X-Industry

The US Cybersecurity and Infrastructure Security Agency (CISA) has taken a pioneering step in the realm of artificial intelligence and cybersecurity by appointing its first Chief Artificial Intelligence Officer, and it is not a computer, Lisa Einstein.  This position, announced on 01 August 2024, underscores the growing importance of AI in national security and sets a precedent that other organizations may soon follow.

Einstein has served as CISA's Senior Advisor for AI since 2023 and as the Exe

A massive data leak exposed 1.4 billion Tencent user accounts. The data includes emails, phone numbers, and QQ IDs potentially linked to the “Mother of All Breaches” (MOAB).

A threat actor named “Fenice” has leaked 1.4 billion user accounts, which they claim belong to Tencent (Tencent.com), a Chinese internet giant and technology company.

Tencent is widely recognized for its diverse services, including social networks, music streaming, web portals, e-commerce, mobile games, internet services, pa

X has had its own AI chatbot, Grok, for a while, but it would be fair to say it's not mentioned in the same way that OpenAI's ChatGPT or Google Gemini are.  That's not for the want of trying, though, and with a huge user base of X users providing data for the model, a new version was always expected.

Now, the obviously-named Grok-2 has entered beta.  In a new blog post, X says it represents "a significant step forward from our previous model Grok-1.5, featuring frontier capabilities in chat, cod

A US federal judge ruled on 05 August 2024 that Google violated antitrust laws as it built its Internet search business. The decision might have major implications for the way people use the Internet. The court ruled that payments to make Google the default search engine on other browsers broke US antitrust rules, enabling Google to become a monopoly. The court further ruled that Google had acted illegally to suppress its competition and maintain a monopoly on online search and related highly lu

As part of ongoing growth and digital transformation, many enterprises encounter the challenge of managing the exposures that come with integrating managed assets, BYOD policies, cloud resources, shadow IT, and IoT devices. Each of these new technologies introduces their own set of vulnerabilities and potential entry points for malicious actors, adding to the complexity of maintaining a robust security posture.

In this kind of fragmented environment, security teams have a harder time gaining a c

With the general election a few months away and presidential candidates aggressively fundraising before Election Day, election-related scams are likely to become increasingly common, according to Thomas Dearden, an associate professor of sociology at Virginia Tech.  Because political donations increase at this time of an election year, it’s an opportune time for scammers to take advantage, he said.  “This is one of those ways that they can develop illegitimate opportunities to donate,” Dearden s

“Vote early and often” has been attributed to one of Illinois’ noted gangsters, Al Capone.  Databases containing sensitive US voter information from multiple counties in Illinois were openly accessible on the Internet, revealing 4.6 million records.  Cyber Researcher Jeremiah Fowler has discovered.  These included driver's license numbers as well as full and partial Social Security Numbers and documents like death certificates and included voter records, ballots, multiple lists, and election-rel

RU President Vladimir recently offered to end the war in Ukraine if Kyiv agreed to drop its NATO membership ambitions and concede the four provinces of its territory that are claimed and occupied by Russian troops. The democratically elected Ukraine government swiftly rejected these terms.   However, the Russian offer suggests that they do not see a near-term military victory in the disputed territory, which could be the motive behind the evolution of its cyberwar tactics in the overall military

Iranian state-backed actors have sought to access senior US political figures’ email accounts and launched “covert news sites” aimed at US readers as part of an increase in disinformation and cyber-attacks ahead of the country’s elections, Microsoft has said.  A group run by Iran’s Revolutionary Guards in June sent a spear-phishing email, or personalized hacking attempt, to a “high-ranking official of a presidential campaign” from the compromised email account of a former senior adviser, the Mic

ADT Inc. said on 8 August a small percentage of its customers’ email addresses, phone number and postal addresses were stolen in a recent cybersecurity breach.  The security company that provides residential and small business electronic security, fire protection, and other related alarm monitoring services throughout the US said it took prompt steps to shut down unauthorized access to databases of customer order information.[1]

The company said it has no reason to believe any banking or credit

Internal documents from Leidos Holdings Inc.[1] a leading IT services provider to various US government agencies including the Defense Department have been leaked online by hackers.  The documents are believed to have been exfiltrated during a breach of a system operated by Diligent Corp., https://www.diligent.com which Leidos used for its operations.

