Feds Patching Years-Old SS7 Vulnerability in Phone Networks
The FCC’s Public Safety and Homeland Security Bureau is seeking input on how communication service providers are securing SS7 and Diameter protocols to prevent location-tracking…
Month: April 2024
Cybercriminal adoption of browser fingerprinting
Browser fingerprinting is one of many tactics phishing site authors use to evade security checks and lengthen the lifespan of malicious campaigns. While browser fingerprinting…
AI Package Hallucination – Abusing ChatGPT, Gemini to Spread Malware
The research investigates the persistence and scale of AI package hallucination, a technique where LLMs recommend non-existent malicious packages. The Langchain framework has allowed for…
Security pros are cautiously optimistic about AI
55% of organizations plan to adopt GenAI solutions within this year, signaling a substantial surge in GenAI integration, according to a Cloud Security Alliance and…
HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks
HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks Pierluigi Paganini April 05, 2024 HTTP/2 CONTINUATION Flood: Researchers warn of a new HTTP/2 vulnerability…
New infosec products of the week: April 5, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Fastly, LogRhythm, Owl Cyber Defense Solutions, and TrueMedia.org. Owl Talon…
Web3 Security Specialist Hypernative To Provide Proactive Protection To The Flare Ecosystem
Flare is pleased to announce the onboarding of Hypernative, an industry leader in proactive institutional grade Web3 security. The Hypernative platform will protect Flare ecosystem…
Visa warns of new JSOutProx malware variant targeting financial orgs
Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers. In a security…
New Latrodectus malware replaces IcedID in network breaches
A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023. The…
Japanese lens maker Hoya halts production after cyber attack – Security
Japanese lens maker Hoya said the production of several of its products have stopped after a system failure, which was “most likely caused by unauthorised…
AMP gets advisers to document client meetings with Copilot – Finance – Software
AMP is seeing “strong” take-up of Microsoft’s M365 Copilot among aligned and independent financial advisers, who are using it to record, transcribe and summarise client…
New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators
Image credit: Hackread.com A new malware threat named Latrodectus has emerged, bypassing detection methods and linked to the developers behind IcedID. This downloader malware empowers…