DarkReading.com

"Dangerous AI workaround:  'Skeleton Key' unlocks malicious content."

Views expressed in this cybersecurity, cyber crime summary are those of the reporters and correspondents.  Accessed on 27 June 2024, 1443 UTC.

Content and source:  darkreading.com.

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

 

Dark Reading

152K followers43 articles per week#security#tech

22

MOST POPULAR

Dangerous AI Workaround: 'Skeleton Key' Unlocks Malicious Content

Microsoft warns of AI jailbreak

•

by Tara Seals, Managing Editor, News, Dark Reading / 17h

Microsoft, OpenAI, Google, Meta genAI models could be convinced to ditch their guardrails, opening the door to chatbots giving unfettered answers on building bombs, creating malware, and much more.

Apple AirPods Bug Allows Eavesdropping

CVE-2024-27867

•

by Dark Reading Staff / 17h

The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro.

Achieve Next-Level Security Awareness by Creating Secure Social Norms

by Sriram Dandapani / 42min

By committing to build secure habits at work and in our personal lives, and to helping others do the same, our personal information will be much better protected.

YESTERDAY

Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organizations Report Cyber Breaches and Incidents

16h

[no content]

CISOs Growing More Comfortable With Risk, But Better C-Suite Alignment Needed

CISOs comfortable with risk

•

16h

[no content]

Akamai Completes Acquisition of API Security Company Noname

16h

[no content]

Polyfill.io Supply Chain Attack Smacks Down 100K+ Websites

IoC > 2 domains

•

by Elizabeth Montalbano, Contributing Writer / 19h

•

Polyfill.io supply chain attack impacts 100K+

The site is supplying malicious code that delivers dynamically generated payloads and can lead to other attacks, after a Chinese organization bought it earlier this year.

Neiman Marcus Customers Impacted by Snowflake Data Breach

Neiman Marcus data breach disclosed

•

by Nathan Eddy, Contributing Writer / 21h

The high-end retailer is the latest company to confirm it was affected by the wide-ranging Snowflake data breach, which impacted more than 165 organizations.

Diverse Cybersecurity Workforce Act Offers More Than Diversity Benefits

by Lynn Dohm / 1d

Our adversaries certainly have diversity — so cybersecurity teams need it, too.

'Snowblind' Tampering Technique May Drive Android Users Adrift

by Nate Nelson, Contributing Writer / 1d

As cybersecurity's cat-and-mouse game starts to look more like Tom and Jerry, attackers develop a method for undermining Android app security with no obvious fix.

'ChamelGang' APT Disguises Espionage Activities With Ransomware

5 TTPs

•

1d

•

Chinese ChamelGang deploys ransomware espionage

The China-nexus cyber-threat actor has been operating since at least 2019 and has notched victims in multiple countries.

JUN 25, 2024

Fresh MOVEit Bug Under Attack Mere Hours After Disclosure

CVE-2024-5805 & 1 other

•

by Tara Seals, Managing Editor, News, Dark Reading / 1d

The high-severity CVE-2024-5806 allows cyberattackers to authenticate to the file-transfer platform as any valid user, with accompanying privileges.

Indonesia Refuses to Pay $8M Ransom After Cyberattack

Indonesia refuses $8 million ransom

•

by Dark Reading Staff / 1d

More than 200 regional and national government agencies have been impacted by the ransomware attack, and few of them are once again operational.

Threat Actor May Have Accessed Sensitive Info on CISA Chemical App

6 TTPs

•

by Jai Vijayan, Contributing Writer / 1d

•

CISA warns of CSAT breach

An unknown adversary compromised a CISA app containing the data via a vulnerability in the Ivanti Connect Secure appliance this January.

WordPress Supply Chain Attack Spreads Across Multiple Plug-ins

IoC > 1 IP

•

by Elizabeth Montalbano, Contributing Writer / 1d

•

6 TTPs

•

Supply-chain attack on WordPress plugins affects

Injected malicious JavaScript code gives attackers administrator rights on websites, and fills sites with SEO spam.

Key Takeaways From the British Library Cyberattack

by Steve Durbin / 2d

Knowledge institutions with legacy infrastructure, limited resources, and digitized intellectual property must protect themselves from sophisticated and destructive cyberattacks.

'P2PInfect' Worm Grows Teeth With Miner, Ransomware & Rootkit

6 TTPs

•

by Nate Nelson, Contributing Writer / 2d

For a while, the botnet spread but did essentially nothing. All the malicious payloads came well after.