Tag: computer

6 ways hackers hide their tracks

Aug 7, 2025 10:11 AM

Tags: access, ai, antivirus, api, attack, backdoor, breach, captcha, ceo, computer, control, credentials, crypto, cybersecurity, data, data-breach, defense, detection, email, endpoint, exploit, github, hacker, injection, intelligence, jobs, law, linux, LLM, login, malicious, malware, monitoring, network, open-source, openai, phishing, programming, RedTeam, resilience, reverse-engineering, risk, rust, service, social-engineering, software, supply-chain, threat, tool, virus, windows

Backdoors in legitimate software libraries: In April 2024, it was revealed that the XZ Utils library had been covertly backdoored as part of years-long supply-chain compromise effort. The widely used data compression library that ships as a part of major Linux distributions had malicious code inserted into it by a trusted maintainer.Over the last decade,…
Windows tips for reducing the ransomware threat

Aug 7, 2025 10:11 AM

Tags: access, attack, authentication, backup, breach, cloud, computer, control, credentials, government, identity, infrastructure, login, mfa, microsoft, monitoring, network, ntlm, passkey, privacy, ransomware, risk, service, threat, windows

Susan Bradley / CSOIdeally you should have no such protocols observed.
Project Red Hook: Chinese Gift Card Fraud at Scale

Aug 7, 2025 5:11 AM

Tags: apple, breach, cctv, china, computer, country, crime, data, finance, fraud, group, office, organized, phone, scam, software, theft, unauthorized

Project Red Hook is a Homeland Security Investigations operation examining how Chinese Organized Crime is committing wholesale Gift Card Fraud by using Chinese illegal immigrants to steal gift cards, reveal their PIN, reseal the cards, and return them to store racks. When the card is later purchased and activated, operators are standing by to quickly…
The age of infostealers is here. Is your financial service secure?

Aug 5, 2025 2:28 PM

Tags: access, ai, antivirus, authentication, awareness, breach, business, computer, credentials, cybersecurity, data, defense, detection, edr, endpoint, finance, Hardware, identity, intelligence, least-privilege, malware, mfa, monitoring, network, password, risk, service, siem, threat, tool, unauthorized, vulnerability

What financial institutions must do now: The stealthy nature of infostealers means traditional security measures are often inadequate. These programs are designed to operate in silence, avoiding detection by not disrupting performance. As a result, cybersecurity in the estate management space must evolve, not reactively, but proactively.First, organizations must implement robust endpoint detection and response…
CNCERT Accuses U.S. Intelligence of Cyberattacks on Chinese Military-Industrial Targets

Aug 4, 2025 10:28 PM

Tags: breach, china, computer, cyber, cyberattack, defense, intelligence, military, network, threat

China’s National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT) has publicly accused U.S. intelligence agencies of orchestrating sophisticated cyberattacks against key military-industrial entities, building on the 2022 NSA breach at Northwestern Polytechnical University. The revelations detail two emblematic incidents that underscore the persistent targeting of China’s defense sector through advanced persistent threats (APTs). The…
SentinelLabs uncovers China’s hidden cyber-espionage arsenal

Aug 1, 2025 6:28 AM

Tags: apple, awareness, china, computer, control, cyber, defense, espionage, google, government, group, hacker, hacking, infrastructure, intelligence, military, network, router, software, technology, threat, tool, training

CSOonline that the most important pieces of new information gleaned from the findings are that “China’s contracting ecosystem forces many companies and individuals to collaborate on intrusions. This means many China-based Advanced Persistent Threats (APTs) may actually contain many different companies with many different clients.”The nation’s diverse private sector offensive ecosystem, he said, “supports a…
Lenovo IdeaCentre and Yoga BIOS Flaws Allow Attackers to Run Arbitrary Code

