Cyberpills.news

OpenAI and Microsoft unveil groundbreaking AI cybersecurity grant initiativeFostering innovation in cybersecurity: A bold new approach to empower defenders and elevate discourseOpenAI, with the backing of Microsoft, recently launched an inventive cybersecurity grant initiative. This groundbreaking move is part of their broader effort to strengthen artificial intelligence (AI)-based cybersecurity measures. This commitment to cybersecurity enhancement is showcased by the proactive...

Cyclops ransomware: new threats emerge with data theft capabilitiesA sophisticated cybercrime strategy carries out cross-platform attacks, affecting Windows, macOS and Linux with theft of sensitive dataThreats related to Cyclops ransomware have been observed offering malware designed to capture sensitive data from infected hosts. The notorious ransomware is notable for its ability to target all major desktop operating systems, including Windows, macOS, and Linux. It is also designed to terminate any...

Fighting cybercrime: the 2022 FBI reportDiscover the main types of cyber attacks, their financial impact and web security defense strategiesAccording to the latest cybercrime report released by the FBI, cyber risk is a business risk and cyber security is a national security concern. This notion is backed up by worrying data: In 2022, the FBI's Internet Crime Reporting Center (IC3) received more than 800,000 cybercrime reports, resulting...

Discovered over 30 malicious extensions in the Chrome Web StoreThe extensions, used by millions of users, contained malicious code aimed at displaying unsolicited ads and manipulating search resultsRecently, security experts identified more than 30 malicious extensions that had infiltrated the Chrome Web Store, possibly infecting millions of users. The discovery was initially made by security researcher Wladimir Palant, who three weeks ago realized that the PDF Toolbox extension for Chrome contained...

New web skimmer attack: Akamai reveals threat to e-commerce sitesAkamai investigation exposes growing harmfulness of e-skimming techniques, putting personal data and credit card information at riskAkamai, a leading cybersecurity company, has recently detected a sophisticated Magecart-style web skimming campaign targeting the theft of Personally Identifiable Information (PII) and credit card data from e-commerce portals. During the operation, attackers use a combination of evasive strategies including...

From IT outsourcing to hack-for-hire: the new face of India's digital marketHow cybermercenaries are revolutionizing India's tech industry, amidst security threats and market opportunitiesThe global IT outsourcing market has undergone a drastic evolution. Initially, it was dominated by the migration of IT services of American and European multinational companies to Indian companies, thanks to the combination of technical expertise and lower costs. However, with the advent of artificial...

Trellix boosts cybersecurity in Africa with scalable XDR platformUnveiling AI and machine learning-based security solutions to strengthen the digital landscape in Africa, Trellix fortifies local partnerships and empowers businesses with its "living security" app...Trellix, a leading global cybersecurity firm, is looking to extend its presence in Africa by implementing its versatile Extended Detection and Response (XDR) cybersecurity platform. The corporation intends to cater to business-specific needs by offering state-of-the-art enterprise-level cybersecurity...

The race for artificial intelligence: Josh Lospinoso's alarmThe cybersecurity expert highlights the threats of AI and the need for security in military and commercial operationsBefore founding his current startup, Shift5, which works with the US military, railway operators and airlines such as JetBlue, Josh Lospinoso had already created a cybersecurity startup that was purchased in 2017 by Raytheon/Forcepoint. A former Army captain and 2009 West Point graduate, Lospinoso spent...

SQL injection vulnerability affects MOVEit Transfer: A security appealProgress software confirms a serious risk for organizations. Researchers and security professionals investigate the impact of the incidentThe Progress Software company recently updated a security advisory confirming the existence of a SQL Injection vulnerability in the MOVEit Transfer web application. Although a CVE number has not yet been assigned, this vulnerability could allow an unauthenticated attacker to gain unauthorized access...

More severe than expected data breach in San Diego school districtDisclosing Investigation of Last Fal's security incident highlights wider compromise of sensitive student and employee dataThe San Diego unified school district recently admitted that last fall's data breach had more severe and widespread repercussions than previously reported. Dennis Monahan, executive director of the district's risk management services, said the October security incident compromised a wider range of sensitive...

