Security News > 2023 > July

With the proliferation of generative AI in the business world today, it's critical that organizations understand where AI applications are drawing their data from and who has access to it. I spoke with Moe Tanabian, chief product officer at industrial software company Cognite and former Microsoft Azure global vice president, about acquiring trustworthy data, AI hallucinations and the future of AI. The following is a transcript of my interview with Tanabian.

The White House has weighed in on the Section 702 debate, urging lawmakers to reauthorize, "Without new and operationally damaging restrictions," the controversial snooping powers before they expire at the end of the year. Section 702 of the Foreign Intelligence Surveillance Act allows the American government to monitor electronic communications of foreign persons outside of the United States [PDF], and people they confer with, including US persons.

Hackers are using a fake Android app named 'SafeChat' to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones. The Android spyware is suspected to be a variant of "Coverlm," which steals data from communication apps such as Telegram, Signal, WhatsApp, Viber, and Facebook Messenger.

As you can imagine, especially in an online world in which ransomware breaches can bring a company to a digital standstill overnight, and where even coughing up a multimillion-dollar blackmail payment to the attackers for a "Recovery program" might not be enough to get things going again. Ransomware attacks these days frequently involve cybercriminals stealing copies of your trophy data first, notably including employee and customer details, and then scrambling your copies of those very same files, thus squeezing you into a double-play cybersecurity drama.

In emails sent over the weekend, Google warned customers again that it would start deleting inactive accounts on December 1st, 2023. Once a Google Account is deleted, the associated Gmail address will become ineligible for use in creating a new Google Account.

Canon is warning users of home, office, and large format inkjet printers that their Wi-Fi connection settings stored in the devices' memories are not wiped, as they should, during initialization, allowing others to gain access to the data. The specific information stored in a Canon printer varies depending on the model and configuration but generally includes the network SSID, the password, network type, assigned IP address, MAC address, and network profile.

Threat actors are actively targeting exposed instances of SSH and Redis Redis open-source data store with a peer-to-peer self-replicating worm with versions for both Windows and Linux that the malware authors named P2Pinfect. After compromising a vulnerable Redis instance with an initial payload, P2PInfect downloads new OS-specific scripts and malicious binaries and adds the server to its list of infected systems.

Hackers are actively exploiting a 'BleedingPipe' remote code execution vulnerability in Minecraft mods to run malicious commands on servers and clients, allowing them to take control of the devices. BleedingPipe is a vulnerability found in many Minecraft mods caused by the incorrect use of deserialization in the 'ObjectInputStream' class in Java to exchange network packets between servers and clients.

The P2PInfect peer-to-peer worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security researchers Nate Bill and Matt Muir said in a report shared with The Hacker News.

Another actively exploited zero-day vulnerability affecting Ivanti Endpoint Manager Mobile has been identified and fixed.Last week, we reported on a remote unauthenticated API access vulnerability affecting Ivanti EPMM having been exploited to target Norwegian ministries.