Security News

Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo. GuardZoo is a modified version of an Android remote access trojan named Dendroid RAT that was first discovered by Broadcom-owned Symantec in March 2014.

Theregister.com needs to review the security of your connection before proceeding. Theregister.com to respond.....

Australia's Competition and Consumer Commission has warned that scammers are targeting scam victims with fake offers to help them recover from scams. The Commission today warned that scammers are targeting victims of scams with schemes that solicit an up-front fee to recover money lost in past scams.

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about a China-linked cyber espionage group called APT40, warning about its ability to co-opt exploits for newly disclosed security flaws within hours or days of public release. "APT 40 has previously targeted organizations in various countries, including Australia and the United States," the agencies said.

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a "Complex and persistent" supply chain attack. As many as 68 packages have been linked to the campaign.

Microsoft is suffering cybersecurity failures due to systemic problems with strategic leadership. The world is witnessing an alarming trend of cybersecurity issues with Microsoft products and services.

What are the primary factors contributing to the cybersecurity skills gap? Are there specific areas within cybersecurity that are more affected than others? Several factors across the technology industry are responsible for the cybersecurity skills gap, including lack of representation and diversity, and insufficient training opportunities given the rapid evolution of cybersecurity threats and tools.

Shadow engineering is present in many organizations, and it can lead to security, compliance, and risk challenges. Rather than trying to stop it, which can turn into a frustrating game of whack-a-mole, security teams need to understand how shadow engineering negatively impacts their initiatives so they can work around the problem.

Law enforcement agencies from eight nations, led by Australia, have issued an advisory that details the tradecraft used by China-aligned threat actor APT40 - aka Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk - and found it prioritizes developing exploits for newly found vulnerabilities and can target them within hours. The advisory describes APT40 as a "State-sponsored cyber group" and the People's Republic of China as that sponsor.

The online forum OpenAI employees use for confidential internal communications was breached last year, anonymous sources have told The New York Times.Hackers lifted details about the design of the company's AI technologies from forum posts, but they did not infiltrate the systems where OpenAI actually houses and builds its AI. OpenAI executives announced the incident to the whole company during an all-hands meeting in April 2023, and also informed the board of directors.