Generative AI models in the style of ChatGPT are being sold that promise to help create malware, write phishing emails, set up attack sites, scan for vulnerabilities, and more. The latest DarkBART and DarkBERT projects have been trained on dark web sites.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
DeFi projects continue to be a popular target of attack for advanced hackers, as a number of finance pools associated with Curve were hit on July 31 for a total loss of about $61 million. The attack appears to have been the result of a vulnerability found in certain versions of the Vyper programming language.
Leading U.S. healthcare provider shut down central hospital systems after experiencing a cyber attack, disrupting primary care services across several U.S. states. Healthcare facilities were forced to halt operations, reschedule appointments, and divert ambulances.
Anonymous officials from the Biden administration have told the New York Times that Chinese malware has been planted in the networks that control the critical infrastructure of military bases. The "ticking time bomb" could potentially cripple military systems in the event of a conflict between the two countries.
Info stealers are increasingly finding their way into corporate environments, possibly as a result of increased blurring of personal and work devices. Report finds that some 400,000 employee logins are available for sale on dark web sites and illicit Telegram channels.
During a M&A process, the scope of the organization’s attack surface is stretched to new limits. Every company, from Fortune 500s to smaller enterprises, has digital baggage that can dramatically increase potential security risks, from multiple generations of technologies, various IT stacks, and new and unknown risks in their environments.
On-chain investigator links North Korean hackers to the Alphopo crypto theft and discovers an additional $37 million, raising the amount stolen to $60 million.
A dozen Norwegian government ministries suffered a cyber attack exploiting a zero-day vulnerability in Ivanti Endpoint Manager Mobile (EPMM), the Norwegian National Security Authority (NSM) has disclosed.
The damage tally from the massive MOVEit data breach continues to go up, as a US government contractor is reporting that 8 to 11 million records of health data have been exposed.
WhatsApp accounts could be deactivated simply by sending a request from any email address, so long as the attacker knew the associated phone number. Going forward, the account deactivation process now involves a follow-up message that requests verification of ownership of the associated phone number.










