Devices across the world are being abused.
Category: cybercrime/malcode
In today’s AI news, the OpenAI commercial, developed under new CMO Kate Rouch, deliberately avoids mentioning AGI or superintelligence, which are at the core of OpenAI’s mission. “We want the message to feel relevant to the audience that is watching the Super Bowl, which includes tens of millions of people who have no familiarity with AI,” Rouch said.
S $254-billion software industry by 45% over the next five years, according to a survey by consulting firm EY India. This boost will come through the dual effect of the IT industry integrating elements of GenAI and client projects move from concept to production. + Then, the French government plans Monday to pledge a gigawatt of nuclear power for a new artificial-intelligence computing project expected to cost tens of billions of dollars. France is making a bid to catch up in the artificial intelligence race by leaning on one of its strengths: plentiful nuclear power.
And, Canadian investment firm Brookfield plans to invest €20 billion by 2030 in artificial intelligence projects in France (around $20.7 billion at current exchange rates), according to a report from La Tribune Dimanche confirmed by news agency AFP. The majority of the sum will be used to build AI-focused data centers.
In videos, we join Adrian Locher, Merantix Capital, Wei Li, BlackRock, Scott Sandell, NEA, Rob Heyvaert, Motive Partners, and Guru Chahal, Lightspeed Venture Partners, discussing how to identify the next category-defining opportunities in AI across venture capital, private equity, and beyond?
Is what happens when millions of people get access to a transformational general purpose technology such as artificial intelligence, enabling superpowers that benefit both individuals and society.” + Then, check out the cutting-edge world of “hackbots”—AI agents designed to autonomously hack websites. Joseph Thacker, Principal AI Engineer at AppOmni as well as a security researcher who specializes in application security and AI, discusses the basics of hackbots, the current landscape of the technology, and its potential future implications.
Stop leaving yourself vulnerable to data breaches. Go to our sponsor https://aura.com/sciencephile to get a 14-day free trial and see if any of your data has been exposed.
Aura just launched their new \.
In the incident analyzed by the Canadian cybersecurity company, the initial access was gained to a targeted endpoint via a vulnerable SimpleHelp RMM instance (“194.76.227[.]171”) located in Estonia.
Upon establishing a remote connection, the threat actor has been observed performing a series of post-exploitation actions, including reconnaissance and discovery operations, as well as creating an administrator account named “sqladmin” to facilitate the deployment of the open-source Sliver framework.
The persistence offered by Sliver was subsequently abused to move laterally across the network, establishing a connection between the domain controller (DC) and the vulnerable SimpleHelp RMM client and ultimately installing a Cloudflare tunnel to stealthily route traffic to servers under the attacker’s control through the web infrastructure company’s infrastructure.
Morphisec CTO Michael Gorelik told The Hacker News that there is evidence connecting the two activity clusters, and that the deceptive Chrome installer site was previously leveraged to download the Gh0st RAT payload.
“This campaign specifically targeted Chinese-speaking users, as indicated by the use of Chinese-language web lures and applications aimed at data theft and evasion of defenses by the malware,” Gorelik said.
“The links to the fake Chrome sites are primarily distributed through drive-by download schemes. Users searching for the Chrome browser are directed to these malicious sites, where they inadvertently download the fake installer. This method exploits the users’ trust in legitimate software downloads, making them susceptible to infection.”
Ransomware extortion fell to $813.5M in 2024 from $1.25B in 2023, despite a 15% attack surge, with law enforcement disrupting cybercriminal operations.
A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024.
According to Trend Micro researchers, the flaw was used in SmokeLoader malware campaigns targeting the Ukrainian government and private organizations in the country.
The Mark of the Web is a Windows security feature designed to warn users that the file they’re about to execute comes from untrusted sources, requesting a confirmation step via an additional prompt. Bypassing MoTW allows malicious files to run on the victim’s machine without a warning.
Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online.
As Microsoft Threat Intelligence experts recently discovered, some developers use ASP.NET validationKey and decryptionKey keys (designed to protect ViewState from tampering and information disclosure) found on code documentation and repository platforms in their own software.
ViewState enables ASP.NET Web Forms to control state and preserve user inputs across page reloads. However, if attackers get the machine key designed to protect it from tampering and information disclosure, they can use it in code injection attacks to craft malicious payloads by attaching crafted message authentication code (MAC).
Moran Cerf disucssess why we dream, and goes deeper into explaining the different versions of the relevance of dreams in life.
FULL INTERVIEW — • moran cerf: neural implants, hacking…
ABOUT MORAN:
Prof. Moran Cerf is professor of business at Columbia business school. His academic research uses methods from neuroscience to understand the underlying mechanisms of our psychology, behavior changes, emotion, decisions, and dreams.
Learn More About Moran’s Work Here: https://www.morancerf.com.
Vincent Danen is the Vice President of Product Security at Red Hat.
Cyber threats are an everyday reality. Attackers exploit the unwitting, stealing confidential and sensitive information through online scam campaigns. Data breach prevention is only as strong as the weakest link, and, in most cases, that link is human. As I mentioned in a previous article, it is reported that 74% of data breaches are caused by human error.
According to a 2020 FBI report, there was a 400% spike in cyberattacks during the Covid-19 pandemic. The human element is a significant vulnerability in cybersecurity, often overlooked in favor of technological solutions. Many organizations focus on addressing software vulnerabilities when employees remain the weakest link in the organization’s security program. Even the most secure software, with all vendor security patches applied, is in danger if the human aspect of risk management is neglected.