Jul 31, 2025 3:28 PM

Tags: advisory, computer, cyber, firmware, flaw, vulnerability

Security researchers have discovered critical BIOS vulnerabilities affecting Lenovo’s IdeaCentre and Yoga All-in-One desktop computers that could allow privileged attackers to execute arbitrary code and potentially compromise system security at the firmware level. Critical Security Flaws Discovered in Popular Desktop Models The vulnerabilities, disclosed through Lenovo Security Advisory LEN-201013 and Insyde Security Advisory INSYDE-SA-2025007, affect…
How AI red teams find hidden flaws before attackers do

Jul 29, 2025 9:28 AM

Tags: access, ai, api, attack, authentication, ceo, computer, control, cyber, data, data-breach, exploit, flaw, guide, hacker, identity, infrastructure, injection, LLM, malicious, microsoft, psychology, RedTeam, risk, service, skills, social-engineering, sql, technology, threat, tool, training, vulnerability

A red teaming sequence in action Connor Tumbleson, director of engineering at Sourcetoad, breaks down a common AI pen testing workflow: Prompt extraction: Use known tricks to reveal hidden prompts or system instructions. “That’s going to give you details to go further.”Endpoint targeting: Bypass frontend logic and directly access the model’s backend interface. “We’re hitting…
Flaw in Gemini CLI AI coding assistant allowed stealthy code execution

Jul 28, 2025 10:27 PM

Tags: ai, computer, data, flaw, google, malicious, vulnerability

A vulnerability in Google’s Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers’ computers using allowlisted programs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/flaw-in-gemini-cli-ai-coding-assistant-allowed-stealthy-code-execution/
Malware Campaign Uses YouTube and Discord to Harvest Credentials from Computers

Jul 25, 2025 11:27 AM

Tags: computer, credentials, cyber, malware, social-engineering, tactics, threat

The Acronis Threat Research Unit (TRU) has uncovered a sophisticated malware campaign deploying infostealers like Leet Stealer, its modified variant RMC Stealer, and Sniffer Stealer, leveraging social engineering tactics centered on gaming hype. These threats masquerade as indie game installers, such as Baruda Quest, Warstorm Fire, and Dire Talon, promoted via fraudulent websites and fake…
Hackers Inject Destructive Commands into Amazon’s AI Coding Agent

Jul 25, 2025 8:27 AM

Tags: ai, attack, breach, computer, cyber, data-breach, hacker, infrastructure, intelligence, malicious, threat, tool, vulnerability

A significant security breach has exposed critical vulnerabilities in Amazon’s artificial intelligence infrastructure, with hackers successfully injecting malicious computer-wiping commands into the tech giant’s popular AI coding assistant. The incident represents a concerning escalation in cyber threats targeting AI-powered development tools and highlights the growing sophistication of attacks against machine learning systems. Security Breach Details…
Verfassungsbeschwerde gegen Palantir-Einsatz in Bayern eingelegt

Jul 24, 2025 5:05 AM

Tags: computer, software

Die Gesellschaft für Freiheitsrechte (GFF) hat am 23. Juli 2025 mit Unterstützung vom Chaos Computer Club (CCC) Verfassungsbeschwerde gegen den Palantir-Einsatz in Bayern eingelegt. Worum geht es? Palantir Technologies Inc. ist ein US-amerikanischer Anbieter von Software und Dienstleistungen, der auf … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/24/verfassungsbeschwerde-gegen-palantir-einsatz-in-bayern-eingelegt/
UK government to ban public bodies from paying ransoms to hackers

Jul 22, 2025 11:42 AM

Tags: attack, computer, cyber, cybercrime, government, hacker, healthcare, international, office, ransom, ransomware, russia

Measure intended to send message to international cybercriminals ‘that the UK is united in fight against ransomware’The UK government is planning to ban public bodies from paying ransoms to computer hackers, and private companies will be required to inform authorities if they plan to cave into cash demands.The stance, announced on Tuesday by the Home…
Demo-Plattform eines US-Computer-Herstellers gehackt

Jul 22, 2025 8:40 AM

Tags: breach, computer, extortion, group, leak

Dell confirms breach of test lab platform by World Leaks extortion group First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dell-confirms-breach-of-test-lab-platform-by-world-leaks-extortion-group/
Jonathan Zanger Named CTO at Check Point to Boost AI Cybersecurity

