The underground market for large illicit language models is lucrative, said academic researchers who called for better safeguards against artificial intelligence misuse. Academics at the Indiana University Bloomington[1] identified 212 malicious LLMs on underground marketplaces from April through September 2024. The financial benefit for the threat actor behind one of them, WormGPT, is calculated at US$28,000 over two months, underscoring the allure for harmful agents to break artificial intel
All Articles (2242)
Sort by
After nearly three weeks of identifying unauthorized activity on its network, the Port of Seattle continues to recover from a suspected cyberattack that impacted various operations. The travel experience at Seattle-Tacoma International Airport is now “normal,” the airport announced last week, with all flight and baggage information showing up on digital screens. However, the airport and Port’s websites are still down. Other services such as the airport’s lost and found and visitor pass progra
Slim CD, a company that provides software to merchants for processing electronic payments, said the credit card information of nearly 1.7 million people was exposed to an “unauthorized actor” in mid-June. The breached data potentially included “name, address, credit card number, and card expiration date,” but there is “no evidence that any such information has been used to commit identity theft or fraud,” the Florida-based company said in a notification letter filed September 6 with regulators.
Poland’s security services reported that they had broken up an alleged cyber sabotage group linked to Russia and Belarus that had attempted to “paralyze” the country through cyberattacks. The group, whose members were not publicly identified, extorted information from Polish local government agencies and state companies related to military and security matters, Poland’s Minister of Digital Affairs, Krzysztof Gawkowski, said during a press briefing on 10 September 2024. He referred to the group
The US Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. GRU Unit 29155 cyber actors began deploying the destructi
In August 2024, FortiGuard Labs observed a python infostealer we call Emansrepo that is distributed via emails that include fake purchase orders and invoices. Emansrepo compresses data from the victim’s browsers and files in specific paths into a zip file and sends it to the attacker’s email. According to our research, this campaign has been ongoing since November 2023. The attacker sent a phishing mail containing an HTML file, which was redirected to the download link for Emansrepo. PyInsta
I never thought I would write an article about OnlyFans, the website where you can view naked celebrities. In a recent investigation, Veriti's cyber research team uncovered a deceptive operation targeting aspiring OnlyFans hackers. A user on a notorious hacking forum, Bilalkhanicom, offered a tool to "check" OnlyFans accounts. What appeared to be an opportunity for cybercriminals was a trap. The supposed hacking tool was, in fact, malware known as Lummac stealer, designed to infect the devi
In an era where digital threats loom large, the world finds itself grappling with an unprecedented surge in cyber-attacks. Yeah, no kidding. The landscape of digital security has become a battlefield, with corporate networks experiencing a staggering 30% increase in weekly attacks in the second quarter of 2024 compared to the same period in 2023. Yet, a recent study by Kiteworks, a provider of secure content communication solutions, has revealed a significant knowledge gap in the US regarding
North Korean threat actors are expected to launch imminent attacks aimed at stealing funds from "organizations with access to large quantities of cryptocurrency-related assets or products," the FBI is warning, adding that the attacks will use particularly deceptive social engineering tactics, including highly personalized targeting that will appear extremely convincing. In the last several months, federal officials have observed various state-sponsored actors from the DPKR conducting research o
The US Department of Homeland Security has outlined plans to enhance cyber security through the Maritime Transport System (MTS). The department’s aim is to protect the system and infrastructure used to ensure safe and free navigation of US waterways. Ports are a vital part of the US economy, contributing $649 to GDP and generating 13 million jobs. The request for information will be used to help develop research to test the vulnerabilities of the port infrastructure. The study will help to d
The US Department of Justice (DOJ) announced on 04 September 2024 that it had seized 32 internet domains in a covert Russian government-sponsored foreign malign influence operation. This operation, known as "Doppelganger," targeted audiences in the United States and other countries to influence the 2024 US Presidential Election and other political objectives.
The DOJ's action reveals the extent of Russia's ongoing efforts to interfere in foreign elections and spread disinformation. The Russian
Sensitive information belonging to nearly one million Wisconsin residents was breached during the cybercriminal campaign last year that targeted the popular MOVEit file transfer service. The Centers for Medicare & Medicaid Services (CMS), the federal agency that manages the Medicare program and the Wisconsin Physicians Service Insurance Corporation (WPS) said last week that they have begun notifying people whose personal information leaked after hackers exploited a vulnerability in the MOVEit s
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate
Apple appears to have misled the UK's Competition and Markets Authority (CMA) in a regulatory filing that attempts to downplay competition concerns, according to Open Web Advocacy (OWA). OWA, a web technology lobbying group, flagged the alleged misstatement on 4 September document [PDF] filed by Apple last month in conjunction with the CMA's competition inquiry into the mobile browser and cloud gaming markets.
In footnote 142 on page 47, Apple says the CMA's analysis of the mobile browser marke
VirusTotal stores a vast collection of files, URLs, domains, and IPs submitted by users worldwide. It features a variety of functionalities and integrates third-party detection engines and tools to analyze the maliciousness of submitted artifacts and gather relevant related information, such as file properties, domain registrars, and execution behaviors. The VirusTotal dataset, the backbone of the platform, structures artifact-related information into objects and represents relevant relationsh
The first sample of RomCom ransomware was observed in early July 2023 on a publicly available file scanning site, about the same time as the first victim posted on its data leak site on 13 July 2023. Like most ransomware, this ransomware encrypts files on victims' Windows machines and demands a ransom to decrypt them via dropped ransom notes.
Infection Vector - Online reports indicate that the Russia-based RomCom group, or Storm-0978, is deploying the Underground ransomware. This threat group i
So maybe China and Russia are not such good friends after all. Cyber security researchers have uncovered an apparently new Advanced Persistent Threat (APT) group targeting Russian government entities, known as CloudSorcerer. They use a sophisticated cyber espionage tool, discovered by investigators and reported in an advisory they published in June, and is designed for covert data collection and exfiltration, using Microsoft Graph, Yandex Cloud, and Dropbox for its command and control (C2) inf
Since its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors. The affiliates leverage a double-extortion model by encrypting systems and exfiltrat
A new malware called "Voldemort" has been making waves in recent weeks, sending over 20,000 emails worldwide as it spreads through phishing attacks. Discovered by IT security researchers at Proofpoint on 5 August, this malware has proven to be very deceptive. "Voldemort" employs a sophisticated tactic to evade detection: it disguises its network traffic as legitimate by using Google Sheets as an interface. This method allows the malware’s data transmissions to appear harmless, slipping past s
A controversial bill to regulate the Artificial Intelligence (AI) industry, SB-1047, has been passed by the California’s State Assembly Appropriations Committee. It will pass the California Senate by the end of this month before going to the Democrat Governor, Gavin Newsom, for signature to pass into law. The most controversial part of the debate is the question of who is legally responsible and takes the blame if the AI causes harm. Should the AI system be blamed or the person who used the A
