Cybersecurity Articles
- EdFinancial and the Oklahoma Student Loan Authority (OSLA) are notifying over 2.5 million loanees that their personal data was exposed in a data breach.
- The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, according to a breach disclosure letter.
- That exposed information included names, home addresses, email addresses, phone numbers and social security numbers for a total of 2,501,324 student loan account holders.
- “With recent news of student loan forgiveness, it’s reasonable to expect the occasion to be used by scammers as a gateway for criminal activity,” Bischoping said.
- Last week, the Biden administration announced a plan to cancel $10,000 of student loan debt for low- and middle-income loanees.
- Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- The threat actor, according to researchers, is believed to be the China-based APT TA423, also known as Red Ladon.
- In lieu of malware, attackers can use ScanBox in conjunction with watering hole attacks.
- Adversaries load the malicious JavaScript onto a compromised website where the ScanBox acts as a keylogger snagging all of a user’s typed activity on the infected watering hole website.
- This allows ScanBox to connect to a set of pre-configured targets,” researchers explain.
- The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.
- “These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organization.”Impacted were 114 US-based firms, with additional victims of sprinkled across 68 additional countries.
- “The 0ktapus campaign has been incredibly successful, and the full scale of it may not be known for some time,” he said.
- What the 0ktapus Hackers WantedThe 0ktapus attackers are believed to have begun their campaign by targeting telecommunications companies in hopes of winning access to potential targets’ phone numbers.
- Those links led to webpages mimicking the Okta authentication page used by the target’s employer.
- Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- After a recent dip, ransomware attacks are back on the rise.
- With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they are released,” researchers have determined that Lockbit was by far the most prolific ransomware gang in July, behind 62 attacks.
- It may well be that the resurgence in ransomware attacks, and the rise of these two particular groups, are intimately connected.
- Why Ransomware Has BouncedResearchers from NCC Group counted 198 successful ransomware campaigns in July – up 47 percent from June.
- New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.
- Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment.
- Last Fall, a command injection flaw in Hikvision cameras was revealed to the world as CVE-2021-36260.
- According to David Maynor, senior director of threat intelligence at Cybrary, Hikvision cameras have been vulnerable for many reasons, and for a while.
- Furthermore, IoT devices might not give users any indication that they’re unsecured or out of date.
- MirageC/Getty ImagesCan you jailbreak Anthropic's latest AI safety measure?
- On Monday, the company released a new paper outlining an AI safety system based on Constitutional Classifiers.
- The process is based on Constitutional AI, a system Anthropic used to make Claude "harmless," in which one AI helps monitor and improve another.
- The Constitutional Classifiers system proved effective.
- Claude alone only blocked 14% of attacks, while Claude with Constitutional Classifiers blocked over 95%.
- We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites.
- And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
- When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions.
- Neither ZDNET nor the author are compensated for these independent reviews.
- Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards.
- Also: The best VPN services of 2025: Expert tested and reviewedGradually added in 2023 and 2024, the VPN was part of the version of Defender exclusive to Microsoft 365 Personal and Family subscriptions.
- You should see Microsoft Defender VPN among the list of profiles.
- Microsoft 365 subscribers who'll need a replacement VPN can check out the following ZDNET stories and guides for help:The death of Microsoft 365's VPN comes at a time of higher prices for the suite.
- US subscribers of Microsoft 365 Personal will pay $99.99 per year or $9.99 per month, up from $69.99 per year or $6.99 per month.
- Subscribers to Microsoft 365 Family would have to cough up $129.99 per year or $12.99 per month, up from $99.99 per year or $9.99 per month.
- What we expect from the Apple AirTag 2For months, rumors have swirled around about what we can expect with the Apple AirTag 2, though the company hasn't confirmed any of them.
- Improved security and anti-stalking features: Because of its discreet appearance and precise location tracking, the AirTag was initially misused for stalking people.
- Apple made changes to prevent this, including adding constant notifications for both Apple and Android users when an AirTag was found moving with them.
- Apple Vision Pro integrations: Apple is rumored to have big plans for the AirTag 2 beyond tracking frequently lost items.
- New design: AirTag users have long wished for an improved AirTag design that doesn't require an extra accessory to attach the tracker to frequently lost items.
- goc/Getty ImagesAmidst equal parts elation and controversy over what its performance means for AI, Chinese startup DeepSeek continues to raise security concerns.
- On Thursday, Unit 42, a cybersecurity research team at Palo Alto Networks, published results on three jailbreaking methods it employed against several distilled versions of DeepSeek's V3 and R1 models.
- Also: Public DeepSeek AI database exposes API keys and other user data"Our research findings show that these jailbreak methods can elicit explicit guidance for malicious activities," the report states.
- Also: OpenAI launches new o3-mini model - here's how free ChatGPT users can try itOn Friday, Cisco also released a jailbreaking report for DeepSeek R1.
- That said, researchers have frequently been able to jailbreak popular US-created models from more established AI giants, including ChatGPT.
