Security News > 2023 > April

The police in Spain have arrested José Luis Huertas, a 19-year-old regarded as the most dangerous hackers in the country. A police investigation started in November 2022 eventually lead to the identification and arrest of the young hacker, who has been described as "a serious threat to national security."

Market, has had its web site seized by the United States Federal Bureau of Investigations. Market as "An invitation-only marketplace" from which buyers can acquire "Stolen credentials, cookies, and digital fingerprints that are gathered from compromised systems".

Many sectors view AI and machine learning with mixed emotions, but for the cybersecurity industry, they present a double-edged sword. On the one hand, AI provides powerful tools for cybersecurity professionals, such as automated security processing and threat detection.

Hofmann sheds light on the modus operandi of counterfeiters, who operate with impunity on online marketplaces and digital sales channels, luring unsuspecting customers into purchasing fake products. How do counterfeiters operate on online marketplaces and digital sales channels, and what industries and brands are affected by this?

Insecure authentication is a primary cause of cyber breaches, and that cumbersome login methods take an unacceptable toll on employees and business productivity, according to HYPR. Respondents indicate that a passwordless approach would increase productivity, improve user experience, strengthen security and accelerate adoption of multi-factor authentication. Despite these tremendous costs, an astounding 58% of organizations said they kept the same insecure authentication methods after facing a breach.

Although more than 72% of companies indicate they have an Insider Risk Management program in place, the same companies experienced a year-over-year increase in data loss incidents of 32%, and 71% expect data loss from insider events to increase in the next 12 months. With insider incidents costing organizations $16M per incident on average, and CISOs stating that insider risks are the most challenging type of threat to detect, the report is a clear call to action for the security industry to 'do better' and help professionals solve this challenge.

The US Department of Justice has seized cryptocurrency worth about $112 million from accounts linked to so-called pig butchering investment scams. Judges in Arizona, California and Idaho authorized seizure warrants for six virtual currency accounts that prosecutors say were used to launder proceeds of the various frauds that cost victims millions of dollars after they were socially engineered into investing their savings in dodgy digicash schemes.

HP announced in a security bulletin this week that it would take up to 90 days to patch a critical-severity vulnerability that impacts the firmware of certain business-grade printers. The security issue is tracked as CVE-2023-1707 and it affects about 50 HP Enterprise LaserJet and HP LaserJet Managed Printers models.

A Forcepoint staffer has blogged about how he used ChatGPT to craft some code that exfiltrates data from an infected machine. Mulgrew says producing the tool took "Only a few hours." His write-up on Tuesday of his experimentation can be found here, though ignore the stuff about zero days and how the bot could write code that would take normal programmers days to do.

A Forcepoint security researcher says he used ChatGPT to develop a zero-day exploit that bypassed detections when uploaded to VirusTotal. Since he couldn't simply ask ChatGPT to write malware, Mulgrew asked the chatbot to write small snippets that he could manually stitch together, and used steganography for exfiltration.