Security News > 2023 > April
There cannot be a "British internet," or a version of end-to-end encryption that is specific to the UK. The UK Government must urgently rethink the Bill, revising it to encourage companies to offer more privacy and security to its residents, not less. "There is grave concern that the Online Safety Bill's requirements around identifying illegal content could break the principle of end-to-end encryption with the promise of a magical backdoor. Once a backdoor has been compromised, data and content protected by the encryption becomes accessible. This is exactly what many bad actors would welcome."
Specifically, the dual-use application of models for predicting cytotoxicity18 to create new poisons or employing AlphaFold2 to develop novel bioweapons has raised alarm. To evaluate these risks, we designed a test set comprising compounds from the DEA's Schedule I and II substances and a list of known chemical weapon agents.
The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems. While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB has revealed the adversary's use of the SimpleHelp remote support software in June 2022.
Black Basta, the extortionists who claimed they were the ones who lately broke into Capita, have reportedly put up for sale sensitive details, including bank account information, addresses, and passport photos, stolen from the IT outsourcing giant. "We continue to work closely with specialist advisers and forensic experts in investigating the incident," a Capita spokesperson told The Register.
Threat actors behind the LockBit ransomware operation have developed new artifacts that can encrypt files on devices running Apple's macOS operating system.The development, which was reported by the MalwareHunterTeam over the weekend, appears to be the first time a big-game ransomware crew has created a macOS-based payload. Additional samples identified by vx-underground show that the macOS variant has been available since November 11, 2022, and has managed to evade detection by anti-malware engines until now.
"In the two schemes, the defendants created and used fake social media accounts to harass and intimidate PRC dissidents residing abroad," states the Department's announcement of the charges. The DoJ alleges the Group ran a troll farm that "Created thousands of fake online personas on social media sites, including Twitter, to target Chinese dissidents through online harassment and threats."
A well-tuned data breach playbook can provide security teams with a clear roadmap for working through the breach response process. Building a playbook means mapping practical data breach scenarios around product security, infrastructure, corporate security, social engineering, vendor supply chain risk, and more.
In this Help Net Security video, Michael Peters, Principal Software Engineer at Red Hat, discusses how to implement a zero-trust system that uses workload identity across a service mesh in...
How good are we at cybersecurity? Boards should learn more about the people and expertise on the cybersecurity team, and their experiences. Of course, dashboards can be a great source of information, but do they simply show what organizations can measure, rather than what they should be measuring? How resilient are we? Boards should ask the CISO, technology leadership: CIO, CTO and the business leaders about how prepared your organization is to keep the business running through an event like a ransomware attack.
An Australian military helicopter crash was reportedly caused by failure to apply a software patch, with a heft side serving of pilot error. The helicopter in question is an MRH-90 Taipan operated by the Australian Army and was engaged in what's been described as "a routine counter-terrorism training activity" on March 23rd when it ditched just off a beach in the State of New South Wales.