"DeepSeek jailbreak reveals its entire system prompt."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 01 February 2025, 1505 UTC.

Content and Source:  Email subscription via https://feedly.com

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Dark Reading

163K followers35 articles per week#security#tech

41

Most popular

DeepSeek Jailbreak Reveals Its Entire System Prompt

DeepSeek AI guardrails ineffective

•

by Nate Nelson, Contributing Writer / 16h

Now we know exactly how DeepSeek was designed to work, and we may even have a clue toward its highly publicized scandal with OpenAI.

DoJ Shutters Cybercrime Forums Behind Attacks on 17M Americans

DOJ seizes forums impacting 17M

•

by Tara Seals, Managing Editor, News, Dark Reading / 17h

The "Cracked" and "Nulled" Dark Web sites are now offline, along with the Pakistani "Saim Raza" network of underground forums (aka HeartSender).

Researchers Uncover Lazarus Group Admin Layer for C2 Servers

7 TTPs

•

24by Jai Vijayan, Contributing Writer / 2d

•

Lazarus Group targets global developers

The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command-and-control servers from Pyongyang.

Yesterday

Community Health Center Data Breach Affects 1M Patients

2 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 17h

•

Data breach affects 1 million patients

The CHC remains operational, but a host of personal data is now in the hands of a "skilled cybercriminal," it said.

State Data Privacy Regulators Are Coming. What Story Will You Tell Them?

by Becky Bracken, Senior Editor, Dark Reading / 19h

Regulators are ready to enforce new state data privacy laws. Here's how experts say organizations can stay compliant and avoid penalties.

Tenable to Acquire Vulcan Cyber to Boost Exposure Management Focus

Tenable acquires Vulcan Cyber for $180M

•

by Jeffrey Schwartz / 19h

The deal, expected to close this quarter, will give Tenable One Exposure Management much-needed integration with over 100 third-party security tools and platforms.

Code-Scanning Tool's License at Heart of Security Breakup

Opengrep launched as Semgrep alternative

•

by Robert Lemos, Contributing Writer / 20h

Nine application security toolmakers band together to fork the popular Semgrep code-scanning project, touching off a controversy over access to features and fairness.

Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?

23h

The Cyber Trust Mark has the potential to change how we define and measure security at the endpoint level. But potential isn't enough.

Jan 30, 2025

Healthcare Sector Charts 2 More Ransomware Attacks

2 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 1d

•

Ransomware groups target healthcare sector

No ransomware groups have yet to claim responsibility for either attack, and both institutions have yet to reveal what may have been stolen.

Automated Pen Testing Is Improving — Slowly

by Alex Haynes / 1d

The rate of evolution has been glacial, but tools now understand cloud environments and can target Web applications.

New Jailbreaks Allow Users to Manipulate GitHub Copilot

by Nate Nelson, Contributing Writer / 1d

Whether by intercepting its traffic or just giving it a little nudge, GitHub's AI assistant can be made to do malicious things it isn't supposed to.

Exposure Management Provider CYE Acquires Solvo

CYE acquires Solvo for cloud security

•

by Jeffrey Schwartz / 2d

The addition of Solvo CSPM to CYE Hyver aims to address the need for multicloud vulnerability monitoring and risk assessment.

Jan 29, 2025

Fake Videos of Former First Lady Scam Namibians

by Nate Nelson, Contributing Writer / 2d

Amateurish financial scams are common across Africa, and Namibia's influential former first lady, Monica Geingos, has emerged as a particularly effective host body for these messages.

PrintNightmare Aftermath: Windows Print Spooler Is Better. What's Next?

9 TTPs

•

by Jai Vijayan, Contributing Writer / 2d

While Microsoft has boosted the security of Windows Print Spooler in the three years since the disclosure of the PrintNightmare vulnerability, the service remains a spooky threat that organizations cannot afford to ignore.

Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers

2 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 2d

•

CVE-2024-40891

VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.

Mirai Variant 'Aquabot' Exploits Mitel Device Flaws

8 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 2d

•

CVE-2024-41710

Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.

The Old Ways of Vendor Risk Management Are No Longer Good Enough

by Jatin Mannepalli / 2d

Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance.

7 Tips for Strategically Saying 'No' in Cybersecurity

by Joan Goodchild / 3d

Cybersecurity can't always be "Department of No," but saying yes all the time is not the answer. Here is how to enable innovation gracefully without adding risk to the organization.

