Threat actors are abusing Microsoft 365 infrastructure in a BEC campaign, and target its users in two brand impersonation campaigns.
The post Microsoft 365 Targeted in New Phishing, Account Takeover Attacks appeared first on SecurityWeek.
Category Added in a WPeMatico Campaign
100 Car Dealerships Hit by Supply Chain Attack
The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.
The post 100 Car Dealerships Hit by Supply Chain Attack appeared first on SecurityWeek.
Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services
Vulnerabilities in Nvidia Riva could allow hackers to abuse speech and translation AI services that are typically expensive.
The post Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services appeared first on SecurityWeek.
Popular GitHub Action Targeted in Supply Chain Attack
The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.
The post Popular GitHub Action Targeted in Supply Chain Attack appeared first on SecurityWeek.
In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker
Noteworthy stories that might have slipped under the radar: Switzerland requires disclosure of critical infrastructure attacks, ESP32 chips don’t contain a backdoor, MassJacker cryptojacking malware.
The post In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker appeared first on SecurityWeek.
ClickFix Widely Adopted by Cybercriminals, APT Groups
The ClickFix technique has been employed by cybercrime and APT groups for information stealer and other malware deployment.
The post ClickFix Widely Adopted by Cybercriminals, APT Groups appeared first on SecurityWeek.
LockBit Ransomware Developer Extradited to US
Russian-Israeli LockBit ransomware developer Rostislav Panev has been extradited from Israel to the United States.
The post LockBit Ransomware Developer Extradited to US appeared first on SecurityWeek.
New AI Security Tool Helps Organizations Set Trust Zones for Gen-AI Models
Measure the different level of risk inherent to all gen-AI foundational models and use that to fine-tune the operation of in-house AI deployments.
The post New AI Security Tool Helps Organizations Set Trust Zones for Gen-AI Models appeared first on SecurityWeek.
RSA Conference Playbook: Smart Strategies from Seasoned Attendees
Your guide on how to get through the conference with your sanity, energy, and key performance indicators (KPIs) intact.
The post RSA Conference Playbook: Smart Strategies from Seasoned Attendees appeared first on SecurityWeek.
New CCA Jailbreak Method Works Against Most AI Models
Two Microsoft researchers have devised a new jailbreak method that bypasses the safety mechanisms of most AI systems.
The post New CCA Jailbreak Method Works Against Most AI Models appeared first on SecurityWeek.