Experts Find Flaw in Replicate AI Service Exposing Customers’ Models and Data

Cybersecurity researchers have discovered a critical security flaw in artificial intelligence (AI)-)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. “Exploitation of this vulnerability would have allowed unauthorized access to the AI prompts and results of all Replicate’s platform customers,” cloud security firm Wiz said in a report

Tagged under: , , , , , , , , , , ,

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

The crypto-jacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities into the exploit arsenal and expanding its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining campaigns since 2019.

Tagged under: , , , , , , , , , ,

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT

The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. “The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall Street Journal, Workable, and

Tagged under: , , , , , , , , , ,

Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer

Cybersecurity researchers have found several GitHub repositories offering cracked software that is used to deliver an information stealer called RisePro. The campaign, codenamed gitgub, includes 17 repositories associated with 11 different accounts, according to G DATA. The repositories in question have since been taken down by the Microsoft-owned subsidiary. “The repositories look similar, featuring a README.md

Tagged under: , , , , , , , , , , , , , , , , , , , , ,

U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp

A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant’s ongoing litigation against the Israeli spyware vendor. The decision marks a major legal victory for Meta, which filed the lawsuit in October 2019 for using its infrastructure to distribute the spyware to approximately 1,400 mobile

Tagged under: , , , , , , , , , , , , , , , , ,

Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies

Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six months after a China-linked cyber espionage campaign targeting two dozen organizations came to light. “Microsoft will automatically enable the logs in customer accounts and increase the default log retention period from 90

Tagged under: , , , , , , , , , , , , ,

Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.

In a recent analysis, Palo Alto Networks Unit 42 researcher Chema Garcia revealed a targeted cyber threat affecting organizations in the Middle East, Africa, and the United States. The unknown threat actor is distributing a sophisticated backdoor named Agent Racoon, developed using the .NET framework. The malware exploits the domain name service (DNS) protocol to

Tagged under: , , , , , , , , , , , , , , , , , , , , , ,