433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | [email protected] | Office: (727) 493-2351

Week in review: KeePass vulnerability, Apple fixes exploited WebKit 0-days

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409) Apple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit 0-day that “may have been actively exploited.” Google Cloud CISO on why the Google Cybersecurity Certificate matters In this Help Net Security interview, Phil Venables, CISO … More → The post Week in review: KeePass vulnerability, Apple fixes exploited WebKit 0-days appeared first on Help Net Security.
http://news.poseidon-us.com/SpMsl4

Phishing Kit Collecting Victim’s IP Address, (Sat, May 20th)

While reviewing my last findings today, I found a phishing email that delivered a classic .shtml file called “PROFORMA INVOICE.shtml”. Right now, nothing special, emails like this one are widespread. When you open the file in a sandbox, it reveals a classic form:
http://news.poseidon-us.com/SpL1Vj

VA opts into Special Salary Rate for IT workforce regardless of unclear governmentwide rollout

The Department of Veterans Affairs is rolling out a new pay model for its IT and cybersecurity employees later this year — whether or not a governmentwide effort to increase tech workers’ salaries moves forward.
http://news.poseidon-us.com/SpJt7m

Legitimate looking npm packages found hosting TurkoRat infostealer

Despite efforts taken in recent years to proactively monitor public software repositories for malicious code, packages that bundle malware continue to routinely pop up in such places. Researchers recently identified two legitimate looking packages that remained undetected for over two months and deployed an open-source information stealing trojan called TurkoRat. Effective use of typosquatting on malicious npm packages Attackers attempt to trick users into downloading malicious packages in several ways, and typosquatting is one of the most popular because it doesn’t take a lot of effort. This technique involves copying a legitimate package, adding malicious code to it and publishing it with a different name that’s a variation of the original in the hope that users will find it when searching for the real package. To read this article in full, please click here
http://news.poseidon-us.com/SpJnGn

Apple restricts ChatGPT, GitHub Copilot use over data worries: report

The company limited use of the AI tools for some employees amid concerns over confidential data, the Wall Street Journal reported Friday.
http://news.poseidon-us.com/SpJmK1

Accessibility should be a cybersecurity priority, says UK NCSC

The UK National Cyber Security Centre (NCSC) has urged businesses and security leaders to make accessibility a cybersecurity priority to help make systems more secure and human errors/workarounds less likely. It can also aid in meeting legal requirements, delivering better operational outcomes, and attracting and retaining more diverse talent, according to the NCSC. However, there are various examples of cybersecurity being presented in a way that is inaccessible for a lot of people, particularly for those with disabilities, the NCSC wrote in a new post on its website. This has negative effects on both businesses and employees, including making systems less secure, hindering security awareness, and limiting access to diverse skills. To read this article in full, please click here
http://news.poseidon-us.com/SpHL5f

Europe: The DDoS battlefield

DDoS attacks appear to reflect major geo-political challenges and social tensions and have become an increasingly significant part in the hybrid warfare arsenal, according to Arelion. As the Ukrainian authorities sought a safe harbour for digital state registries and databases, Arelion saw the distribution of attacks move away from active conflict areas into global cloud centres – both as a result of damage to local network infrastructure, but also as local databases and applications were … More → The post Europe: The DDoS battlefield appeared first on Help Net Security.
http://news.poseidon-us.com/SpGWFM

Meta announces AI training and inference chip project

Into its second generation.
http://news.poseidon-us.com/SpFtF5

BT to cut up to 55,000 jobs by 2030

As fibre and AI arrive.
http://news.poseidon-us.com/SpFpmF