89Articles
7Categories
2024-02-23Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 18[−]
23 FebResearchers Detail Apple's Recent Zero-Click Shortcuts VulnerabilityDetails have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive information on the device without users' consent. The vulnerability, tracked as CVE-2024-23204 (CVSS score: 7.5), was addressed…THEHACKERNEWS.COM
23 FebRansomware Warning as CVSS 10.0 ScreenConnect Bug is Exploitedsubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/ransomware-cvss-100-screenconnect/ IT administrators are urged to immediately patch on-premises ScreenConnect servers due to active exploitation of a critical vulnerability, CVE-202…INFOSECURITY-MAGAZINE.COM
23 FebDetails on Apple’s Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204submitted by kid to cybersecurity 1 points | 0 comments https://www.bitdefender.com/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/ CVE-2024-23204 is a high-severity vulnerability (CVSS score of 7.5) in Apple’s Shortcuts app, which could allow…BITDEFENDER.COM
23 FebResearchers Detail Apple's Recent Zero-Click Shortcuts VulnerabilityA security flaw in Apple's Shortcuts app allowed shortcuts to access sensitive data on devices without user consent. The vulnerability, tracked as CVE-2024-23204, was patched by Apple on January 22, 2024.THEHACKERNEWS.COM
23 FebHackers find a ‘Shortcut’ to data stored on iPhones, iPads, and MacsApple has advised users to patch their devices against a vulnerability affecting the Apple Shortcuts application that can allow hackers to access sensitive data without invoking user permission. Tracked as CVE-2024-23204, the flaw has a critical rating (CVSS 7.5/10) because of it…CSOONLINE.COM
23 Feb‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware DeliveryConnectWise ScreenConnect vulnerability tracked as CVE-2024-1709 and SlashAndGrab exploited to deliver ransomware and other malware. The post ‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery appeared first on SecurityWeek .SECURITYWEEK.COM
23 FebCode injection or backdoor: A new look at Ivanti's CVE-2021-44529submitted by L4s to secops 1 points | 0 comments https://www.labs.greynoise.io/grimoire/2024-02-what-is-this-old-ivanti-exploit/ Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529::In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors sa…LABS.GREYNOISE.IO
23 FebChromium: CVE-2024-1669 Out of bounds memory access in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
23 FebChromium: CVE-2024-1670 Use after free in MojoThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
23 FebChromium: CVE-2024-1671 Inappropriate implementation in Site IsolationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
23 FebChromium: CVE-2024-1672 Inappropriate implementation in Content Security PolicyThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
23 FebChromium: CVE-2024-1673 Use after free in AccessibilityThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
23 FebChromium: CVE-2024-1674 Inappropriate implementation in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
23 FebChromium: CVE-2024-1675 Insufficient policy enforcement in DownloadThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
23 FebChromium: CVE-2024-1676 Inappropriate implementation in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
23 FebCVE-2024-26188 Microsoft Edge (Chromium-based) Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 19[−]
23 FebHackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warnSecurity experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced that they had disrupted the notorious Russia-linked cybercrime gang. Researchers at cybersecu…TECHCRUNCH.COM
23 FebThanks FedEx, This is Why we Keep Getting PhishedPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I've been getting a lot of those "your parcel couldn't be delivered" phishing attacks lately and if you're a h…TROYHUNT.COM
23 FebWho is LockBitSupp? Police Delay Promise to Reveal IdentityOfficials Reschedule Big Reveal of LockBit Ransomware Group Leadership's Identity Who is LockBitSupp? On Friday morning, when law enforcement promised to reveal the identity of the public mouthpiece of the LockBit ransomware-as-a-service operation they infiltrated and disrupted e…DATABREACHTODAY.CO.UK
23 FebLaw Enforcement Dismantled LockBit Before Latest Variant Hit MarketThe new variant, referred to as LockBit-NG-Dev, was being designed to succeed the most recent LockBit 3.0 iteration, using .NET and CoreRT for cross-platform compatibility.THEREGISTER.COM
23 FebConnectWise ScreenConnect attacks deliver malwareMultiple attacks exploit vulnerabilities in an IT remote access tool to deliver a variety of different payloads into business environmentsSOPHOS.COM
