Security Leaders Discuss SitusAMC Cyberattack
A real estate finance platform announced it experienced a cyberattack.
Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets
The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools. “These attacks highlight a notable shift in Tomiris’s tactics, namely the increased use of implants that leverage publicRead More »Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets
CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation. The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions ofRead More »CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV
Friday Squid Blogging: Flying Neon Squid Found on Israeli Beach
A meter-long flying neon squid (Ommastrephes bartramii) was found dead on an Israeli beach. The species is rare in the Mediterranean.
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack. Software supply chain security company ReversingLabs said it found the “vulnerability” in bootstrap files provided by a buildRead More »Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware
The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that brings together the featuresRead More »North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware
Prompt Injection Through Poetry
In a new paper, “Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models,” researchers found that turning LLM prompts into poetry resulted in jailbreaking the models: Abstract: We present evidence that adversarial poetry functions as a universal single-turn jailbreak technique for Large Language Models (LLMs). Across 25Read More »Prompt Injection Through Poetry
French Soccer Federation Hit by Cyberattack, Member Data Stolen
According to the federation, the unauthorized access was carried out using a compromised account. The post French Soccer Federation Hit by Cyberattack, Member Data Stolen appeared first on SecurityWeek.
Why Organizations Are Turning to RPAM
As IT environments become increasingly distributed and organizations adopt hybrid and remote work at scale, traditional perimeter-based security models and on-premises Privileged Access Management (PAM) solutions no longer suffice. IT administrators, contractors and third-party vendors now require secure access to critical systems from any location and on any device, withoutRead More »Why Organizations Are Turning to RPAM
In Other News: HashJack AI Browser Attack, Charming Kitten Leak, Hacker Unmasked
Other noteworthy stories that might have slipped under the radar: Scattered Spider members plead not guilty, TP-Link sues Netgear, Comcast agrees to $1.5 million fine. The post In Other News: HashJack AI Browser Attack, Charming Kitten Leak, Hacker Unmasked appeared first on SecurityWeek.