.gif)
- An in-depth analysis chronicling more than 300 school cyberattacks over the past five years reveals the degree to which school leaders in virtually every state repeatedly provide false assurances to students, parents, and staff about the security of their sensitive information.
- At the same time, consultants and lawyers steer “privileged investigations” that keep key details hidden from the public.
- That’s because the first people alerted following a school cyberattack are generally not the public nor the police.
- It also includes an analysis of millions of stolen school district records uploaded to cybergangs’ leak sites.
- Some of students’ most sensitive information lives indefinitely on the dark web, a hidden part of the internet that’s often used for anonymous communication and illicit activities.
- China-linked groups used Gemini for tactical research into technical concepts like data exfiltration and privilege escalation.
- This is not the first time foreign hacking groups have been found using chatbots.
- Last year, OpenAI disclosed that five such groups had used ChatGPT in similar ways.
- WhatsApp did not reveal where the victims were located, including whether any were in the United States.
- The attack appears to have used a “zero-click” exploit, meaning victims were infected without needing to open a malicious link or attachment.
- In response, OpenAI and other generative AI developers have refined their system defenses to make it more difficult to carry out these attacks.
- Today, security researchers from Cisco and the University of Pennsylvania are publishing findings showing that, when tested with 50 malicious prompts designed to elicit toxic content, DeepSeek’s model did not detect or block a single one.
- These attacks involve an AI system taking in data from an outside source—perhaps hidden instructions of a website the LLM summarizes—and taking actions based on the information.
- Tech companies don’t want people creating guides to making explosives or using their AI to create reams of disinformation, for example.
- However, as AI companies have put in place more robust protections, some jailbreaks have become more sophisticated, often being generated using AI or using special and obfuscated characters.
- DeepSeek is a relatively new company and has been virtually unreachable to press and other organizations this week.
- In turn, the company did not immediately respond to WIRED’s request for comment about the exposure.
- It is unclear whether any malicious actors or authorized parties accessed or downloaded any of the data.
- But the Wiz researchers note that the DeepSeek database they found was visible almost immediately with minimal scanning or probing.
- The prompts the researchers saw were all in Chinese, but they note that it is possible the database also contained prompts in other languages.
- It also offers a unique look inside federal law enforcement’s investigation into an insidious accelerationist propaganda network that mixes neo-Nazi ideology with nihilist, Columbine-style violence to inspire mass casualty events in the United States and beyond.
- Russell allegedly hatched the plot to black out Baltimore while, according to prosecutors, participating in a noxious, prolific propaganda network hellbent on fomenting violence and chaos.
- Terrorgram is currently designated a “tier one” extremism threat by the US Department of Justice.
- To date, Terrorgram has released four publications—a blend of ideological motivation, mass-murder worship, neofascist indoctrination, and how-to manuals for chemical weapons attacks, infrastructure sabotage, and ethnic cleansing.
- There are currently more than a dozen separate federal prosecutions around the United States that involve people alleged to be core Terrorgram Collective members or individuals allegedly inspired toward violent attacks on infrastructure or civilians.
- Dynatrace announced the expansion of its security portfolio with a new Cloud Security Posture Management (CSPM) solution.
- Dynatrace CSPM extends its existing Kubernetes Security Posture Management (KSPM) solution and enables organizations to manage their entire cloud security posture through a single, unified platform.
- Customers are using the Dynatrace Application Security and Threat Observability solutions today to assess and prevent exposures, detect threats, and investigate security incidents through comprehensive analytics across observability and security data.
- This enables organizations to automate remediations to move from reactive to proactive security management and automated risk analysis.
- Philip Bues, Senior Research Manager, Cloud Security at IDC said: “Cloud security teams get thousands of alerts every day.
- Veriti launched Veriti Cloud, an expansion of its Exposure Assessment and Remediation platform that brings proactive cloud native remediation to the forefront.
- With Veriti Cloud, organizations gain advanced capabilities to automate remediation across both on-premises and cloud environments, hardening their security posture while ensuring operational continuity.
- Veriti has long provided automated remediation for cloud environments, but the introduction of Veriti Cloud takes this to the next level with proactive enforcement, seamless cross-platform integrations, and the ability to identify and neutralize threats at scale, natively.
- “With Veriti Cloud, we’re extending these capabilities to deliver proactive, cloud native remediation that aligns with the demands of modern, hybrid environments.
- Veriti Cloud brings a new level of intelligence and automation to cloud security operations.
- Atrinet launched Atrinet URL Scanner, a solution designed to combat real-time SMS fraud.
- Atrinet’s URL Scanner leveraging Google Web Risk, aims at solving this security issue, by offering:Extensive cverage: Atrinet leverages the Web Risk technology and own detection pipelines to detect potentially harmful links.
- Why communication service providers must act nowSMS fraud erodes customer trust and drives users to Over-The-Top (OTT) messaging platforms, threatening Communication Service Providers’ revenues.