23 FebNo Big Reveal: Cops Don't Unmask LockBit's LockBitSuppAfter Teasing 'Who is LockBitSupp,' Cops Say He's 'Engaged With Law Enforcement' "Who is LockBitSupp?" Police teased they would reveal the answer to that question Friday, but when the big reveal came, they disclosed very little, except to cryptically say the apparent member of th…DATABREACHTODAY.CO.UK
23 FebIncident Response in Cases of Supply Chain Incidents - Lucas Ferreira - BSides Lisbon 2023submitted by ashar to security_cpe 1 points | 0 comments https://youtu.be/y0z0i61df7c?si=OCzBfJz1995YFUgA Incident Response in Cases of Supply Chain Incidents - Lucas Ferreira In today’s interconnected world, companies rely on a complex network of third-party vendors and service …YOUTU.BE
23 FebNearly One in Three Cyber Attacks In 2023 Involved The Abuse of Valid AccountsThirty percent of all cyber incidents in 2023 involved abuse of valid credentials, according to IBM X-Force’s latest Threat Intelligence Index. This represents a seventy-one percent increase compared to 2022.KNOWBE4.COM
23 FebToward Better Patching — A New Approach with a Dose of AIUse of AI to cut through the noise and confusion of the current vulnerability prioritization approaches suggests an exciting future for AI-assisted operations to vulnerability triaging. The post Toward Better Patching — A New Approach with a Dose of AI appeared first on SecurityW…SECURITYWEEK.COM
23 FebApple Shortcuts Vulnerability Exposes Sensitive InformationHigh-severity vulnerability in Apple Shortcuts could lead to sensitive information leak without user’s knowledge. The post Apple Shortcuts Vulnerability Exposes Sensitive Information appeared first on SecurityWeek .SECURITYWEEK.COM
23 FebAIs Hacking WebsitesNew research : LLM Agents can Autonomously Hack Websites Abstract: In recent years, large language models (LLMs) have become increasingly capable and can now interact with tools (i.e., call functions), read documents, and recursively call themselves. As a result, these LLMs can n…SCHNEIER.COM
23 FebA Vulnerability in Apache OFBiz Could Allow for Remote Code ExecutionA vulnerability has been discovered in the Apache OFBiz, which could allow for remote code execution. Apache OFBiz is an open source product for the automation of enterprise processes. It includes framework components and business applications for ERP, CRM, E-Business/E-Commerce,…CISECURITY.ORG
23 FebGenerative AI making big impact on security pros, to no one’s surpriseThe wildfire spread of generative AI has already had noticeable effects, both good and bad, on the day-to-day lives of cybersecurity professionals, a study released this week by the non-profit ISC2 group has found. The study – which surveyed more than 1,120 cybersecurity pros, mo…CSOONLINE.COM
23 FebAttackers Rush to Exploit ScreenConnect VulnerabilitiesRansomware, Info Stealers, Backdoors and Cryptojacking Hackers are on a tear to exploit unpatched ConnectWise ScreenConnect remote connection software to infect systems with ransomware, info stealers and persistent backdoors. The attacks observed by researchers include ransomware…DATABREACHTODAY.CO.UK
23 FebInsecure Apex code plagues many Salesforce deploymentsSecurity researchers warn that many organizations have instances of insecure Apex code in their Salesforce deployments which open serious vulnerabilities that put their data and business workflows at risk. Researchers from security firm Varonis reported finding high and critical …CSOONLINE.COM
23 FebBinance Restricts 85 LockBit Crypto WalletsAuthorities Uncover 30,000 LockBit Bitcoin Addresses Cryptocurrency trading platform Binance restricted access to 85 accounts as part of an action against the LockBit ransomware affiliates, and authorities estimated that members of the now-defunct ransomware-as-a-service operatio…DATABREACHTODAY.CO.UK
23 FebUpdated: Top Cyber Actions for Securing Water SystemsToday, CISA, the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI) updated the joint fact sheet Top Cyber Actions for Securing Water Systems . This update includes additional resources—from American Water Works Association, the WaterISAC, and MS…CISA.GOV
23 FebChange Healthcare Outage Hits Military Pharmacies WorldwideExperts Speculate About Whether the Hack Involved the ScreenConnect Flaw Exploit Pharmacies at U.S. military hospitals and clinics worldwide are among the entities affected by the cyberattack on Optum's Change Healthcare this week, which has forced the IT services company to take…DATABREACHTODAY.CO.UK
23 FebSVR Cyber Actors Adapt Tactics for Initial Cloud AccessHow SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure OVERVIEW This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bea…CISA.GOV