CrowdStrike Highlights Magnitude of Insider Risk

by Jeffrey Schwartz / 3d

The impetus for CrowdStrike's new professional services came from last year's Famous Chollima threat actors, which used fake IT workers to infiltrate organizations and steal data.

Jan 28, 2025

Data Privacy Day 2025: Time for Data Destruction to Become Standard Business Practice

by Adam Strange / 3d

Compliance standards are mandating better data security. There are several ways to do this, but most organizations would admit that erasure is not one of them.

Lynx Ransomware Group 'Industrializes' Cybercrime With Affiliates

2 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 3d

•

Lynx RaaS group innovates cybercrime affiliates

The ransomware group provides everything an affiliate could want to breach and attack victims, including a quality controlled recruitment system to engage even more criminals.

OAuth Flaw Exposed Millions of Airline Users to Account Takeovers

6 TTPs

•

by Jai Vijayan, Contributing Writer / 3d

•

OAuth flaw risks airline user accounts

The now-fixed vulnerability involved a major travel services company that's integrated with dozens of airline websites worldwide.

Phishing Campaign Baits Hook With Malicious Amazon PDFs

IoC > 4 URLs

•

by Kristina Beek, Associate Editor, Dark Reading / 3d

•

4 TTPs

•

Amazon Prime phishing campaign targets users

In their discovery, researchers found 31 PDF files linking to these phishing websites, none of which have been yet submitted to VirusTotal.

Reporting a Breach or Vuln? Be Sure Your Lawyer's on Call

by Robert Lemos, Contributing Writer / 3d

Globally, security researchers and whistleblowers face increasingly hostile laws and judiciaries that are ready to levy fines and prison sentences.

Super Bowl LIX Could Be a Magnet for Cyberattacks

by Jai Vijayan, Contributing Writer / 3d

Concerns include everything from ransomware, malware, and phishing attacks on the game's infrastructure to those targeting event sponsors and fans.

Actively Exploited Fortinet Zero-Day Gives Attackers Super-Admin Privileges

4 TTPs

•

26by Elizabeth Montalbano, Contributing Writer / 3d

The firewall specialist has patched the security flaw, which was responsible for a series of attacks reported earlier this month that compromised FortiOS and FortiProxy products exposed to the public Internet.

Change Healthcare Breach Impact Doubles to 190M People

2 TTPs

•

by Nate Nelson, Contributing Writer / 3d

•

UnitedHealth reports 190M affected

One of the largest data breaches in history was apparently twice as impactful as previously thought, with PII belonging to hundreds of millions of people sitting in the hands of cybercriminals.

Cryptographic Agility's Legislative Possibilities & Business Benefits

by Keavy Murphy / 4d

Quantum computing will bring new security risks. Both professionals and legislators need to use this time to prepare.

Jan 27, 2025

Apple Patches Actively Exploited Zero-Day Vulnerability

CVE-2025-24085

•

by Kristina Beek, Associate Editor, Dark Reading / 4d

The Apple iOS 18.3 update fixes 28 other vulnerabilities identified by the tech company, though there is little information on them.

For $50, Cyberattackers Can Use GhostGPT to Write Malicious Code

4 TTPs

•

20by Jai Vijayan, Contributing Writer / 4d

•

GhostGPT aids cybercrime activities

Malware writing is only one of several malicious activities for which the new, uncensored generative AI chatbot can be used.

IT-Harvest Launches HarvestIQ.ai

4d

[no content]

Spectral Capital Files Quantum Cybersecurity Patent

4d

[no content]

USPS Impersonators Tap Trust in PDFs in Smishing Attack Wave

7 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 4d

•

Mobile phishing campaign targets PDFs

Attackers aim to steal people's personal and payment-card data in the campaign, which dangles the threat of an undelivered package and has the potential to reach organizations in more than 50 countries.

Crisis Simulations: A Top 2025 Concern for CISOs

CISOs increase crisis simulation budgets

•

by Kristina Beek, Associate Editor, Dark Reading / 4d

CISOs are planning to adjust their budgets this year to reflect their growing concerns for cybersecurity preparedness in the event of a cyberattack.

The Case for Proactive, Scalable Data Protection

by Tom Ferrucci / 5d

Whether you're facing growing data demands and increased cyber threats, or simply looking to future-proof your business, it's time to consider the long-term benefits of transitioning to a cloud-first infrastructure.