- Atrinet’s URL Scanner gives Communication Service Providers a powerful edge to:Protect subscribers and revenue: Block phishing links before they reach users.
- “With Atrinet’s URL Scanner, CSPs can protect their subscribers and enterprise clients from sophisticated attacks, enhance their brand reputation, and maintain a competitive edge in an increasingly challenging market.”
- OpenNHP is the open-source implementation of NHP (Network-resource Hiding Protocol), a cryptography-based zero trust protocol for safeguarding servers and data.
- A statistical report shows that more than 100B is spent annually for vulnerability mitigation in the US.
- By hiding the applications with OpenNHP, the mitigation only costs a few dollars and minutes to deploy,” the OpenNHP Team told Help Net Security.
- OpenNHP supports multiple deployment models:Client-to-Gateway: Secures access to multiple servers behind a gateway.
- Secures access to multiple servers behind a gateway.
- In this Help Net Security video, Ivan Novikov, CEO of Wallarm, discusses the 2025 API ThreatStats Report, highlighting how APIs have become the primary attack surface over the past year, mainly driven by the rise of AI-related risks.
- 99% were linked to APIs, with vulnerabilities including injection flaws, misconfigurations, and emerging memory corruption issues caused by AI’s reliance on high-performance binary APIs.
- In response to the rise in AI adoption and associated exploits, Wallarm introduced a new ThreatStats Top 10 category: Memory Corruption and Overflow.
- This category highlights vulnerabilities from improper memory handling and access, leading to security breaches such as unauthorized data exposure, system crashes, and arbitrary code execution.
- An analysis of AI workloads interacting with hardware revealed that APIs are increasingly susceptible to issues like buffer overflows and integer overflows, reinforcing the need for enhanced security measures.
- International Civil Aviation Organization (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety SpecialistsPierluigi Paganini February 05, 2025 February 05, 2025The International Civil Aviation Organization (ICAO) is investigating a data breach affecting system and employee security.
- Shortly after the ICAO incident, Resecurity identified threat actors targeting the ACAO (Arab Civil Aviation Organization).
- Considering the tight timing of the recently disclosed ICAO incident, such a trend of targeting (international aviation organizations) is concerning.
- The correlation with the newly disclosed malicious cyber activity targeting aviation safety experts at the beginning of Q1 2025 creates a precedent.
- Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, International Civil Aviation Organization (ICAO))
- Online food ordering and delivery platform GrubHub discloses a data breachPierluigi Paganini February 05, 2025 February 05, 2025Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers and customers.
- This week the online food ordering and delivery firm GrubHub disclosed a data breach that exposed customer and driver information.
- The food ordering and delivery firm confirmed that attackers did not access any passwords associated with Grubhub Marketplace accounts, however, they recommend customers to use unique passwords to minimize risk.
- The data breach did not expose passwords, merchant logins, full card numbers, bank details, or Social Security numbers.
- Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, data breach)
- Netgear urges users to upgrade two flaws impacting WiFi router modelsPierluigi Paganini February 04, 2025 February 04, 2025Netgear disclosed two critical flaws impacting multiple WiFi router models and urges customers to address them.
- Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117, impacting multiple WiFi router models and urged customers to install the latest firmware.
- The authentication bypass security vulnerability PSV-2021-0117 impacts the following product models:WAX206, the issue was fixed in firmware version 1.0.5.3WAX220, the issue was fixed in firmware version 1.0.3.5WAX214v2, the issue was fixed in firmware version 1.0.2.5Download the latest firmware for your NETGEAR product from the official website:Visit NETGEAR Support .
- If you do not see a drop-down menu, make sure that you entered your model number correctly, or select a product category to browse for your product model.
- If you do not see a drop-down menu, make sure that you entered your model number correctly, or select a product category to browse for your product model.
- AMD fixed a flaw that allowed to load malicious microcodePierluigi Paganini February 04, 2025 February 04, 2025AMD released security patches to fix a flaw that could bypass SEV protection, letting attackers load malicious microcode.
- An attacker could trigger the flaw to load a malicious CPU microcode under specific conditions.
- “Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.” reads the advisory published by the chipmaker.
- This vulnerability allows an adversary with local administrator privileges (ring 0 from outside a VM) to load malicious microcode patches.
- We have demonstrated the ability to craft arbitrary malicious microcode patches on Zen 1 through Zen 4 CPUs.
- Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websitesPierluigi Paganini February 04, 2025 February 04, 2025Coyote Banking Trojan targets Brazilian users, stealing data from over 70 financial applications and websites.
- FortiGuard Labs researchers detected a campaign using LNK files executing PowerShell commands to deploy the Coyote Banking Trojan.
- Threat actors target Brazilian users by stealing financial data, the malware can harvest sensitive information from over 70 financial applications and numerous websites.
- The Coyote Banking Trojan supports multiple malicious functions, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials.
- The Coyote Banking Trojan monitors active windows and contacts its C2 servers when a target site is accessed.