The breach was initially reported earlier this year when Diligent Corp., a company providing governance, risk, and compliance (GRC) software, suff

A new security report released this week revealed a record-breaking $75 million ransom paid by a single victim to the Dark Angels ransomware gang earlier this year.  The payment surpasses the previous highest known ransom of $40 million paid by insurance giant CNA to Evil Corp.  The specific company involved has not been disclosed at the time of this writing. However, there are speculations that pharmaceutical giant Cencora ranked #10 on the Fortune 50 list, experienced a cyberattack in February

The government of Columbus, Ohio said it is aware of claims made by a ransomware gang that troves of sensitive city information are available for sale.  The Rhysida ransomware group took credit on Wednesday for the 18 July, threatening to leak 6.5 terabytes of exfiltrated information from the city’s systems allegedly containing emergency services data, access to city cameras and more.

A city spokesperson said late last week they are aware of the matter but could not comment, adding that the situ

Last week, some of Microsoft’s apps were knocked offline in an intentional cyber-attack, it said in an update.  The company’s attempts to stop the hack amplified it.  That meant that some of its apps and features were offline for much of 31 July.  It came just days after Windows PCs were hit by a huge outage that brought much of the world to a standstill, cancelling flights and delaying hospital appointments.  That was the result of a bug in cybersecurity software made by third-party company Cro

KnowBe4, a US-based security vendor specializing in security awareness training, revealed that it accidentally hired a North Korean hacker who attempted to install malware within its systems. This incident serves as a stark reminder of the sophistication and reach of cyber threats.  The company’s CEO, Stu Sjouwerman, shared the details in a blog post,[1] emphasizing that no data was compromised or stolen.

The hacker, posing as a software engineer for KnowBe4’s internal IT AI team, used a stolen

Cybercriminals are now able to purchase Generative AI (GenAI) account credentials on underground hacker markets along with other various illegal goods, according to new research.

The GenAI credentials include those that belong to users of ChatGPT, Quillbot, Notion, Huggingface, and Replit, among many others.  Cybersecurity research teams say  that the hackers are selling the credentials for roughly 400 GenAI accounts per day, usually stolen from corporate end users' computers after they've been

The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea.  The BlackBerry Research and Intelligence Team, which discovered the activity, said targets of the spear-phishing campaign include countries like Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and the Maldives.

SideWinder, which is also known by the names APT-C-17, Baby Elephant, Hardcore Nationalist, R

Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses (SMBs) in Poland during May 2024 that led to the deployment of several malware families like Agent Tesla, Formbook, and Remcos RAT.  Some of the other regions targeted by the campaigns include Italy and Romania.  Attackers used previously compromised email accounts and company servers, not only to spread malicious emails but also to host malware and collect stolen data.

See:  https:/

Spyware is malicious software engineered to covertly monitor and gather information from a user’s computer without their awareness or consent. It can record activities like keystrokes, browsing behavior, and personal information, often transmitting this data to a third party for espionage or theft.

FortiGuard Labs recently detected an attack exploiting the CVE-2021-40444 vulnerability in Microsoft Office. This flaw allows attackers to execute malicious code via specially crafted documents. In th

As renewable energy generation expands across the US, the federal government is becoming more concerned about vulnerabilities in new systems being a target for cyberattacks.  The US FBI recently warned the US private sector and individual owners of renewable power of the potential for hacks, saying that reductions in the cost of implementing energy infrastructure and increased clean energy incentives will not only attract investors but also the attention of cybercriminals.

Government incentives,