Jul 22, 2025 12:40 AM

Tags: ai, computer, cybersecurity, software, technology

Check Point Software has appointed Jonathan Zanger as its new Chief Technology Officer, tasking the former Trigo executive with driving the company’s global cybersecurity and AI strategy. Zanger brings over 15 years of experience building and scaling AI-powered cybersecurity platforms. At Trigo, he served as CTO, leading the development of advanced AI and computer vision…
US signals intention to rethink job H-1B lottery

Jul 21, 2025 2:41 PM

Tags: computer, group, jobs

Foreign worker program represents betrayal of US computer science students, advocacy group argues First seen on theregister.com Jump to article: www.theregister.com/2025/07/20/h_1b_job_lottery/
Klöckner warnt vor Cyberangriffen auf Bundestag

Jul 21, 2025 11:40 AM

Tags: access, computer, cyberattack, governance, government, hacker, mail, resilience, risk, verfassungsschutz

Parlamentspräsidentin Julia Klöckner will den Bundestag besser vor Hackerangriffen schützen.Der Deutsche Bundestag muss sich nach Einschätzung seiner Präsidentin Julia Klöckner stärker gegen Cyberattacken aus anderen Staaten schützen. “Wir verzeichnen leider zahlreiche Hackerangriffe. Der Bundestag ist ein begehrtes Ziel”, sagte die CDU-Politikerin der Deutschen Presse-Agentur in Berlin. “Wir werden unsere Abwehrfähigkeit zum Schutz vor Cyberangriffen weiter…
Novel malware from Russia’s APT28 prompts LLMs to create malicious Windows commands

Jul 19, 2025 12:40 AM

Tags: ai, api, attack, computer, control, cyber, cyberattack, cybercrime, data, detection, dos, exploit, government, group, hacking, infrastructure, intelligence, LLM, malicious, malware, military, network, phishing, programming, russia, service, tool, ukraine, vulnerability, windows

.pif (MS-DOS executable) extension, though variants with .exe and .py extensions have also been observed.CERT-UA attributes these attacks to a group it tracks as UAC-0001, but which is better known in the security community as APT28. Western intelligence agencies have officially associated this group with Unit 26165, or the 85th Main Special Service Center (GTsSS)…
CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign

Jul 18, 2025 3:40 PM

Tags: computer, LLM, malware, phishing, ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that’s designed to deliver a malware codenamed LAMEHUG.”An obvious feature of LAMEHUG is the use of LLM (large language model), used to generate commands based on their textual representation (description),” CERT-UA said in a Thursday advisory.The activity has been attributed…
Hackers Exploit ClickFix Tactics to Spread NetSupport RAT, Latrodectus, and Lumma Stealer

Jul 18, 2025 12:42 PM

Tags: computer, cyber, exploit, hacker, malicious, malware, rat, social-engineering, tactics

Attackers are increasingly leveraging the ClickFix social engineering technique to distribute potent malware families, including NetSupport RAT, Latrodectus, and Lumma Stealer. This method, which emerged prominently in recent months, tricks users into executing malicious commands under the guise of resolving common computer issues like performance glitches or verification prompts. By hijacking the clipboard through JavaScript…
Quantum code breaking? You’d get further with an 8-bit computer, an abacus, and a dog

Jul 17, 2025 1:40 PM

Tags: computer

Computer scientist Peter Gutmann tells The Reg why it’s ‘bollocks’ First seen on theregister.com Jump to article: www.theregister.com/2025/07/17/quantum_cryptanalysis_criticism/
Windows Secure Boot Certificate Expired in June, Microsoft Issues Warning

Jul 16, 2025 2:40 PM

Tags: business, computer, cyber, microsoft, windows

Microsoft has issued an urgent warning to Windows users about an impending security certificate expiration that could significantly impact device functionality. The tech giant announced that Secure Boot certificates used by most Windows devices are scheduled to expire starting in June 2026, potentially affecting the ability of personal and business computers to boot securely if…
Former U.S. Army Member Pleads Guilty in Telecom Hacking Case

