Security News > 2023 > December
Scammers are hijacking hotels' Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. "Customers of multiple properties received email or in-app messages from Booking.com that purported to be from hotel owners requesting confirmation of payment details for upcoming stays," Secureworks researchers warn.
In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre of Excellence, in a bid to increase the region's shared cyber threat defences. At the opening of the ACICE, Singapore's Ministry of Defence said Singapore alone experienced a 174% increase in phishing attempts between 2021 and 2022, while Southeast Asia cyber crime had increased 82%. Recorded Future Chief Information Security Officer Jason Steer told TechRepublic some customers in the region felt digitisation was turning data from gold into uranium due to cyber risk.
The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image...
Infosec in brief The European Union's Parliament and Council have reached an agreement on the Cyber Resilience Act, setting the long-awaited security regulation on a path to final approval and adoption, along with new rules exempting open source software. The CRA was proposed by the European Commission in September 2022 and imposes mandatory cyber security requirements for all hardware and software products - from baby monitors to routers, as the EU Commission put it.
Security professionals should regard AI in the same way as any other significant technology development. If we start by assuming AI will be used, we can then construct guardrails to mitigate risk.
Please turn on your JavaScript for this page to function normally. According to Cisco, only 14% of organizations worldwide are ready to implement and utilize AI technologies.
In their 2024 cybersecurity outlook, WatchGuard researchers forecast headline-stealing hacks involving LLMs, AI-based voice chatbots, modern VR/MR headsets, and more in the coming year. During 2024, the WatchGuard Threat Lab predicts that a smart prompt engineer whether a criminal attacker or researcher will crack the code and manipulate an LLM into leaking private data.
"There is no indication of lateral movement from our staging environment to any customers' New Relic accounts in the separate production environment or to New Relic's production infrastructure," the advisory adds. "Based on our investigation to date, there is no evidence to suggest the identified log-in credentials were acquired as a result of the attack on New Relic's staging environment," the advisory states.
Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to "hands-on-keyboard...
A cybersecurity budget is an allocation of resources, both financial and otherwise, dedicated to protecting an organization's digital assets from cyber threats. A well-structured cybersecurity budget ensures that an organization is adequately prepared to detect, prevent, and respond to potential cyberattacks, thereby minimizing the risk of data breaches and other security incidents.