- Details
- Cyber Security News
Apart from ChatGPT and Gemini AI which are the most popular Artificial Intelligence systems available to the public, there are several other standalone chatbot applications that are available for users to deploy and use for their own personal customization.
These standalone applications also provide the feature to plug in and test different AI models and can also bypass IP block restrictions.
One of the most popular standalone Gen AI chatbot applications available for users is the NextChat, a.k.a ChatGPT-Next-Web. Read More..
- Details
- Hackread
Hackread reports that widely used software-as-a-service platforms are having their customers targeted by a novel Dropbox phishing attack that circumvents multifactor authentication to facilitate malware deployment and credential exfiltration activities since the end of January.
Attackers leveraging the 'no-reply@dropbox[.]com' domain sent emails with a Dropbox-hosted PDF to employees using the Darktrace SaaS environment, which when opened established a connection with a malicious endpoint redirecting to a fraudulent Microsoft 365 login page, according to a report from Darktrace. Aside from leveraging ExpressVPN-related endpoints to obfuscate their locations, threat actors also tapped valid tokens and fulfilled MFA requirements to avert the targeted organization's MFA policy, researchers said. Read More..
- Details
- Hackread
Cybersecurity researchers at Fortinet’s FortiGuard Labs have discovered a new threat called Vcurms malware targeting popular browsers and apps for login and data theft. They urge security updates and caution with emails.
Fortinet’s FortiGuard Labs recently uncovered a new cybersecurity threat: a malware known dubbed “Vcurms.” The attackers behind Vcurms malware have employed sophisticated tactics, using email as their command and control center and leveraging public services such as AWS and GitHub to store the malicious software. Additionally, they have employed a commercial protector to evade detection, indicating a concerted effort to maximize the malware’s impact. Read More..
- Details
- The Hacker News
As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where corporate data resides - in the browser.
A new guide by LayerX titled "On-Prem is Dead. Have You Adjusted Your Web DLP Plan?" (download here) dives into this transition, detailing its root cause, possible solution paths forward and actionable implementation examples. After reading the guide, security and IT professionals will be equipped with the relevant information they need to update and upgrade their DLP solutions. Read More..
- Details
- Cyber Security News
COM (Component Object Model) hijacking is a technique in which threat actors exploit the core architecture of Windows by adding a new value on a specific registry key related to the COM object.
This allows the threat actors to achieve both persistence and privilege escalation on target systems. However, several malware families have been found to be utilizing this technique to abuse COM objects.
Several samples of these kinds of malware have been discovered by researchers at VirusTotal since 2023. According to the reports shared with Cyber Security News, threat actors also abused several COM objects for persistent access to the compromised systems. Read More..
- Beware of Fake Trading Apps on Google Play & App Store that Steal Your Money
- Hackers Exploit Wordpress Plugin Flaw to Infect 3,300 Sites with Malware
- Hackers Exploiting iOS 0-day To Attack iPhones
- Hackers Steal Windows NTLM Authentication Hashes in Phishing Attacks
- 4 Instructive Postmortems on Data Downtime and Loss