Security News > 2023 > July

Two ransomware actors, ALPHV/BlackCat and Clop, have listed beauty company Estée Lauder on their data leak sites as a victim of separate attacks. In a Security Exchange Commission filing on Tuesday, The Estée Lauder Companies confirmed one of the attacks saying that the threat actor gained access to some of its systems and may have stolen data.

Two ransomware actors, ALPHV/BlackCat and Clop, have listed beauty company Estée Lauder on their data leak sites as a victim of separate attacks. In a Security Exchange Commission filing on Tuesday, The Estée Lauder Companies confirmed one of the attacks saying that the threat actor gained access to some of its systems and may have stolen data.

Generative AI. Forrester defines generative AI as a set of technologies and techniques that leverage massive amounts of data to generate new content such as text, video, images, audio and code in response to natural language prompts or other noncode and nontraditional inputs. Forrester Vice President of Emerging Technologies Brian Hopkins explained that, compared to intelligent agents, with AWAs, " we're seeing [a] blending of RPA and digital process tools" and the ability " to create a software agent that is capable of learning as it goes and answering more complex queries and acting in a non-deterministic way.

A new report from Forrester is cautioning enterprises to be on the lookout for five deepfake scams that can wreak havoc. The deepfake scams are fraud, stock price manipulation, reputation and brand, employee experience and HR, and amplification.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Cybercriminals are taking their business offline in a new approach to familiar technical support scams recently identified by the US Federal Bureau of Investigation. In a bulletin published yesterday, the FBI's Internet Crime Complaint Center says it's noticed a recent uptick in technical support scams across the US that, rather than urging victims to wire funds, send cryptocurrency or hand over gift card codes, is asking them to mail magazine-wrapped wads of cash.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in attacks. As part of today's out-of-band update, Adobe fixed three vulnerabilities: a critical RCE tracked as CVE-2023-38204, a critical Improper Access Control flaw tracked as CVE-2023-38205, and a moderate Improper Access Control flaw tracked as CVE-2023-38206.

Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in attacks. Adobe says the CVE-2023-38205 flaw was abused in limited attacks.

Threat actors are showing an increased interest in generative artificial intelligence tools, with hundreds of thousands of OpenAI credentials for sale on the dark web and access to a malicious alternative for ChatGPT. Both less skilled and seasoned cybercriminals can use the tools to create more convincing phishing emails that are customized for the intended audience to grow the chances of a successful attack. Hackers tapping into GPT AI. In six months, the users of the dark web and Telegram mentioned ChatGPT, OpenAI's artificial intelligence chatbot, more than 27,000 times, shows data from Flare, a threat exposure management company, shared with BleepingComputer.