Security News

The number of cyberattacks directed at artificial intelligence continues to increase, and hackers are no longer planting malicious bugs within code - their techniques have become increasingly complex, allowing them to tamper with systems to compromise and "Weaponize" AI against the organizations leveraging it for their operations. There are four typical elements to consider when it comes to ML. The first is data sets: the data provided to a device or machine so it can function, review, and decide based on the information received.

Unknown attackers wielding novel specialized malware have managed to compromise VMware ESXi hypervisors and guest Linux and Windows virtual machines, Mandiant threat analysts have discovered. VirtualGATE is a utility program that incorporates a memory-only dropper and a payload that can run commands from a hypervisor host on a guest virtual machine, or between guest virtual machines on the same hypervisor host.

Attackers view smaller organizations as having fewer security protocols in place, therefore requiring less effort to compromise. Lumu has found that compromise is significantly different for small businesses than for medium-sized and large enterprises.

How to protect your organization's single sign-on credentials from compromise. Single sign-on, or SSO, is considered an effective method of authentication because it reduces the need for passwords and lets users authenticate across different applications and systems with just one single set of credentials.

American Airlines has notified customers of a recent data breach after attackers compromised an undisclosed number of employee email accounts and gained access to sensitive personal information. American Airlines discovered the breach on July 5th, immediately secured the impacted email accounts, and hired a cybersecurity forensic firm to investigate the security incident.

A hacktivist collective called GhostSec has claimed credit for compromising as many as 55 Berghof programmable logic controllers used by Israeli organizations as part of a "Free Palestine" campaign. "The group pivoted from their regular operations and started to target multiple Israeli companies, presumably gaining access to various IoT interfaces and ICS/SCADA systems, which led to possible disruptions," Cyberint noted on July 14.

To protect the victim's account, the organization had implemented Microsoft MFA through the Microsoft Authenticator app, which should have stopped any use of stolen credentials. Microsoft MFA doesn't always require a second form of authentication.

How a business email compromise scam spoofed the CFO of a major corporation. Business email compromise attacks work by using a standard phishing scheme and then lending it authority by impersonating a trusted and often high-ranking individual associated with the targeted organization.

The threat actor behind the SolarWinds supply chain attack has been linked to yet another "Highly targeted" post-exploitation malware that could be used to maintain persistent access to compromised environments. "Nobelium remains highly active, executing multiple campaigns in parallel targeting government organizations, non-governmental organizations, intergovernmental organizations, and think tanks across the US, Europe, and Central Asia," Microsoft said.

PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. "We have additionally determined that some maintainers of legitimate projects have been compromised, and malware published as the latest release for those projects. These releases have been removed from PyPI and the maintainer accounts have been temporarily frozen," the PyPI team noted.