Security

The U.S. Department of Homeland Security's Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key.

Microsoft believes that last May's Exchange Online hack is linked to a threat actor known as 'Storm-0558' stealing an Azure signing key from an engineer's laptop that was previously compromised by the hackers at an acquired company.

Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable.

"Jackson County has identified significant disruptions within its IT systems, potentially attributable to a ransomware attack," officials wrote Tuesday. "Early indications suggest operational inconsistencies across its digital infrastructure and certain systems have been rendered inoperative while others continue to function as normal."

AhnLab Security Intelligence Center (ASEC) has recently discovered that hackers are actively exploiting the Google Ads Tracking feature to deliver malware.

AhnLab discovered malware disguised as popular groupware installers like Notion and Slack, distributed via Google Ads tracking. Upon execution, it fetches malicious payloads from attacker servers.

While the identified malicious file names include:-

   Notion_software_x64_.exe
   Slack_software_x64_.exe
   Trello_software_x64_.exe
   GoodNotes_software_x64_32.exe
 

Hacking is a phenomenon that has been around since at least the 1960s, initially as an exploration into computing more broadly, fueled by the insatiable curiosity of an eternally brilliant community of "hackers," and in large part, that remains true today. Unfortunately, the term "hacking" can conjure up scenes of a lonely individual in a hoodie behind a keyboard, bullying and stealing from victims with ease from the safety of a poorly lit basement room.

The number of zero-day vulnerabilities exploited in-the-wild jumped significantly in 2023, as threat actors focused their efforts on enterprise-specific software and appliances, according to new research.

In Google’s fifth annual review (PDF) of zero-days exploited in-the-wild, researchers reported observing 97 zero-days in 2023, a 56% jump on the 65 spotted in 2022, but still below 2021’s record of 106.

Insider threats are among the most devastating types of cyberattacks, targeting a company’s most strategically important systems and assets. As enterprises rush out new internal and customer-facing AI chatbots, they’re also creating new attack vectors and risks.

Israel has deployed a mass facial recognition program in the Gaza Strip, creating a database of Palestinians without their knowledge or consent, The New York Times reports. The program, which was created after the October 7th attacks, uses technology from Google Photos as well as a custom tool built by the Tel Aviv-based company Corsight to identify people affiliated with Hamas.

Human weaknesses are a rich target for phishing attacks. Making humans click "Don't Allow" over and over again in a phone prompt that can't be skipped is an angle some iCloud attackers are taking—and likely having some success.

Thousands of servers storing AI workloads and network credentials have been hacked in an ongoing attack campaign targeting a reported vulnerability in Ray, a computing framework used by OpenAI, Uber, and Amazon.

A significant portion of the Middle East's economy is driven by the extraction of natural resources. The biggest growth in global oil production was in the Middle East, including Saudi Arabia and the United Arab Emirates (UAE). The region is home to a high concentration of industrial companies and enterprises in the energy sector. These organizations, alongside government agencies, actively employ information technologies. Digitalization has led to significant economic and social growth in Middle Eastern countries.