In the sea of cybersecurity: focus on Walmart and the Zero-Trust approachFind out how companies can protect themselves from cyber threats in an increasingly digitized world, taking inspiration from Walmart and the implementation of the Zero-Trust modelThe growing occurrence of cybersecurity breaches involving organizations of all sizes is a serious problem that cannot be ignored. From giants like Apple, T-Mobile and Uber, no company appears to be immune, with breaches costing American businesses millions of dollars. This vulnerability has been amplified...

The growing threat of cyberattacks in the automotive sectorModern vehicle technologies accentuate vulnerability to cyber risks, creating urgent safety challenges in the future of motoringIn the digital age, vehicles, especially those with sophisticated electronic systems, are becoming increasingly exposed to the risks of cyber attacks. The threat is not just limited to electric cars, but also extends to modern sedans and utility vehicles, which are capable of being hacked. This danger...

5G networks: discover the risks and how to mitigate themFrom slow 5G deployment to cybersecurity challenges, we explore the 5G landscape and offer strategies to protect your devicesThe introduction of 5G networks has proved to be a slower process than expected. Although the concept was unveiled in 2016, its global availability was only achieved in 2019. Four years later, the share of the population with 5G-enabled devices remains low in most countries. It is unclear whether the...

Angelina Xu: brilliant MIT student wins eighth ESET fellowship for women in cybersecurityFrom Ridge High School to MIT, Angelina Xu demonstrates the power of diversity in STEM and stands out for her contributions to the cybersecurity field, encouraging other women to pursue careers in this...Basking Ridge High School alumna Angelina Xu was recently awarded another prestigious award – the 8th Annual Women in Cybersecurity Scholarship offered by ESET North America. Angelina, a 2021 graduate of Ridge High School, is one of four women selected to receive this scholarship.A brilliant academic j...

Galvanick leads innovation in industrial safety with $10 million in fundingCybersecurity startup plans to revolutionize critical infrastructure defense with backing from well-known investorsGalvanick, an early start-up working on an Extended Detection & Response (XDR) platform for industrial infrastructure, has secured $10 million in venture capital funding. This Los Angeles-based company was co-founded by cybersecurity veterans from the US government and Amazon. Several investment firms...

Toyota: prolonged data exposure due to cloud configuration glitchAutomobile giant conducts thorough security checks after years-long customer data breach impacts both domestic and international clientsRenowned Japanese automobile manufacturer Toyota revealed this week that a glitch in its cloud configuration has resulted in a multi-year exposure of its customer data. The security flaw affected environments managed by Toyota Connected Corporation (TC), encompassing a wide range of information including...

Critical flaw discovered in the ReportLab Toolkit: remote code execution riskAn exploit for a ReportLab vulnerability, used to generate PDFs from HTML, puts millions of users at risk. A security update is availableA researcher has revealed a hands-on experiment of a flaw that allows remote code execution, known as RCE, that affects the ReportLab Toolkit. This tool, a Python library widely used by many projects to convert HTML files to PDF, has a monthly download volume of about 3.5 million on the PyPI (Python...

Critical flaws revealed in Sonos One speakersCybersecurity specialists have exposed flaws that allow remote code execution and the disclosure of sensitive dataThe Zero Day Initiative (ZDI) revealed a number of security issues surrounding Sonos One wireless speakers in its latest report last week. These flaws could be exploited to achieve disclosure of sensitive information and remote code execution.Details of the vulnerabilities discovered in the Pwn2Own hacking...

Fortify your web applications: comprehensive guide to penetration testing and PTaaS for continuou...Discover the seven stages of effective pen testing and the benefits of Pen Testing as a Service (PTaaS) for proactive and continuous web application securityWith the increasing sophistication of cyber-attacks, organizations are recognizing the critical need to protect their web applications from security vulnerabilities. Penetration testing, or pen testing, has emerged as a common practice for identifying and addressing such vulnerabilities. This article...

Expanding cyber threat: GobRAT targets Linux routers in JapanAttack detected by JPCERT Coordination Center compromises router security, obfuscating malware as Apache process and establishing dangerous remote accessThe cybersecurity world has recently been rocked by a new remote access trojan, written in Golang and known as GobRAT. This insidious software targets Linux routers in Japan, and its initial attack strategy involves locating a router whose WEBUI is freely accessible to the public. The trojan then exploits...

