Apple’s $95M Siri Settlement: What IT Security Professionals need to know

2025-01-03 13:26 | Tags: apple, siri

Apple has agreed to pay $95 million to resolve a class-action lawsuit alleging that Siri unintentionally recorded private conversations and shared them with third parties for targeted advertising. Background The core of the lawsuit revolves around claims that Siri was activated without the user’s explicit command, leading to unintended recordings of private conversations. Users reported […]

LDAP Nightmare: Exploiting CVE-2024-49112 in Windows Servers

2025-01-02 12:12 | Tags: activedirectory, cybersecurity, infosec, ldap, patchtuesday, rce, windows, windowsserver, zeroday

A new Remote Code Execution (RCE) vulnerability has been discovered. With a CVSS score of 9.8, this vulnerability affects Windows Domain Controllers (DCs) and other Windows Servers, potentially putting organizational networks at risk. SafeBreach Labs took a deep dive, revealing a zero-click Proof of Concept (PoC) capable of crashing unpatched systems. This flaw doesn’t require […]

Chinese APT Targets U.S. Treasury via Third-Party Provider

2024-12-31 12:28 | Tags: breach, china, usa

Chinese state-sponsored hackers successfully breached the U.S. Treasury Department’s security framework this December. The breach was executed through the compromise of BeyondTrust, a trusted third-party cybersecurity service provider. By obtaining a crucial digital key, the attackers were able to override security measures, remotely access Treasury user workstations, and exfiltrate unclassified documents. Breach background The threat […]

AI Best-of-N Jailbreaking

2024-12-30 18:32 | Tags: ai, jailbreaking, llm

A new study has been published that describes a novel attack method known as Best-of-N (BoN) Jailbreaking, which poses significant risks to even the most sophisticated AI models. What is BoN Jailbreaking? BoN Jailbreaking is a black-box attack method designed to exploit AI systems across various input types – text, images, and audio – without […]

Volkswagen’s bad streak: We know where your car is

2024-12-29 13:10 | Tags: Volkswagen

Volkswagen has landed in hot water once again. A recent investigation by the Chaos Computer Club (CCC) reveals that the company has been systematically collecting and storing movement data from hundreds of thousands of vehicles across its brands (VW, Audi, Skoda, and Seat). The data, which includes detailed location information and even vehicle owner details, […]

Beware of Google Calendar Phishing Scams

2024-12-29 10:05 | Tags: 2fa, cybercrime, google, malware, mfa, phishing

Google Calendar, used by over 500 million people worldwide, has become a prime target for cyber criminals. Recently, hackers have manipulated Google tools like Calendar and Google Drawings to send phishing emails that appear to come directly from legitimate sources. These emails often include links to malicious forms or fake pages designed to steal personal […]

OSINT tools for different countries! 🌍

2024-12-29 08:55 | Tags: infosec, osint

Discover an incredible treasure trove of Open Source Intelligence (OSINT) tools and resources tailored to specific countries around the world 🌏. Whether you’re diving into investigative reporting or tracking online footprints, this repository is a game-changer! From Argentina to Uzbekistan, and even multi-country resources, there’s something for every OSINT enthusiast 🔍. Contributors are encouraged to […]

AI/LLMs in the Service of Criminals 👾

2024-12-28 22:24 | Tags: ai, javascript, llm, malware, paloalto

As we witness the evolution of adversarial AI techniques, one of the most concerning developments is the use of large language models (LLMs) to obfuscate malicious JavaScript code. Recent research by Palo Alto Networks’ Unit 42 reveals how these models can rewrite existing malware at scale, bypassing traditional detection methods and posing a serious challenge […]