Cloud security provider Wiz found two critical architecture flaws in generative AI models uploaded to Hugging Face, namely shared Inference infrastructure takeover and shared CI/CD takeover.
Attackers are using a new method for malware persistence on Magento servers. Sansec discovered a cleverly crafted layout template in the database, which was used to automatically inject malware.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-08 11:07:032024-04-08 11:07:03Persistent Magento Backdoor Hidden in XML
A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems.
“The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice,” Trustwave SpiderLabs researcher Karla Agregado said.
The email message, the company said, originates from an email
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-08 10:07:212024-04-08 10:07:21Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-08 10:07:202024-04-08 10:07:20NSA Appoints Dave Luber as Cybersecurity Director
An ongoing cyberattack campaign with apparent ties to China uses a new version of sophisticated JavaScript remote access Trojan JSOutProx and is now targeting banks in the Middle East.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-08 06:09:112024-04-08 06:09:11Solar Spider Spins Up New Malware to Entrap Saudi Arabian Financial Firms
Google has filed a lawsuit against two app developers for engaging in an “international online consumer investment fraud scheme” that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of promising higher returns.
The individuals in question are Yunfeng Sun (aka Alphonse Sun) and Hongnam Cheung (aka
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-07 23:07:172024-04-07 23:07:17The best secure browsers for privacy in 2024
While some states have made data privacy gains, the US has so far been unable implement protections at a federal level. A new bipartisan proposal called APRA could break the impasse.
TrojAI, a provider of enterprise AI security solutions, announced a $5.75 million funding round of additional seed capital and the appointment of Lee Weiner as CEO.
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft
/in General NewsCloud security provider Wiz found two critical architecture flaws in generative AI models uploaded to Hugging Face, namely shared Inference infrastructure takeover and shared CI/CD takeover.
Cyware News – Latest Cyber News – Read More
Persistent Magento Backdoor Hidden in XML
/in General NewsAttackers are using a new method for malware persistence on Magento servers. Sansec discovered a cleverly crafted layout template in the database, which was used to automatically inject malware.
Cyware News – Latest Cyber News – Read More
Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme
/in General NewsA new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems.
“The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice,” Trustwave SpiderLabs researcher Karla Agregado said.
The email message, the company said, originates from an email
The Hacker News – Read More
NSA Appoints Dave Luber as Cybersecurity Director
/in General NewsUS National Security Agency appoints Dave Luber as its new cybersecurity director following the retirement of Rob Joyce.
The post NSA Appoints Dave Luber as Cybersecurity Director appeared first on SecurityWeek.
SecurityWeek – Read More
Solar Spider Spins Up New Malware to Entrap Saudi Arabian Financial Firms
/in General NewsAn ongoing cyberattack campaign with apparent ties to China uses a new version of sophisticated JavaScript remote access Trojan JSOutProx and is now targeting banks in the Middle East.
darkreading – Read More
Google Sues App Developers Over Fake Crypto Investment App Scam
/in General NewsGoogle has filed a lawsuit against two app developers for engaging in an “international online consumer investment fraud scheme” that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of promising higher returns.
The individuals in question are Yunfeng Sun (aka Alphonse Sun) and Hongnam Cheung (aka
The Hacker News – Read More
The best secure browsers for privacy in 2024
/in General NewsThe best browsers for privacy help protect your online identity with third-party ad blockers, VPNs, and a pledge to never sell your data.
Latest stories for ZDNET in Security – Read More
A Breakthrough Online Privacy Proposal Hits Congress
/in General NewsWhile some states have made data privacy gains, the US has so far been unable implement protections at a federal level. A new bipartisan proposal called APRA could break the impasse.
Security Latest – Read More
US Environmental Protection Agency Allegedly Hacked, 8.5M User Data Leaked
/in General NewsBy Waqas
Another day, another data breach targeting critical infrastrcuture in the United States!
This is a post from HackRead.com Read the original post: US Environmental Protection Agency Allegedly Hacked, 8.5M User Data Leaked
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Enterprise AI Security Firm TrojAI Raises $5.75M in Seed Funding
/in General NewsTrojAI, a provider of enterprise AI security solutions, announced a $5.75 million funding round of additional seed capital and the appointment of Lee Weiner as CEO.
The post Enterprise AI Security Firm TrojAI Raises $5.75M in Seed Funding appeared first on SecurityWeek.
SecurityWeek – Read More