatting-wave-shows-no-signs-of-abating