Security News > 2024 > April

LSA Whisperer consists of open-source tools designed to interact with authentication packages through their unique messaging protocols. "Many authentication packages generally support their internal APIs, known as package calls, and relatively few are documented or used outside of Microsoft. I wanted to document as many of these calls as possible and implement a tool for interacting with them so we could identify which would provide value for red team assessments," Evan McBroom, Senior Software Engineer at SpecterOps, told Help Net Security.

Following the past few years of economic turbulence, merger and acquisition activity is on the rise in 2024, with several acquisition deals being announced in the first few months of the year valued at billions of dollars. With the surge of AI adoption, companies must not only reevaluate AI's role in identifying top prospects but also assess and resolve security risks that may lie hidden within their networks and the companies they are merging or acquiring.

Here's a list of interesting cybersecurity companies that received funding so far in 2024. Alethea closed a $20 million Series B funding round led by GV, with participation from Ballistic Ventures, who led Alethea's Series A funding in 2022.

The GPT-4 large language model from OpenAI can exploit real-world vulnerabilities without human intervention, a new study by University of Illinois Urbana-Champaign researchers has found. How successful is GPT-4 at autonomously detecting and exploiting vulnerabilities? GPT-4 can autonomously exploit one-day vulnerabilities.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

The FBI has warned today that using unlicensed cryptocurrency transfer services can result in financial loss if law enforcement takes down these platforms. This announcement is aimed at crypto transfer platforms not registered as Money Services Businesses and non-compliant with anti-money laundering requirements as mandated by U.S. federal law.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

The Los Angeles County Department of Health Services disclosed a data breach after thousands of patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. This integrated health system operates the public hospitals and clinics in L.A. County and is the second largest public health care system in the country after NYC Health + Hospitals.

The Los Angeles County Department of Health Services disclosed a data breach after patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. This integrated health system operates the public hospitals and clinics in L.A. County and is the second largest public health care system in the country after NYC Health + Hospitals.

Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. Since September 2023, when Sekoia captured the unique IP address associated with the particular C2, it has logged over 2,495,297 unique IPs from 170 countries interacting with its sinkhole.