Security issue in the WordPress Gravity Forms pluginMore than 930,000 websites could be exposed to security risks due to unauthenticated injection of PHP objects in the popular pluginThe popular WordPress plugin "Gravity Forms", currently used by over 930,000 websites, is vulnerable to unauthenticated PHP object injection. "Gravity Forms" is a customizable form-building tool used by website owners to make payments, registrations, file uploads, or any other forms needed for visitor-site...

The revolutionary impact of machine learning in cybersecurityAn overview of the crucial role of machine learning in strengthening defenses against emerging cyber threats and attacksMachine learning has emerged as one of the most dynamic fields in data science, acting as a subset of artificial intelligence that allows systems to learn from data and make accurate predictions, detect anomalies or make recommendations through various techniques. These methods extract insights from...

Microsoft discovers vulnerabilities in macOS operating systemsMigraine vulnerability allows attackers to bypass System integrity protection security feature, with serious implications on data protection and system stabilityTech giant Microsoft and its security team have discovered and reported to Apple a significant vulnerability in macOS operating systems, dubbed "Migraine". This security flaw, which has the identification number CVE-2023-32369, has raised serious concerns in terms of data protection and system stability....

Critical vulnerability in Gigabyte motherboard firmware: millions of PCs at riskEclypsium detects a hidden and insecure backdoor in the Taiwanese manufacturer's motherboards, opening the door to potential cyberattacksMillions of PC motherboards have been sold with a backdoor in the firmware, recent studies have revealed. This poses a significant security risk, as it makes the work of cybercriminals easier. In fact, the ability to hide malicious programs in the computer's UEFI firmware, which governs the loading of...

JumpCloud winner of the 2023 Fortress cybersecurity awardIndustry recognition for innovative open directory platform, bulwark against cyber threatsThe Corporate Intelligence Group announced on May 31, 2023, in Louisville, Colorado, that JumpCloud Inc. has been awarded the prestigious accolade of the 2023 Fortress Award for Cybersecurity, in the Authentication and Identity category. This industry award recognizes and honors the world's leading companies...

Zyxel fixes major vulnerability in home NAS devicesUsers are advised to update their systems immediately to avoid potential cyber-attacksZyxel, a company renowned for the production of network connected storage devices (NAS) for home use, has solved a significant security problem. The vulnerability, named CVE-2023-27988, was a high-severity security risk involving authenticated command injection. This security issue was seen in the device...

SpinOk spyware found in over 100 android apps with 421 million downloadsMalicious software, identified by Doctor Web, steals data and interacts with users through bogus games and prizes, endangering privacyThe antivirus company, Doctor Web, has detected spy software in more than 100 Android applications. These applications have amassed over 421 million downloads on Google Play. The malicious entity, dubbed 'SpinOk' by Doctor Web, comes in the form of a marketing SDK.SpinOk hidden features and user interaction...

Virtual assistants: from protagonists to pop-ups on the stage of artificial intelligenceA worrying stasis as modern artificial intelligence advances by leaps and boundsIn recent years, the roar of tech giants like Google and Amazon has resounded in every corner of the planet, thanks to well-known personalities: Google Assistant and Alexa. These virtual assistants have invaded our homes, promising to revolutionize their daily lives with a simple voice command. But the...

Proactive cyber defense: a necessity in the digital ageHow collective strategy, innovation and holistic approach can ensure the security of our digital ecosystem in a fast-changing worldThe increase in incidents related to cyber crime, which have recently hit law enforcement agencies and one of the country's online payment providers, highlight how in this digital age nothing is inviolable. Importantly, these high-profile attacks occurred during military exercises and a time of rising...

Digital intrigues: the siege of cybercriminals on the video game industryFrom the explosion of DDoS to the exploit of APIs and web applications: how the gaming industry can counter the growing threat of cybercrimeIn recent years, the video game industry has experienced exponential growth, attracting millions of gamers around the world thanks to a wide range of interactive experiences. However, this popularity has attracted the attention of cybercriminals, who seek to exploit its vulnerabilities. The reasons why...

