Security News

Hypervisor heavyweight VMware by Broadcom yesterday revealed its hypervisors are not quite so inviolable as it might like. The nastiest two - CVE-2024-22252 and 22253 - are rated 9.3/10 on VMware's Workstation and Fusion desktop hypervisors and 8.4 on the ESXi server hypervisor.

Stolen ChatGPT credentials are a hot commodity on the dark web, according to Singapore-based threat intelligence firm Group-IB, which claims to have found some 225,000 stealer logs containing login details for the service last year. According to Group-IB, it found around 130,000 of the ChatGPT credential-containing logs in the five months from June to October, 2023, representing a 36 percent increase in the number of logs found in the prior five-month period between January and May of last year.

Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and...

A group of US lawmakers introduced legislation on Tuesday that, if passed, would force Chinese internet concern ByteDance to divest TikTok - its most valuable property - or see it banned in the US. The bill is titled the Protecting Americans from Foreign Adversary Controlled Applications Act. Although the lawmakers - from The House Select Committee on the CCP with support from the Energy and Commerce Committee - seem hellbent on targeting TikTok, the bill also creates a process for the US president to designate other foreign adversary-controlled social media applications as national security risks.

The report surveyed 150 IT security and data science leaders to shed light on the biggest vulnerabilities impacting AI today, their implications for commercial and federal organizations, and cutting-edge advancements in security controls for AI in all its forms. This has made AI security a top priority, with 94% of IT leaders dedicating funds to safeguard their AI in 2024.

Tazama is an open-source platform focused on improving fraud management within digital payment systems. Tazama marks a substantial transformation in the approach to financial monitoring and compliance worldwide.

In this Help Net Security video, Michelle Alvarez, Strategic Threat Analysis Manager at IBM X-Force, discusses the 2024 X-Force Threat Intelligence Index, revealing top threats and trends the team observed last year across its global engagements and how these shifts are forming the threat landscape in 2024 and beyond. X-Force observed shifts toward credential-driven attacks with a 71% increase in attacks caused by using valid accounts.

Ongoing cyberattack threats impact MSPs. The threat of cyberattacks continues to weigh on MSPs and their clients. MSPs are seen as a valuable cybersecurity resource for customers, with 46% saying most of their clients turn to them for advice on cybersecurity plans and best practices.

In this piece, we'll probe a notorious ransomware gang, ShinyHunters, to shed light on cybercriminal incentives and the objectives they pursue, as well as the effects for victims - and steps your team can take to reduce risk. His role in ShinyHunters was to create specialized phishing pages masquerading as a target company's login portal to lure employees to enter their credentials.

A class action complaint [PDF], filed Tuesday in federal court for the District of Northern California, claims that "Over nearly a decade, Google has knowingly kept millions of dollars in stolen money from victims of gift card scams who purchased Google Play gift cards." Filed on behalf of Indiana resident Judy May, the suit alleges Google keeps funds from stolen Google Play gift cards - either by taking its 15-30 percent commission from payments to Google Play app developers made with fraudulently obtained gift cards, or by withholding all funds paid via scammed gift cards for its own benefit.