📢 SECURITY ADVISORIES 2[−]
23 FebCISA And FBI Share Cyber Attack Defenses For Securing Water SystemsThe Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI) have collaborated to develop a highly significant cybersecurity guide that is specifically intended for Water and Wastewater Syste…GBHACKERS.COM
23 FebLockBitsupp unmasked!!? My reaction to the FBI and NCA’s LockBit ransomware revelationCheck out my "live reaction" (isn't that what all the kids post on social media these days?) to the much-hyped revelation of the identity of the LockBit ransomware's administrator.GRAHAMCLULEY.COM
🔥 INCIDENT REPORTING 21[−]
23 FebUnitedHealth says Change Healthcare hacked by nation state, as pharmacy outages drag onU.S. health insurance giant UnitedHealth Group said Thursday in a filing with government regulators that its subsidiary Change Healthcare was compromised likely by government-backed hackers. In a filing Thursday, UHG blamed the ongoing cybersecurity incident affecting Change Heal…TECHCRUNCH.COM
23 FebUpdate: Plant Production Still on Hold for German Battery Manufacturer After CyberattackThe company has informed customers of potential email loss and is working with experts to investigate the cyberattack, which was carried out by an organized group of hackers.THERECORD.MEDIA
23 FebUpdate: UnitedHealth Says Change Healthcare Hacked by Nation State, as Pharmacy Outages Drag OnThe ongoing cyberattack on Change Healthcare has resulted in widespread disruption, affecting patient billing processes, prescription fulfillment, and causing downtime for healthcare professionals.TECHCRUNCH.COM
23 FebRussian Cyberattackers Launch Multiphase PsyOps CampaignRussian-linked threat actors conducted a multiwave campaign, Operation Texonto, using a combination of pysops and spear-phishing to spread misinformation in Ukraine and target Microsoft 365 credentials across Europe.DARKREADING.COM
23 FebUnitedHealth confirms Optum hack behind US healthcare billing outageUS healthcare giant UnitedHealth Group announced that its subsidiary Optum suffered a cyberattack by "nation-state" hackers on the Change Healthcare platform, forcing the company to shut down IT systems and various services. [...]BLEEPINGCOMPUTER.COM
23 FebRussia Arrests Three Alleged SugarLocker Ransomware MembersThe group has been involved in deploying ransomware and receiving profits from cyberattacks. The arrest may be a PR move by Russia, and there are speculations about the suspects' continued operations.THERECORD.MEDIA
23 FebAT&T Says the Outage to Its US Cellphone Network Was Not Caused by a CyberattackAT&T said the hourslong outage to its U.S. cellphone network Thursday appeared to be the result of a technical error, not a malicious attack. The post AT&T Says the Outage to Its US Cellphone Network Was Not Caused by a Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
23 Feb230k Individuals Impacted by Data Breach at Australian Telco TangerineTangerine Telecom says attackers stole the personal information of 230,000 individuals from a legacy customer database. The post 230k Individuals Impacted by Data Breach at Australian Telco Tangerine appeared first on SecurityWeek .SECURITYWEEK.COM
23 FebHow to Use Tines's SOC Automation Capability MatrixCreated by John Tuckner and the team at workflow and automation platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to…THEHACKERNEWS.COM
23 FebCyber Security Today, Feb. 23, 2024 - A cyber warning on the second anniversary of Russia's invasion of Ukraine, and more LockBit newsThis episode reports on advice for protecting water utilities from cyber attacks, Avast agrees to a settlement with FTC on allegations it wrongly sold consumer data, and moreCYBERSECURITYTODAY.LIBSYN.COM
23 FebData Breach at French Healthcare Payment Processor Puts 20 Million Policyholders at RiskA single account being phished caused millions of French healthcare policyholder records to be breached.KNOWBE4.COM
23 FebPrescription orders delayed as US pharmacies grapple with “nation-state” cyber attackPrescription orders across the United States are reportedly being delayed after a cyber attack impacted a healthcare technology firm that supplies services to pharmacies, including CVS Health. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
23 FebU-Haul Says Hacker Accessed Customer Records Using Stolen CredentialsThe breach did not compromise payment details, and U-Haul has reset passwords for affected accounts, implemented additional security measures, and offered one-year identity theft protection service to affected customers.BLEEPINGCOMPUTER.COM
