Wednesday, November 27, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

ComputerWorld Independent 

Security researchers uncover NSO Group iPhone attacks in Europe

admin , , , , ,

Earlier this week, we saw research showing the noxious NSO Group continues to spy on people’s iPhones in Mexico. Now, Jamf Threat Labs has found additional attacks against human rights activists and journalists in the Middle East and Europe, one of whom worked  for a global news agency.

Older iPhones at most risk

The main thrust of the latest research is that while Apple has taken steps to protect devices running the most recent versions of iOS, these attacks are still being made against older iPhones. Jamf warns that the attacks “prove malicious threat actors will exploit any vulnerabilities in an organization’s infrastructure they can get their hands on.”

To read this article in full, please click here

Read more
ComputerWorld Independent 

Three issues with generative AI still need to be solved

admin , , ,

Disclosure: Qualcomm and Microsoft are clients of the author.

Generative AI is spreading like a virus across the tech landscape. It’s gone from being virtually unheard a year ago to being one of, if not the, top trending technology today. As with any technology, there are issues that tend to surface with rapid growth, and generative AI is no exception.

I expect three main problems to emerge before the end of the year that few people are talking about today.

The critical need for a hybrid solution

Generative AI uses massive language models, it’s processor-intensive, and it’s rapidly becoming as ubiquitous as browsers. This is a problem because existing, centralized datacenters aren’t structured to handle this kind of load. They are I/O-constrained, processor-constrained, database-constrained, cost-constrained, and size-constrained, making a massive increase in centralized capacity unlikely in the near term, even though the need for this capacity is going vertical. 

To read this article in full, please click here

Read more
Independent Krebs 

Giving a Face to the Malware Proxy Service ‘Faceless’

admin , , , , , , , , , , , , , , , , ,

Credit to Author: BrianKrebs| Date: Tue, 18 Apr 2023 20:59:39 +0000

For the past seven years, a malware-based proxy service known as “Faceless” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.

Read more
ComputerWorld Independent 

NSO Group returns with triple iOS 15/16 zero-click spyware attack

admin , , , ,

No matter what US President Joseph R. Biden Jr. said, NSO Group is still around; the privatized spying service produced zero-click exploits against iOS 15 and iOS 16 last year, according to the latest report from Citizen Lab.

It also suggests Lockdown Mode is effective against such attacks.

A trio of exploits used in complex form

The report reflects what Citizen Lab learned from investigating attacks against Mexican human rights defenders. The researchers conclude that NSO Group, called “mercenary hackers” by Apple, has made wide use of at least three zero-click exploits in Apple’s iPhone operating systems against civil society targets worldwide. NSO Group is the infamous firm that created the Pegasus tool used to spy on people.

To read this article in full, please click here

Read more
Independent Krebs 

Why is ‘Juice Jacking’ Suddenly Back in the News?

admin , , , , , , , , , ,

Credit to Author: BrianKrebs| Date: Fri, 14 Apr 2023 20:27:56 +0000

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “juice jacking,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk. It remains unclear what may have prompted the alerts, but the good news is that there are some fairly basic things you can do to avoid having to worry about juice jacking.

Read more
ComputerWorld Independent 

Patch now to address a Windows zero-day

admin , , , ,

Microsoft has addressed 97 existing vulnerabilities this April Patch Tuesday, with a further eight previously released patches updated and re-released. There have been reports of a vulnerability (CVE-2023-28252) exploited in the wild, making it a “Patch Now” release.

This update cycle affects Windows desktops, Microsoft Office, and Adobe Reader. No updates for Microsoft Exchange this month. The team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this April update cycle.

To read this article in full, please click here

Read more
ComputerWorld Independent 

EU privacy regulators to create task force to investigate ChatGPT

admin , ,

The European Data Protection Board (EDPB) plans to launch a dedicated task force to investigate ChatGPT after a number of European privacy watchdogs raised concerns about whether the technology is compliant with the EU’s General Data Protection Regulation (GDPR).

Europe’s national privacy regulators said on Thursday that the decision came following discussions about recent enforcement action undertaken by the Italian data protection authority against OpenAI regarding its ChatGPT service.

To read this article in full, please click here

Read more