Image: Shutterstock

OpenAI CEO Altman 'Blackmails' EU Over AI Regulation

Akshaya Asokan • May 26, 2023

ChatGPT will continue to operate inside the European Union despite warnings from OpenAI CEO Sam Altman that he's prepared to pull out from the bloc if he doesn't like regulations being prepared in Brussels. European lawmakers earlier this month proposed new obligations for AI models such as GPT.

►

Cyberwarfare / Nation-State Attacks

North Korea's BlueNoroff Group Targets macOS Systems

Latest

Cybercrime

Latitude Financial Attack Costs Company Up to AU$105 Million

Mihir Bagwe • May 26, 2023

Australian consumer lender Latitude Financial Services anticipates its spring cybersecurity incident will cost it up to AU$105 million, which includes a five-week period during which debt collection systems were severely affected by the attack.

Managed Detection & Response (MDR)

Expel, CrowdStrike, Red Canary Dominate MDR Forrester Wave

Michael Novinson • May 26, 2023

Expel, CrowdStrike and Red Canary held steady atop Forrester's MDR rankings, while Secureworks and Binary Defense tumbled from the leaders category. Providers have turned their attention from maximizing their efficacy at detecting ransomware to finding faster and better ways to respond to attacks.

Cyberwarfare / Nation-State Attacks

Pegasus Spyware Spotted in Nagorno-Karabakh War

Jayant Chakravarti • May 26, 2023

Digital rights organizations detected Pegasus spyware on the devices of members of Armenian civil society during the outbreak of armed conflict over a disputed region in the South Caucasus region. Access Now called the infections the first known instance of Pegasus spyware use during war.

Fraud Management & Cybercrime

Capita Hack Fallout: Regulator Sees Breach Reports Surge

Mathew J. Schwartz • May 26, 2023

Britain's privacy watchdog has seen a surge in data breach reports from outsourcing giant Capita's customers tied to two incidents: a March hack attack by a ransomware group against Capita and one of the company's Amazon Web Service buckets being left unsecured for six years.

Cyberwarfare / Nation-State Attacks

Iranian Hackers Deploy New Ransomware Against Israeli Firms

Anviksha More • May 25, 2023

Security researchers discovered an Iran-linked APT group carrying out a new chain of ransomware attacks against Israeli organizations. Check Point said attackers surprisingly carried out most of the activity manually over RDP but warned they are growing better at coding malware and using tools.

Cyberwarfare / Nation-State Attacks

German Prosecutors Indict FinFisher Spyware Executives

Akshaya Asokan • May 25, 2023

German prosecutors on Monday indicted four executives of insolvent commercial spyware firm FinFisher for illegally exporting their hacking tool to Turkey. The indictment comes as a European Parliament committee concluded an investigation of bloc members' use of commercial spyware.

API Security

OAuth Flaw Exposed Social Media Logins to Account Takeover

Prajeet Nair • May 25, 2023

A new OAuth-related vulnerability in an open-source application development framework could expose Facebook, Google, Apple and Twitter users to account takeover, personal data leakage, identity theft, financial fraud and unauthorized actions on other online platforms, security researchers said.

Fraud Management & Cybercrime

Breach Roundup: Barracuda ESG Appliance Users Face Hacking

Mihir Bagwe • May 25, 2023

In the days between May 19 and May 25, the spotlight was on flaws in Barracuda Networks Email Security Gateway appliances, another GoAnywhere data breach that affected Franklin Templeton Canada and an American teenager out on bail and facing federal charges for hacking DraftKings accounts.

DDoS Protection

Mass Exploitation of Zyxel Network Appliances Underway

Mathew J. Schwartz • May 25, 2023

Versions of the Mirai botnet are targeting a vulnerability present in numerous Zyxel network devices. Zyxel patched the vulnerability in April but it's not clear how many users have applied the fix. Security experts warn the flaw appears to be exploited at a massive scale.

Cyberwarfare / Nation-State Attacks

North Korean APT Group Kimsuky Shifting Attack Tactics

Prajeet Nair • May 24, 2023

North Korean hackers are using custom-built malware for information exfiltration campaigns against human rights organizations. The variation of the RandomQuery malware used in this campaign has the "single objective of file enumeration and information exfiltration," says SentinelOne.

Cybersecurity Spending

Why Cyber Seed Funding Has Blossomed in the Economic Drought

Michael Novinson • May 24, 2023

Seed funding for Israeli cybersecurity startups has blossomed despite the economic downturn, and both deal volume and size have strengthened in 2022 as compared to 2021. The indefinite closing of the initial public offering market in spring 2022 caused late-stage investment to fall off a cliff.

Cyberwarfare / Nation-State Attacks

GoldenJackal APT Targeting South Asian Government Agencies

Jayant Chakravarti • May 24, 2023

A suspected cyberespionage group that has been active since 2020 has targeted government and diplomatic entities in the Middle East and South Asia using a malware tool set capable of controlling victims' machines and exfiltrating system data and credentials.