Marriott's slogan is "We Serve Our World." This slogan reflects the company's commitment to positively impacting the world, its guests, and the communities it operates in. Marriott International entered a $52 million settlement with the US Federal Trade Commission (FTC) to resolve allegations from a massive data breach that affected millions of guests. The breach between 2014 and 2018 involved exposing sensitive customer information, including names, passport numbers, credit card details, and
All Articles (2768)
Sort by
A mysterious new image generation model is beating models from Midjourney, Black Forest Labs, and OpenAI on the crowdsourced Artificial Analysis benchmark.
An image generation model is a conceptual understanding of how light from a scene is converted into an image. There are two types of image generation:
- Unconditional generation: Generating new images from an existing dataset without any specific conditions.
- Conditional image generation: Generating samples based on a specific label or conditio
Cybersecurity researchers at Aqua Nautilus have discovered a new hacking campaign by Adept Libra (aka TeamTNT), targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and crypto miners.
TeamTNT is a notorious hacking group known for aggressive and persistent attacks on cloud-native environments. The group is known for exploiting vulnerabilities in Docker daemons and Kubernetes clusters to deploy malware and hijack resources for cryptocurrency mining.
In a recent campaign, Te
A new malware family named WarmCookie, also known as BadSpace, has been actively distributed through malspam and malvertising campaigns since April 2024.
See: https://redskyalliance.org/xindustry/windows-backdoor-to-push-badspace
According to a blog post from Cisco Talos published on 23 October 2024, the malware facilitates persistent access to compromised networks. It has been observed as an initial payload, often leading to the deployment of additional malware such as CSharp-Streamer-RAT an
The Ukrainian Computer Emergency Response Team has issued a new security warning after discovering a cyber-attack campaign carried out by the APT28 threat group, also known as Fancy Bear. This group is thought, with a high degree of confidence, to be affiliated with Russian military intelligence operations. Here’s what we know so far and what you need to watch out for if you think you might be at risk of being targeted.
The APT28 Fancy Bear Cyber Attack Campaign Warning From CERT-UA - The Ukr
China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the Volt Typhoon is a fabrication of the US and its allies. The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, accused the US federal government, intelligence agencies, and Five Eyes countries of conducting cyber espionage activities against China, France, Germany, Japan, and internet users globally. Remember, t
Qualcomm has historically been quiet about its automotive aspirations, preferring to focus attention on its Snapdragon mobile and laptop processor offerings. That might be changing. The company flew TechCrunch to its Qualcomm Snapdragon Summit on Maui to see its latest Snapdragon Elite chips. This year it is all about automotive. The Snapdragon Digital Chassis has been powering cars for a couple of years, but now Qualcomm is touting its Elite horn with Snapdragon Ride Elite and Snapdragon Co
A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by using obfuscated JavaScript to slip past security defenses. The campaign's impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected. Malicious emails often impersonate official tax documents, using the urgency of personal income tax filings to trick users into downloading the malware.
See: https://r
With everything turning digital, Cyber Security threats have been growing each day as the attack surface is massive and continuing to grow and evolve rapidly. In response to this unprecedented challenge, Artificial Intelligence (AI) based tools for cyber security have emerged to help information security teams reduce breach risk and improve their security posture efficiently and effectively.
See: https://redskyalliance.org/xindustry/ai-s-impact-on-cyber
AI is helping firms to become more resil
What did the robot vacuum say to its homeowner? You suck. In a bizarre turn of events, owners of robot vacuums across the US have reported that their devices have been hacked. One particularly alarming case involved a man whose Ecovacs Deebot X2 began yelling racial slurs at him. The incidents appear to be linked to a security vulnerability in the Chinese-made Ecovacs Deebot X2 model, according to a report by the Australian Broadcast Corporation. The flaw has exposed widely distributed smar
Researchers at Microsoft discovered a new macOS vulnerability, “HM Surf” (CVE-2024-44133), which bypasses TCC protections, allowing unauthorized access to sensitive data like the camera and microphone. Patch now to stay protected. A vulnerability discovered by cybersecurity researchers at Microsoft Threat Intelligence in macOS allows attackers to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, granting unauthorized access to sensitive user data.
Researchers ca
Recently, cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. "Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape," Checkmarx researchers Yehuda Gelb and Elad Rapaport said in a report.[1]
The software supply chain security company noted
According to cybersecurity provider Cyble, a new sophisticated malicious campaign is using an undetected Cerberus Android banking Trojan payload. In a new report published on 14 October 2024, Cyble Research and Intelligence Labs (CRIL) https://cyble.com identified 15 malicious samples posing as Chrome and Play Store apps from mid-September through the end of October. These samples use a multi-stage dropper to deploy a banking trojan payload, which was found to be leveraging the Cerberus banking
China’s Computer Virus Emergency Response Center has released part three of a running series claiming that the US government is actually behind Volt Typhoon activity, rather than China. The latest CVERC report, whose front page includes an oddly edited photo with the text “Lie to Me,” provides no new evidence of these claims and rehashes old, leaked US intelligence documents. However, this CVERC report is not useless. The CVERC report tells us more about China’s intentions than it does convin
A European Commission-funded biometric “gait recognition” program to study how to more easily identify people crossing the European Union’s external borders by examining their unique walking styles began last week. The initiative, called the PopEye Project, is supported by a €3.2 million (USD $3.5 million) grant that covers a three-year pilot testing the technology, according to TechTransfer, a program at the Vrije Universiteit Brussels and a partner on the effort. Horizon Europe, a European U
The US Department of Justice (DoJ) has announced arrests and charges against several individuals and entities for allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action, codenamed Operation Token Mirrors, is the result of the US Federal Bureau of Investigation (FBI) taking the "unprecedented step" of creating its own cryptocurrency token and company, NexFundAI.
NexFundAI, as per information on the website, was marketed as redefining the "
Iranian hackers are acting as Initial Access Brokers (IAB), selling access to critical infrastructure organizations in the West to the highest bidder. A joint security advisory recently published by the US Cybersecurity and Infrastructure Agency (CISA), together with the FBI, NSA, the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ASCS), claims Iranian threat actors are activel
Kroger’s plans to roll out facial recognition tools at its grocery stores is attracting increased criticism from lawmakers, who warn that it could be exploited to increase the prices certain individuals pay for food and put customers’ personal data at risk. In a letter this week to Kroger CEO Rodney McMullen, Congresswoman Rashida Tlaib (D-MI) said the plans, which involve using facial recognition tools in digital displays to target advertising to customers and collect information on them, pote
Threat Type: Foreign Adversarial Technological, Physical, and Cyber Influence
Geographic Area: Worldwide
This advisory supersedes and cancels US Maritime Advisory 2024-002
- Issue: This Advisory seeks to alert maritime stakeholders of potential vulnerabilities to maritime port equipment, networks, operating systems, software, and infrastructure. Foreign companies manufacture, install, and maintain port equipment that creates vulnerabilities to global maritime infrastructure information technology
Recently, the Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the disclosure reported. The marketplace discontinued its operations in late 2023 following reports of service disruptions and exit
