Tag

Cyber Security

All articles tagged with #cyber security

cyber-security18 days ago•54 min saved

Zero-Click RCE in Claude Desktop Extensions Endangers 10k+ Users

Security researchers LayerX revealed a zero-click remote code execution flaw in Claude Desktop Extensions (DXT) that leverages the Model Context Protocol to chain untrusted data from Google Calendar into a privileged local executor. An attacker can trigger the payload via a malicious calendar event with no user interaction, potentially compromising the host with the user’s privileges. The issue affects over 10,000 active Claude users and more than 50 DXT extensions; Anthropic has reportedly not fixed it yet, citing the architecture of MCP autonomy. Mitigations include disconnecting high-privilege local extensions from untrusted data sources and awaiting a patch or architectural changes to MCP. This serves as a warning about the security risks of AI agents autonomously bridging data to local systems.

via CybersecurityNews|

#claude #cyber-security #desktop-extensions

politics1 month ago•7 min saved

Interim CISA Chief’s ChatGPT Upload Triggers Internal Security Review

Madhu Gottumukkala, the interim head of the Cybersecurity and Infrastructure Security Agency, uploaded contracting documents marked 'for official use only' to a public ChatGPT last summer, triggering DHS security alerts; the files were not classified, but DHS opened an internal review to assess potential harm and handling of official-use information, highlighting AI-use risks within the agency.

via Politico|

#chatgpt #cisa #cyber-security

cyber-security1 month ago•53 min saved

Public Rainbow Tables Sharpen NTLMv1 Attacks, Prompting Urgent Remediation

Mandiant publicly released Net-NTLMv1 rainbow tables, making NTLMv1 hash cracking practical with modest hardware and lowering barriers for admin-level credential compromise. The dataset, hosted via Google Cloud, underscores the urgent need to disable Net-NTLMv1 and migrate to NTLMv2; organizations should monitor for LM/NTLMv1 usage in Windows Event logs (e.g., Event ID 4624) and implement robust detection and remediation to prevent post-compromise downgrades and broader AD compromise (e.g., DCSync attacks).

via Cyber Security News|

#active-directory #cyber-security #net-ntlmv1

business1 year ago•2 min saved

Krispy Kreme Cyberattack Halts Online Orders and Operations

Krispy Kreme has experienced a cyber security attack that disrupted its online operations in parts of the US, potentially impacting its business materially. The company has taken steps to contain the unauthorized activity and is working with federal law enforcement and cyber security experts. Despite the disruptions, its physical stores remain open. The attack highlights the increasing threat of ransomware, especially during the holiday season, and follows a trend of rising cyber incidents in the retail and hospitality sectors. Krispy Kreme holds cyber security insurance to mitigate some costs, but recovery could take months.

via Financial Times|

#business #cyber-attack #cyber-security

technology1 year ago•8 min saved

"Uncovering the Truth: Smartphone Spying Unveiled"

Researchers at MIT's CSAIL have discovered that smartphones' ambient light sensors can potentially be repurposed to capture images and intercept user gestures, posing significant privacy risks. They urge operating system developers to tighten permissions for these sensors and propose granting users control over ambient light sensor permissions. Additionally, the article provides tips to protect smartphones from spyware and unauthorized data collection, emphasizing the need for a necessary conversation on security, awareness, and the evolving landscape of digital privacy.

via Fox News|

#ambient-light-sensors #cyber-security #mit-csail

technology1 year ago•5 min saved

"Defending Against iPhone Security Threats: A Guide for Apple Users"

A new scam targeting iPhone users involves a "push bombing" technique that prompts users with fake "Reset Password" notifications, leading to potential permanent lockout if the "Allow" option is clicked. The scam has also been reported on other Apple devices. Apple is aware of the issue and advises users not to click "Allow" on these notifications and to reach out for support if targeted. Mitigation strategies include changing the associated phone number to a VOIP number and using email aliases for better organization and tracking of incoming emails. Vigilance and patience are key in outsmarting this scam, and users are urged to stay updated on Apple's progress for a permanent solution.

via Fox News|

#apple #cyber-security #iphone

technology2 years ago•2 min saved

"Valentine's Day Alert: How to Spot and Avoid Online Romance Scams"

As Valentine's Day approaches, the risk of falling victim to online dating scams increases, with scammers using bots and AI to create fake profiles and manipulate victims into sending money. Research shows a significant rise in bot attacks on dating apps, and in 2022, nearly 70,000 people reported falling victim to romance scams, resulting in $1.3 billion in losses. Warning signs of a potential scam include overly formal messages, inconsistent information, odd communication patterns, unrealistic photos, and requests for money. Experts advise using online tools to detect AI-generated messages and conducting image searches to verify profile pictures.

via CBS News|

#artificial-intelligence #cyber-security #online-dating

technology2 years ago•1 min saved

"Google Trials Enhanced Fraud Protection for Android Users"

