Security News

VMware found a quarter of all ransomware attacks included double-extortion techniques, with top methods including blackmail, data auction and name and shame The use of deepfakes also shot up this year, by 13 percent to 66 percent of respondents reporting they had featured in an attack. 65 percent of respondents noted that cyberattacks had increased since Russia invaded Ukraine and 62 percent said they'd been on the receiving end of zero-day exploits.

Deepfake attacks and cyber extortion are creating mounting risks. "In February VMware reported seeing a new type of malware deployed in one of the largest targeted attacks in history focused solely on the destruction of critical information and resources."This is part of a growing list of destructive malware deployed against Ukraine, as noted in a joint advisory the Cybersecurity and Infrastructure Security Agency and the FBI released this spring,'' the report stated.

Threat actors exchange beacons for badgers to evade endpoint securityUnidentified cyber threat actors have started using Brute Ratel C4, an adversary simulation tool similar to Cobalt Strike, to try to avoid detection by endpoint security solutions and gain a foothold on target networks, Palo Alto Networks researchers have found. Attackers are using deepfakes to snag remote IT jobsMalicious individuals are using stolen personally identifiable information and voice and video deepfakes to try to land remote IT, programming, database and software-related jobs, the FBI has warned last week.

Malicious individuals are using stolen personally identifiable information and voice and video deepfakes to try to land remote IT, programming, database and software-related jobs, the FBI has warned last week. Deepfakes are synthetic media - images, audio recordings, videos - that make it look like a person has been doing and saying things they haven't done or said.

Qualcomm knows that if it wants developers to build and optimize AI applications across its portfolio of silicon, the Snapdragon giant needs to make the experience simpler and, ideally, better than what its rivals have been cooking up in the software stack department. That's why on Wednesday the fabless chip designer introduced what it's calling the Qualcomm AI Stack, which aims to, among other things, let developers take AI models they've developed for one device type, let's say smartphones, and easily adapt them for another, like PCs. This stack is only for devices powered by Qualcomm's system-on-chips, be they in laptops, cellphones, car entertainment, or something else.

The Federal Bureau of Investigation warns of increasing complaints that cybercriminals are using Americans' stolen Personally Identifiable Information and deepfakes to apply for remote work positions. The public service announcement, published on the FBI's Internet Crime Complaint Center today, adds that the deepfakes used to apply for positions in online interviews include convincingly altered videos or images.

Google has quietly banned deepfake projects on its Colaboratory service, putting an end to the large-scale utilization of the platform's resources for this purpose. Colab is an online computing resource that allows researchers to run Python code directly through the browser while using free computing resources, including GPUs, to power their projects.

Two stunning deepfakes that have been broadly covered include a deepfake of Tom Cruise, birthed into the world by Chris Ume and Miles Fisher, and deepfake young Luke Skywalker, created by Shamook and Graham Hamilton, in a recent episode of "The Book of Boba Fett.". Without a similar bone structure and the subject's trademark movements and turns of phrase, even today's most advanced AI would be hard-pressed to make the deepfake perform credibly.

Facebook has removed a deepfake video of Ukrainian President Volodymyr Zelenskyy spreading across the social network and the Internet, asking Ukrainian troops lay down their arms and surrender. "Earlier today, our teams identified and removed a deepfake video claiming to show President Zelensky issuing a statement he never did," said Nathaniel Gleicher, the head of security policy at Meta, Facebook's parent company.

Ransomware attacks used to be limited to a single attack / single extortion attempt, where hackers would demand payment in exchange for decrypting the target organization's files they've encrypted. In addition to ransomware, supply chain attacks have been very effective lately and are also on the rise, with the current trend seeing most of them targeting software companies, with high profile examples including attacks against SolarWinds and Codecov.