Security News

Like cybercriminals, hackers will also be leveraging tools such as publicly available Common Vulnerabilities and Exposures databases. The way to keep pace and avoid burnout in internal security teams is to engage hackers to work on their behalf by setting up a vulnerability disclosure program.

Digital storage giant Western Digital confirmed that an "Unauthorized third party" gained access to its systems and stole personal information belonging to the company's online store customers. "This information included customer names, billing and shipping addresses, email addresses and telephone numbers," the San Jose-based company said in a disclosure last week.

Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack. The company emailed the data breach notifications late Friday afternoon, warning that customers' data was stored in a Western Digital database stolen during the attack.

This year's DEF CON AI Village has invited hackers to show up, dive in, and find bugs and biases in large language models built by OpenAI, Google, Anthropic, and others. The collaborative event, which AI Village organizers describe as "The largest red teaming exercise ever for any group of AI models," will host "Thousands" of people, including "Hundreds of students from overlooked institutions and communities," all of whom will be tasked with finding flaws in LLMs that power today's chat bots and generative AI. Think: traditional bugs in code, but also problems more specific to machine learning, such as bias, hallucinations, and jailbreaks - all of which ethical and security professionals are now having to grapple with as these technologies scale.

Like PyPI for Pythonistas, Gems for Ruby fans, NPM for JavaScript programmers, or LuaRocks for Luaphiles, Packagist is a repository where community contributors can publish details of PHP packages they've created. Unlike PyPI, which provides its own servers where the actual library code is stored, Packagist links to, but doesn't itself keep copies of, the code you need to download. There's an upside to doing it this way, notably that projects that are managed via well-known source code services such as GitHub don't need to maintain two copies of their official releases, which helps avoid the problem of "Version drift" between the source code control system and the packaging system.

Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019. "The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments trying to alter legitimate banking transfers performed by the victims by changing the beneficiary and transferring money to an illegitimate bank account," Cleafy researchers Federico Valentini and Alessandro Strino said.

The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign. Active since at least 2012, the prolific threat actor has been linked to targeted attacks on non-governmental organizations, think tanks, diplomatic agencies, military organizations, economic groups, and research entities across North America, Asia, and Europe.

The North Korean Kimsuky hacking group has been observed employing a new version of its reconnaissance malware, now called 'ReconShark,' in a cyberespionage campaign with a global reach. Previously, in August 2022, Kaspersky revealed another Kimsuky campaign targeting politicians, diplomats, university professors, and journalists in South Korea using a multi-stage target validation scheme that ensured only valid targets would be infected with malicious payloads.

An APT hacking group known as "Dragon Breath," "Golden Eye Dog," or "APT-Q-27" is demonstrating a new trend of using several complex variations of the classic DLL sideloading technique to evade detection. DLL sideloading is a technique exploited by attackers since 2010, taking advantage of the insecure way Windows loads DLL files required by an application.

The Russian 'Sandworm' hacking group has been linked to an attack on Ukrainian state networks where WinRar was used to destroy data on government devices. In a new advisory, the Ukrainian Government Computer Emergency Response Team says the Russian hackers used compromised VPN accounts that weren't protected with multi-factor authentication to access critical systems in Ukrainian state networks.