Cybersecurity

@Techcrunch recently discovered that scammers are impersonating the website’s reporters and event leads, using the TC’s reputation “to try to dupe unsuspecting business.” Rightly so, they’re infuriated. Here’s what’s going on:

https://flip.it/UDj5-P

#Tech #CyberSecurity #Hacking #TechFraud

Critical #Squid #Proxy Vulnerability Enables Remote Code Execution

https://cyberpress.org/critical-squid-proxy-vulnerability/

#cybersecurity

Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open Them in Seconds

https://www.wired.com/story/securam-prologic-safe-lock-backdoor-exploits/

#safe #cybersecurity

#WinRAR zero-day exploited to plant #malware on archive extraction

https://www.bleepingcomputer.com/news/security/winrar-zero-day-flaw-exploited-by-romcom-hackers-in-phishing-attacks/

#cybersecurity

"The core problem is that when people hear a new term they don’t spend any effort at all seeking for the original definition... they take a guess. If there’s an obvious (to them) definiton for the term they’ll jump straight to that and assume that’s what it means.

I thought prompt injection would be obvious—it’s named after SQL injection because it’s the same root problem, concatenating strings together.

It turns out not everyone is familiar with SQL injection, and so the obvious meaning to them was “when you inject a bad prompt into a chatbot”.

That’s not prompt injection, that’s jailbreaking. I wrote a post outlining the differences between the two. Nobody read that either.

The lethal trifecta Access to Private Data Ability to Externally Communicate Exposure to Untrusted Content

I should have learned not to bother trying to coin new terms.

... but I didn’t learn that lesson, so I’m trying again. This time I’ve coined the term the lethal trifecta.

I’m hoping this one will work better because it doesn’t have an obvious definition! If you hear this the unanswered question is “OK, but what are the three things?”—I’m hoping this will inspire people to run a search and find my description.""

https://simonwillison.net/2025/Aug/9/bay-area-ai/

#CyberSecurity #AI #GenerativeAI #LLMs #PromptInjection #LethalTrifecta #MCPs #AISafety #Chatbots

#Google #ProjectZero Changes Its Disclosure Policy

https://www.schneier.com/blog/archives/2025/08/google-project-zero-changes-its-disclosure-policy.html

#cybersecurity

#Microsoft365 apps to soon block file access via #FPRPC by default

https://www.bleepingcomputer.com/news/security/microsoft-365-apps-to-soon-block-file-access-via-insecure-fprpc-legacy-auth-protocol-by-default/

#Microsoft #cybersecurity

#Royal and #BlackSuit #ransomware gangs hit over 450 US companies

https://www.bleepingcomputer.com/news/security/royal-and-blacksuit-ransomware-gangs-hit-over-450-us-companies/

#cybersecurity #cybercrime

#SessionPro Beta: Development Update

https://getsession.org/blog/pro-beta-development-update-august

#cybersecurity #privacy #FOSS #Session

Leak Reveals the Workaday Lives of North Korean IT Scammers

https://www.wired.com/story/leaked-data-reveals-the-workaday-lives-of-north-korean-it-scammers/

#cybersecurity #NorthKorea #surveillance

Fake #WhatsApp developer libraries hide destructive data-wiping code

https://www.bleepingcomputer.com/news/security/fake-whatsapp-developer-libraries-hide-destructive-data-wiping-code/

#malware #cybersecurity #npm #Meta

📊 AI is transforming tech workflows—67% of orgs say so.

The smartest aren’t replacing talent. They’re retraining it.

🔹 Upskilling = 38% faster than hiring
🔹 Boosts retention & innovation

📥 Download the 2025 Tech Talent Report:
https://training.linuxfoundation.org/2025-state-of-tech-talent-report/

#CTO #CIO #AIimplementation #HRStrategy #Cybersecurity #LandD

#CISA orders fed agencies to patch new #Exchange flaw by Monday

https://www.bleepingcomputer.com/news/security/cisa-orders-fed-agencies-to-patch-new-cve-2025-53786-exchange-flaw/

#cybersecurity

#Microsoft's $30 #Windows10 Security Updates Cover 10 Devices

https://it.slashdot.org/story/25/08/07/190249/microsofts-30-windows-10-security-updates-cover-10-devices

#cybersecurity #Windows

#Encryption Made for #Police and #Military Radios May Be Easily Cracked

https://www.wired.com/story/encryption-made-for-police-and-military-radios-may-be-easily-cracked-researchers-find/

#cybersecurity

New #EDR killer tool used by eight different #ransomware groups

https://www.bleepingcomputer.com/news/security/new-edr-killer-tool-used-by-eight-different-ransomware-groups/

#cybersecurity

#SonicWall finds no #SSLVPN zero-day, links #ransomware attacks to 2024 flaw

https://www.bleepingcomputer.com/news/security/sonicwall-finds-no-sslvpn-zero-day-links-ransomware-attacks-to-2024-flaw/

#cybersecurity

#AirFrance and #KLM disclose data breaches impacting customers

https://www.bleepingcomputer.com/news/security/air-france-and-klm-disclose-data-breaches-impacting-customers/

#airline #travel #cybersecurity #privacy #DataBreach #Salesforce

#Microsoft warns of high-severity flaw in hybrid #Exchange deployments

https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-high-severity-flaw-in-hybrid-exchange-deployments/

#cybersecurity

A Single Poisoned Document Could Leak ‘Secret’ Data Via #ChatGPT

https://www.wired.com/story/poisoned-document-could-leak-secret-data-chatgpt/

#cybersecurity #AI #GoogleDrive

"Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment.

The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the Black Hat USA security conference that's being held in Las Vegas.

"We identified a way to abuse an undocumented ECS internal protocol to grab AWS credentials belonging to other ECS tasks on the same EC2 instance," Haziz said in a report shared with The Hacker News. "A malicious container with a low‑privileged IAM [Identity and Access Management] role can obtain the permissions of a higher‑privileged container running on the same host."

Amazon ECS is a fully-managed container orchestration service that allows users to deploy, manage, and scale containerized applications, while integrating with Amazon Web Services (AWS) to run container workloads in the cloud."

https://thehackernews.com/2025/08/researchers-uncover-ecscape-flaw-in.html

#CyberSecurity #Amazon #ECS #Containers #AWS #CloudComputing

#Akira #ransomware abuses #CPU tuning tool to disable #Microsoft #Defender

https://www.bleepingcomputer.com/news/security/akira-ransomware-abuses-cpu-tuning-tool-to-disable-microsoft-defender/

#cybersecurity

#Nvidia warns of “disaster” if it has to put kill switch and #backdoor in chips

https://arstechnica.com/tech-policy/2025/08/nvidia-blasts-proposals-for-chip-backdoors-as-us-considers-kill-switch/

#cybersecurity

Stay secure by avoiding 7 common mistakes when sharing #passwords

https://bitwarden.com/blog/stay-secure-by-avoiding-7-common-password-sharing-mistakes/

#cybersecurity #guide

New #GhostCalls tactic abuses #Zoom and #Microsoft #Teams for C2 operations

https://www.bleepingcomputer.com/news/security/new-ghost-calls-tactic-abuses-zoom-and-microsoft-teams-for-c2-operations/

#cybersecurity #cybercrime