23 FebQuik Pawn Shop Falls Victim to Alleged Cyberattack by Akira Ransomware GroupThe outage of Quik Pawn Shop's website indicates a potential cyberattack consequence, hindering communication and leaving customers unaware of the breach's extent and implications.THECYBEREXPRESS.COM
23 FebDormant PyPI Package Compromised to Spread Nova Sentinel MalwareA dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel. The package, named django-log-tracker, was first published to PyPI in April 2022, according to softw…THEHACKERNEWS.COM
23 FebLockBit ransomware gang has over $110 million in unspent bitcoinThe LockBit ransomware gang received more than $125 million in ransom payments over the past 18 months, according to the analysis of hundreds of cryptocurrency wallets associated with the operation. [...]BLEEPINGCOMPUTER.COM
23 FebPost-LockBit, How Will the Ransomware Ecosystem Evolve?With Over $1 Billion in Annual Proceeds, Don't Expect Attackers to Give Up the Life Once the dust settles on the LockBit disruption, what will be the state of ransomware? Expect attackers to continue refining their tactics for maximizing profits via a grab bag of complementary st…DATABREACHTODAY.CO.UK
23 FebInsomniac Games alerts employees hit by ransomware data breachSony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November. [...]BLEEPINGCOMPUTER.COM
23 FebCyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024This episode features a discussion on the takedown of the LockBit ransomware gang, and moreCYBERSECURITYTODAY.LIBSYN.COM
23 FebUS FTC Imposes Strict Reporting Mandates for Global Tel*LinkNew Reporting Measures Follow Data Breach Affecting Prison Communications Provider Global Tel Link, a major prison communications provider in the U.S., will be required to notify its users - as well as the Federal Trade Commission - about certain data breaches and security events…DATABREACHTODAY.CO.UK
23 FebHHS OCR Tells Congress It Needs More Funding for HIPAA WorkBreaches and Complaints Continue to Soar as Regulatory Duties Increase As the volume of major health data breaches rises, the federal agency charged with investigating those incidents told Congress this week that it lacks the needed funding to keep up with its mounting workload. …DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 12[−]
23 FebISC Stormcast For Friday, February 23rd, 2024 https://isc.sans.edu/podcastdetail/8866, (Fri, Feb 23rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
23 FebPython Risk Identification Tool for generative AI (PyRIT)submitted by L4s to secops 1 points | 0 comments https://github.com/Azure/PyRIT Python Risk Identification Tool for generative AI (PyRIT)::The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and ma…GITHUB.COM
23 FebNew Infostealer Malware Attacking Oil and Gas IndustryThe oil and gas sector faces a significant cybersecurity threat with the emergence of a new and sophisticated Malware-as-a-Service (MaaS) infostealer known as Rhadamanthys Stealer. This advanced phishing campaign has successfully reached its intended targets within the industry, …GBHACKERS.COM
23 FebLinux Malware ‘Migo’ Targets Redis for Cryptojacking AttacksResearchers spotted a new Migo malware targeting Redis servers to mine cryptocurrency and utilizing system-weakening commands to disable security features. Migo is distributed as a Golang ELF binary, with compile-time obfuscation and the ability to persist on Linux hosts. Organiz…CYWARE.COM
23 FebMicrosoft Releases Red Teaming Tool for Generative AIMicrosoft releases PyRIT red teaming tool to help identify risks in generative AI through automation. The post Microsoft Releases Red Teaming Tool for Generative AI appeared first on SecurityWeek .SECURITYWEEK.COM
23 FebYour KnowBe4 Fresh Content Updates from February 2024Check out the 29 new pieces of training content added in February, alongside the always fresh content update highlights, events and new features.KNOWBE4.COM
23 FebIn Other News: Spyware Vendor Shutdown, Freenom-Meta Settlement, 232 Threat GroupsNoteworthy stories that might have slipped under the radar: Spyware vendor Varonis is shutting down, Crowdstrike tracks 232 threat actors, Meta and Freenom reach settlement. The post In Other News: Spyware Vendor Shutdown, Freenom-Meta Settlement, 232 Threat Groups appeared first…SECURITYWEEK.COM
23 FebFace off: New Banking Trojan steals biometrics to access victims’ bank accountsVenturebeat had the scoop on a fresh Group-IB report. They discovered the first banking trojan that steals people’s faces. Unsuspecting users are tricked into giving up personal IDs and phone numbers and are prompted to perform face scans. These images are then swapped out with A…KNOWBE4.COM