OneMain financial hit with $4.25M fine over cybersecurity lapsesNYDFS imposes multimillion penalty on lender for alleged violations of the cybersecurity regulationThe New York Department of Financial Services (NYDFS) has recently publicized a $4.25 million fine against OneMain Financial Group LLC. The reason behind this stringent measure relates to OneMain's alleged violations of the Cybersecurity Regulation, also known as 23 NYCRR Part 500.Specific information...

Charlotte AI: the innovative cyber security assistant launched by CrowdStrikeA breakthrough innovation that promises to close the skills gap, automate repetitive tasks and accelerate response to cyber threatsCrowdStrike, a leading cybersecurity company, has announced the launch of Charlotte AI, an innovative assistant powered by generative artificial intelligence. This AI-powered cyber security analyst can be used by users of different skill sets, from newbies to experts, to tackle critical cyber security...

Artificial intelligence regulation in China: the new draft measuresChina aims for broader control over generative AI: focus on core socialist values, regulation of training data and protection of users rightsJust four months after the first legislative measures regarding AI, called "Deep Synthesis Measures on Internet Information Services Administration", the CAC (Cybersecurity Administration of China) introduced the "Deep Synthesis Measures". AI draft". This sudden return to the legislative table appears...

Cyber security emergency: checkmate in the Dallas courtBrazos county responds to vyberattacks: from dramatic consequences to building a dtrong defense lineCyber attacks undermine the security of vital data, which can cause dramatic consequences. A case in point occurred recently in the United States, when the Dallas Municipal Courthouse became the target of such an attack. The result was catastrophic: the building was closed for nearly a month. This incident...

NSSG secures prestigious Comex 2013 cyber security award for 2023Demonstrating exemplary commitment and performance, NSSG marks a significant milestone in global cybersecurity leadershipThe distinguished National Security Services Group (NSSG), renowned for its exceptional cybersecurity services, has received the prestigious Comex 2013 cyber security award for the year 2023. This notable achievement fortifies the company's global standing, elevating it to the ranks of esteemed corporations...

Josh Lospinoso and artificial intelligence: a balance between innovation and securityThe founder of Shift5 illustrates the potential and threats of AI in the field of cyber security, warning about possible vulnerabilitiesJosh Lospinoso, a cybersecurity veteran, has an impressive resume. In 2017, its first cybersecurity startup was acquired by Raytheon/Forcepoint. His second venture, Shift5, partners with the US military, railroad operators, and airlines like JetBlue. Lospinoso, a 2009 West Point graduate and Rhodes Scholar,...

Illuminate 2023: the future of digital innovation converges in ItalyThe famous international technology conference organized by IAMCP arrives in Lecce for 2 days of insights, networking and training on the latest technological trendsA meeting of global importance in the innovation sector, known as "Illuminate", arrives in Italy, precisely in Lecce, on June 6 and 7, 2023. Organized annually by the International Association of Microsoft Partners (IAMCP), Illuminate has consolidated itself as an exclusive and unmissable event after...

Generative AI abuse: a growing threat to online securityActiveFence report reveals how generative AI is being used for child abuse material production, disinformation propagation and extremismMalevolent actors are abusing Generative Artificial Intelligence (AI) to commit child sexual abuse (CSAM), disinformation, fraud and extremism, says ActiveFence. According to Noam Schwartz, CEO and founder of ActiveFence, "The explosion of generative AI has far-reaching implications for all corners of...

DogeRAT: the new open source danger for AndroidWarning to users: sophisticated malware sneaks through supposedly safe applications, with India as the main targetIn a sophisticated malware campaign, DogeRAT, a new open source Remote Access Trojan (RAT), is primarily targeting Android users in India. This malware is distributed through social media and messenger platforms, masquerading as legitimate applications such as Opera Mini, OpenAI ChatGOT and premium versions...

The national cybersecurity strategy: protection, resilience and digital autonomy for ItalyTackling cyber threats, promoting the national economy and spreading a culture of security to guarantee the country's digital futureOn May 18, the National Cybersecurity Strategy (2022-2026) was approved by the ACN (National Cybersecurity Agency) during a meeting of the Interministerial Cybersecurity Committee chaired by Prime Minister Mario Draghi. This decision was taken at a time of emergency for the cyber attacks that have hit...

