A now-patched bug that caused OpenAI to take down ChatGPT chatbot for nine hours on Monday also revealed the last four digits of payment cards, the company disclosed Friday. One user said he saw the history of another account including the topics "phobia of rats" and "sexist music video clips."
The United States sent its top cyber offensive team to NATO ally Albania to help secure the nation's critical infrastructure networks. The Cyber National Mission Force helped find cyberthreats and vulnerabilities on networks likely targeted last year by Iranian threat actors.
Every week, ISMG rounds up cybersecurity incidents in the world of digital assets. In focus between March 17 and 23: The New York State Department of Financial Services reminds BitPay that regulations exist. Also, Euler Finance, Gala Games, BitGo, ZenGo, General Bytes, Bitzlato and ParaSpace.
Not all ransomware groups wield crypto-locking malware. Some have adopted other strategies. Take BianLian. After security researchers released a free decryptor for its malware, instead of encrypting files, the group chose to steal them and demand ransom solely for their safe return.
Bitcoin ATM manufacturer General Bytes suspended its cloud services supporting more than 15,000 machines after a hacker exploited a vulnerability in its software to steal user passwords and private keys and made off with cryptocurrency worth millions of dollars.
Russia's invasion of Ukraine in 2022 threw Russia's cybercrime ecosystem into a state of upheaval that still exists to this day. "We identified disruptions to literally every single form of commodified cybercrime," said Alexander Leslie, associate threat intelligence analyst at Recorded Future.
Last year was another bonanza in zero-days for Chinese state hackers, say security researchers in a report predicting a permanent uptick in nation-state exploitation of yet-unpatched vulnerabilities. "Attackers seek stealth and ease of exploitation," writes cybersecurity firm Mandiant.
Microsoft and CrowdStrike once again dominate Gartner's Magic Quadrant for Endpoint Protection. Cybereason has risen to the leaders quadrant and Trellix has fallen to a niche player. The endpoint protection market has rapidly matured in recent years - 50% of organizations have already adopted EDR.
Every week, ISMG rounds up cybersecurity incidents in the world of digital assets. In focus between March 10 and 16: a ChipMixer takedown, Euler Finance and Poolz Finance hacks, bugs on 280 blockchains, Dero coin, and a report from the Financial Action Task Force on ransomware financing.
U.S. and German police seized darknet cryptocurrency anonymizing service ChipMixer, which federal prosecutors say cybercriminals used to launder $3 billion including proceeds from ransomware extortion and North Korean cryptocurrency hacking. Among its alleged customers: LockBit and the Russian GRU.
Threat actors who mine digital assets using other people's infrastructure have found a lucrative new cryptocurrency to motivate their hacking: the privacy-focused currency named Dero. CrowdStrike says it discovered a first - a Dero cryptojacking operation operating on a Kubernetes cluster.
CISOs have faced a broad and varied set of challenges in recent years. Remote environments, increasingly sophisticated threats and expanding supply chains are just some of the many concerns keeping them up at night.
Cybercriminals have been launching attacks against our people, networks, and services for decades with varying success. So, the need to realign our defences to meet the demands of evolving threats is nothing new.
The LockBit ransomware operation claims to have stolen data from a Texas-based supplier to Elon Musk's SpaceX, which designs, manufactures and launches rockets and spacecraft. It's the latest PR-grabbing attempt by the prolific LockBit extortion group.
Cybersecurity researchers say they are almost certain they have spotted traces of the advanced persistent threat group Dark Pink, which recently emerged, now apparently attacking victims with a newly improved obfuscation routine to evade anti-malware measures.