Google is testing enhanced financial fraud protection for Play Protect, which will automatically block the installation of apps that request sensitive permissions frequently abused for financial fraud when sideloaded from the internet. The pilot program is starting in Singapore and aims to protect users from fraud apps that exploit permissions like RECEIVE_SMS and READ_SMS. Google has partnered with the Cyber Security Agency of Singapore for testing and will provide guidance for developers to review app permissions and follow best practices. Play Protect's real-time scanning has already made a significant impact on user safety in several countries.

via 9to5Google|

#android #cyber-security #financial-fraud

cyber-security2 years ago•1 min saved

U.S. Imposes Sanctions on Iranian Officials for Critical Cyber Attacks

The U.S. Treasury Department has imposed sanctions on six Iranian officials linked to the Iranian intelligence agency for targeting critical infrastructure entities in the U.S. and other countries. The officials, part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command, are held responsible for cyber operations, including hacking programmable logic controllers manufactured by an Israeli company. The U.S. Cybersecurity and Infrastructure Security Agency revealed that the Municipal Water Authority of Aliquippa in Pennsylvania was targeted by Iranian threat actors. The Treasury Department emphasized the sensitivity of industrial control devices in critical infrastructure systems and the potential for devastating consequences from unauthorized access. Additionally, a pro-Iranian group known as Homeland Justice claimed to have stolen terabytes of data from Albania's Institute of Statistics.

via The Hacker News|

#critical-infrastructure #cyber-attacks #cyber-security

cyber-security2 years ago•2 min saved

"India Issues Cyber Attack Warning for Apple Users: Devices at Highest Risk"

India's Computer Emergency Response Team (CERT) has warned Apple product users in the country about potential cyber attacks due to vulnerabilities in certain devices, including iPhones, MacBooks, Apple TV, Apple Watch, and various iPad and macOS versions. Users are advised to update to the latest security patches, use strong passwords, avoid clicking on suspicious links, and regularly back up important data to protect against potential breaches.

via WION|

#apple #cyber-attack #cyber-security

cyber-security2 years ago•8 min saved

"Air Travel Jokes: When In-Flight Humor Lands Passengers in Legal Trouble"

A teenager's Snapchat joke about blowing up a plane led to his arrest in Spain, raising concerns about the security of public WiFi networks at airports. Cyber security experts warn that unsecure public WiFi networks could be monitored by intelligence agencies, potentially compromising users' privacy. While some experts believe it is plausible for public WiFi sites to be monitored, others argue that incidents like this would be more common if WiFi was the issue. The teenager admitted to sending the joke in a private group and expressed regret, while his defense argues that his right to privacy was breached.

via Daily Mail|

#cyber-security #intelligence-agencies #public-wifi

cybersecurity2 years ago•2 min saved

SEC Acknowledges Cybersecurity Failure in Bitcoin-Related Hack

The US Securities and Exchange Commission (SEC) admitted that a key security procedure, multi-factor authentication (MFA), had been suspended for six months on its social media account when hackers made a fake post about Bitcoin in January. This allowed hackers to gain access to the account and make the misleading post, causing the cryptocurrency to surge in value before the post was deleted. The SEC has since confirmed the regulatory change, but the incident highlights the importance of maintaining strong cybersecurity measures, especially in government agencies, to prevent similar attacks.

via BBC.com|

#bitcoin #cyber-security #cybersecurity

technology2 years ago•1 min saved

Texas DMV Offices Reopen After System Outage

Some Texas DMV offices have reopened with limited services after a system outage affected all online and in-person services, including county tax offices and registration renewal locations. The 16 department offices across the state will reopen at noon on Friday. The Texas DMV takes cyber security seriously and advises consumers to remain vigilant in managing their accounts. Motor vehicle transactions could not be processed on Friday due to the statewide system outage, but updates will be provided on the department's social media sites and website when additional information is available.

via NBC 5 Dallas-Fort Worth|

#cyber-security #limited-services #motor-vehicle-transactions

entertainment2 years ago•2 min saved

Taylor Swift Fans Face Scams and Frenzies on Eras Tour.

Two sisters fell victim to a Taylor Swift ticket scam after joining a private Facebook group to purchase inexpensive tickets to the summer tour. They paid $350 apiece for fourth-row seats to Swift's Cincinnati show, but the woman who sold them the tickets gave them the runaround and later blocked them. The sisters later found out that tickets in the fourth row were selling for nearly $2,000. Cyber security experts advise people to be cautious when buying tickets from second-hand sources and to report any scams to the FBI through IC3.org.

via FOX19|

#cyber-security #entertainment #facebook-group

politics2 years ago•2 min saved

Biden and Yoon to strengthen US-South Korea alliance against nuclear threats.

President Joe Biden will announce new nuclear deterrence efforts and a cyber security initiative during South Korean President Yoon Suk Yeol's state visit to the U.S. The move is aimed at deterring a North Korean attack on South Korea, as Pyongyang has stepped up ballistic missile tests. Biden hopes to emphasize the U.S.'s commitment to deterring nuclear action by North Korea and highlight the importance of South Korea and Japan building on their security ties. The U.S., South Korea, and Japan conducted a joint missile defense exercise last week aimed at countering North Korea's growing nuclear arsenal.

via ABC News|

#biden #cyber-security #north-korea