The crucial importance of cybersecurity in the education sectorInvest in effective and resilient protections to counter the emerging wave of cyberattacks in educational institutionsThe importance of cybersecurity investment in education cannot be emphasized enough. The expenses associated with a cyber attack can significantly exceed the costs of a solid cyber security strategy. The dangers of networks should never be minimized, especially when thousands of sensitive data are at...

Thwarting ransomware attacksHow modern technology solutions deliver faster, more complete recovery after an attackRansomware attacks are becoming a regular occurrence in today's news, exposing the vulnerability of businesses that depend on data for day-to-day functioning. Not only IT and security professionals, but also business managers are increasingly confronted with this threat.Companies are particularly vulnerable...

BrutePrint: the impact of mobile phone fingerprint vulnerabilitiesA novel, low-cost attack technique bypasses biometric safeguards, leveraging undisclosed vulnerabilities in the mobile fingerprint authentication systemIn recent scientific advancements, an economical method, termed "BrutePrint", has been identified that can exploit fingerprints on mobile phones for unauthorized access and eventual control of the devices. This innovative strategy surpasses the preventative barriers designed to inhibit recurrent unsuccessful...

Chatbot and legal practice: when the AI is wrongPossible legal sanctions for the lawyer who used the OpenAI chatbot in the case of a client injured in flightIn the age of artificial intelligence, many people are wondering if this technology could somehow replace humans in the workplace. However, as a recent legal case illustrates, this is not necessarily true of all professions.Schwartz, an attorney at the major law firm, recently enlisted the help of ChatGpt,...

Spain's plan to curb encryption sparks controversy: an in-depth look at global cybersecurity issuesFrom Meta's record GDPR fine to allegations against NSO Group's Pegasus spywareIn a document recently exposed, it was unveiled that Spanish officials are looking to impose restrictions on end-to-end encryption across the European Union. This came to light as part of a wider European investigation concerning proposals to scrutinize private messages for material related to child...

Cybersecurity threats loom over enterprises, with 65% impacted in a yearA report by Netwrix reveals a significant rise in cybersecurity incidents, with large corporations becoming more frequent targets for ransomware and malware attacks, while smaller businesses underestimate...In the corporate world, cybersecurity threats continue to grow at an alarming pace. Over the past year, a staggering 65% of enterprises reported experiencing a cyberattack, mirroring a similar trend observed across businesses of various scales where 68% have fallen victim, as reported by Netwrix. The...

AI and predictive policing: an ethical dilemma in the digital ageFrom the debate on the ethical use of AI to the new regulations in sight, the article explores the implications of predictive policing and the impact on the individual and societyThe landscape of ethics in Artificial Intelligence (AI) is marked by lively debate. One of the most controversial aspects concerns the use of AI in sectors that could have a significant impact on human rights, as in the case of Predictive Policing.This term refers to the process of collecting and analyzing...

Innovative phishing approach exploits browser-based file archivingThe latest cybercrime method mirrors genuine file archiving software within web browsers, capitalizing on new top-level domains and raising cybersecurity concernsAn innovative phishing approach named "browser-based file archiving" offers a way to impersonate file archiving software, like WinRAR, in a web browser, occurring when a victim lands on a .ZIP website.Revealed by security researcher mr.d0x, the tactic involves making use of a .zip website to present...

The Microsoft Bing chatbot is reborn: the initiative of an entrepreneurThrough astute use of AI, Cristiano Giardina brings the unique personality of the Sydney chatbot to life, highlighting the potential and risks of manipulating generative language patternsMicrosoft Bing Chatbot, known for its unique and peculiar personality known as Sydney, seemed to have lost its essence when the tech giant decided to terminate its distinctive functioning. However, a reimagined version of the bot, complete with its quirky nature, has been brought back to life thanks...

IT security: Rome welcomes the SMI open dayThe importance of cybercrime prevention: experts and industry leaders discuss strategies and technologies for greater data protectionIn an increasingly digitized society, information security is a fundamental aspect. In 2022, a worrying increase in cybercrime reports was recorded: more than 22,000 in Milan, over 20,000 in Rome, more than 16,000 in Turin and 15,000 in Naples. In the face of this growing threat, it is of paramount importance...