Jul 16, 2025 9:40 AM

Tags: breach, computer, cyber, cybercrime, data, extortion, hacking, military, network, ransom, service, theft

A 21-year-old former U.S. Army soldier has pleaded guilty to participating in a sophisticated cybercrime operation that targeted telecommunications companies through hacking, data theft, and extortion schemes. Cameron John Wagenius, who was stationed in Texas during his military service, admitted to conspiring with others to breach protected computer networks and demand ransom payments from victim…
Drive-by-Angriffe: IAM gegen willkürliche, opportunistische Cyberbedrohungen

Jul 16, 2025 6:40 AM

Tags: computer, cyberattack, hacker, iam

Im klassischen Techno-Thriller WarGames aus dem Jahr 1983 programmiert ein junger Hacker seinen Computer so, dass dieser jede Telefonnummer der Reihe nach anwählt auf der Suche nach einem Modem, das antwortet. Aktuelle Angreifer tun im Wesentlichen nichts anderes. Nur benutzen sie dazu keine Telefonleitungen mehr, sondern fangen mit der IP-Adresse 0.0.0.0 an und arbeiten… First…
UKtech50 2025: The most influential people in UK technology

Jul 15, 2025 10:40 PM

Tags: computer, technology

Computer Weekly has announced the 15th annual UKtech50 our definitive list of the movers and shakers in the UK tech sector First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366627653/UKtech50-2025-The-most-influential-people-in-UK-technology
Russian Basketball Star Daniil Kasatkin Arrested in Ransomware Probe

Jul 15, 2025 12:40 AM

Tags: computer, ransomware, russia

Daniil Kasatkin, a Russian pro basketball player, faces US ransomware charges after his Paris arrest. His lawyer claims he’s “useless with computers,” raising questions about his alleged negotiator role in cybercrime. First seen on hackread.com Jump to article: hackread.com/russian-basketball-daniil-kasatkin-arrest-ransomware/
8 tough trade-offs every CISO must navigate

Jul 14, 2025 11:40 AM

Tags: access, ai, attack, business, ciso, cloud, compliance, computer, cyber, cybersecurity, ddos, defense, detection, framework, group, healthcare, incident response, jobs, malicious, mfa, regulation, resilience, risk, service, technology, threat, tool, vulnerability

2. Weighing security investments when the budget forces choices: Closely related to the trade-off around risk is what CISOs must navigate when it comes to security investments.”For most CISOs, when they have to make tough choices, 99% of the time it’s due to budget constraints that force them to weight risks versus rewards,” says John…
ClickFix: The Emerging Technique Threat Actors Use to Dominate Targeted Organizations

Jul 12, 2025 5:40 PM

Tags: computer, cyber, malicious, malware, social-engineering, threat

Threat actors have increasingly adopted ClickFix, a sophisticated social engineering technique that deceives users into executing malicious commands under the guise of resolving common computer issues like performance lags or pop-up errors. This method, often delivered via compromised websites, malvertising, YouTube tutorials, or fake tech support forums, relies on clipboard hijacking also known as pastejacking…
French cops cuff Russian pro basketball player on ransomware charges

Jul 11, 2025 8:40 AM

Tags: computer, ransomware, russia

‘He’s useless with computers and can’t even install an application’ says lawyer First seen on theregister.com Jump to article: www.theregister.com/2025/07/11/french_ransomware_arrest/
Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods

Jul 10, 2025 3:40 PM

Tags: attack, computer, crime, cyber, offense

The U.K. National Crime Agency (NCA) on Thursday announced that four people have been arrested in connection with cyber attacks targeting major retailers Marks & Spencer, Co-op, and Harrods.The arrested individuals include two men aged 19, a third aged 17, and a 20-year-old woman. They were apprehended in the West Midlands and London on suspicion…