23 FebTwo-Factor Authentication - SWN VaultCheck out this interview from the SWN Vault, hand picked by main host Doug White! This segment was originally published on November 2, 2018. This week, Dr. Doug and Russ talk about the mysterious world of Two-Factor Authentication. This is something you hear all the time, and mor…YOUTUBE.COM
23 FebThings that have been happening to me too often latelysubmitted by tux0r to cybersecurity 3 points | 0 comments duplicate: feddit.de/post/9261519 I am denied read-only access to some websites because I use a VPN. This makes no sense at all, but it happens anyway. I am not allowed to register in some forums because I use a VPN. Becau…SH.ITJUST.WORKS
23 FebISMG Editors: The 'New Frontier' of AI and Identity SecurityIdentity Security Expert Jeremy Grant Discusses Challenges, Innovations and Trends In the latest weekly update, Jeremy Grant of Venable LLP joins editors at ISMG to discuss the state of secure identity in 2024, the challenges in developing next-generation remote ID proofing syste…DATABREACHTODAY.CO.UK
23 FebFriday Squid Blogging: Illex Squid and Climate ChangeThere are correlations between the populations of the Illex Argentines squid and water temperatures. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here .SCHNEIER.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
23 FebSimple Anti-Sandbox Technique: Where's The Mouse?, (Fri, Feb 23rd)Malware samples have plenty of techniques to detect if they are running in a "safe" environment. By safe, I mean a normal computer with a user between the keyboard and the chair, programs running, etc. These techniques are based on checking the presence of specific processes, reg…ISC.SANS.EDU
23 FebNew Malware-as-a-Service Info-Stealer Malware Targets Oil and Gas CompaniesAn advanced phishing campaign targeting the Oil and Gas industry is distributing the Rhadamanthys Stealer, an uncommon and sophisticated Malware-as-a-Service information stealer.COFENSE.COM
23 FebSpyware leak offers ‘first-of-its-kind’ look inside Chinese government hacking effortsOver the weekend, someone posted a cache of files and documents apparently stolen from the Chinese government hacking contractor, I-Soon. This leak gives cybersecurity researchers and rival governments an unprecedented chance to look behind the curtain of Chinese government hacki…TECHCRUNCH.COM
📡 INFOSEC NEWS 14[−]
23 FebFTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing DataThe U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to advertisers after claiming its products would block online tracking. In addition, the company has been banned from selling or l…THEHACKERNEWS.COM
23 FebApple has released a new way to protect instant messaging in iMessage | Kaspersky official blogApple protects iMessage chats via its new post-quantum encryption protocol.KASPERSKY.COM
23 FebChinese Duo Found Guilty of $3m Apple Fraud PlotTwo Chinese nationals, Haotian Sun and Pengfei Xue, have been found guilty of running a fraudulent scheme targeting Apple. They sent thousands of fake iPhones to Apple for repair, hoping to receive genuine replacements.INFOSECURITY-MAGAZINE.COM
23 FebMicrosoft Releases PyRIT - A Red Teaming Tool for Generative AIMicrosoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI) systems. The red teaming tool is designed to "enable every organization across th…THEHACKERNEWS.COM
23 FebWindows Photos gets AI magic eraser on Windows 10 and laterMicrosoft's Windows Photos app now has its own generative erase tool that enables users to replace unwanted objects with AI-generated content. [...]BLEEPINGCOMPUTER.COM
23 FebU-Haul says hacker accessed customer records using stolen credsU-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. [...]BLEEPINGCOMPUTER.COM
23 FebGeekWeek 9CYBER.GC.CA
23 FebGoogle Pay app shutting down in US, users have till June to move fundsGoogle is retiring the standalone Pay app in the United States. Users have until June 4 to transfer the balance to bank accounts. [...]BLEEPINGCOMPUTER.COM
23 FebAvast ordered to stop selling browsing data from its browsing privacy appsIdentifiable data included job searches, map directions, "cosplay erotica."ARSTECHNICA.COM
23 FebFTC sues H&R Block over deceptive 'free' online filing adsThe U.S. Federal Trade Commission (FTC) sued tax preparation giant H&R Block over the company's deceptive "free" online filing advertising and for pressuring people into overpaying for its services. [...]BLEEPINGCOMPUTER.COM
23 FebPSYOP campaigns targeting Ukraine – Week in security with Tony AnscombeComing in two waves, the campaign sought to demoralize Ukrainians and Ukrainian speakers abroad with disinformation messages about war-related subjectsWELIVESECURITY.COM
23 FebAvast ordered to stop selling browsing data from its browsing privacy appsIdentifiable data included job searches, map directions, "cosplay erotica."ARSTECHNICA.COM