Security News

Hackers claim to have breached the network of a major auction house and offered access to whoever was willing to pay $120,000. The most expensive item for sale was $120,000 for access to the network of a multi-billion dollar auction house.

Like many leaders in the cybersecurity space, the professional journey of Mihoko Matsubara did not necessarily begin with securing devices or technology. Discussing her career path with the Left to Our Own Devices podcast and how it opened her eyes to a world of security, Mihoko explained how she went from curiosity to university in Washington, D.C., became a Senior Security Analyst at Hitachi, then VP Public Sector Chief Security Officer at Palo Alto, and to her current position as the Chief Cybersecurity Strategist at NTT Japan.

Cybersecurity risk is distinct from other IT risk in that it has a thinking, adaptive, human opponent. IT generally must deal with first order chaos and risk much like hurricanes in meteorology or...

Ermetic released CNAPPgoat, an open-source project that allows organizations to test their cloud security skills, processes, tools, and posture in interactive sandbox environments that are easy to deploy and destroy. CNAPPgoat supports AWS, Azure, and GCP platforms for assessing the security capabilities included in Cloud Native Application Protection Platforms.

Abstract: We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversarial perturbation corresponding to the prompt and blends it into an image or audio recording. When the user asks the model about the perturbed image or audio, the perturbation steers the model to output the attacker-chosen text and/or make the subsequent dialog follow the attacker's instruction.

JP Morgan has been fined $4 million by the US Securities and Exchange Commission for deleting millions of email records dating from 2018 relating to its Chase Bank subsidiary. The Financial services outfit apparently deleted somewhere in the region of 47 million electronic communications records from about 8,700 electronic mailboxes covering the period January 1 through to April 23, 2018.

A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. The multi-stage attack chain commences when an email recipient clicks the embedded link pointing to a password-protected ZIP file hosted on Microsoft OneDrive with the password "12345."

Amid an industry migration away from passwords, Okta has launched Okta Device Access, part of its suite of Workforce Identity Cloud products and an effort to unify passkey access across all devices under a single identity and access management platform. Designed to extend identity access management to the point of device login, the Okta Device Access service is also meant to reduce the likelihood that users, faced with the aggravation of having to wrangle repeatedly with logins for each device, will jettison security protocols.

An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020. A key security measure to mitigate against malicious drivers is Driver Signature Enforcement, which ensures that only drivers signed by Microsoft can be loaded on the system.

Technology provider ScanSource has announced it has fallen victim to a ransomware attack impacting some of its systems, business operations, and customer portals. ScanSource is a U.S.-based cloud service and SaaS connectivity and network communications provider that also offers special PoS and payments, security, and AIDC solutions.