433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Legitimate looking npm packages found hosting TurkoRat infostealer

Despite efforts taken in recent years to proactively monitor public software repositories for malicious code, packages that bundle malware continue to routinely pop up in such places. Researchers recently identified two legitimate looking packages that remained undetected for over two months and deployed an open-source information stealing trojan called TurkoRat. Effective use of typosquatting on malicious npm packages Attackers attempt to trick users into downloading malicious packages in several ways, and typosquatting is one of the most popular because it doesn’t take a lot of effort. This technique involves copying a legitimate package, adding malicious code to it and publishing it with a different name that’s a variation of the original in the hope that users will find it when searching for the real package. To read this article in full, please click here
http://news.poseidon-us.com/SpJnGn

Apple restricts ChatGPT, GitHub Copilot use over data worries: report

The company limited use of the AI tools for some employees amid concerns over confidential data, the Wall Street Journal reported Friday.
http://news.poseidon-us.com/SpJmK1

Accessibility should be a cybersecurity priority, says UK NCSC

The UK National Cyber Security Centre (NCSC) has urged businesses and security leaders to make accessibility a cybersecurity priority to help make systems more secure and human errors/workarounds less likely. It can also aid in meeting legal requirements, delivering better operational outcomes, and attracting and retaining more diverse talent, according to the NCSC. However, there are various examples of cybersecurity being presented in a way that is inaccessible for a lot of people, particularly for those with disabilities, the NCSC wrote in a new post on its website. This has negative effects on both businesses and employees, including making systems less secure, hindering security awareness, and limiting access to diverse skills. To read this article in full, please click here
http://news.poseidon-us.com/SpHL5f

Europe: The DDoS battlefield

DDoS attacks appear to reflect major geo-political challenges and social tensions and have become an increasingly significant part in the hybrid warfare arsenal, according to Arelion. As the Ukrainian authorities sought a safe harbour for digital state registries and databases, Arelion saw the distribution of attacks move away from active conflict areas into global cloud centres – both as a result of damage to local network infrastructure, but also as local databases and applications were … More → The post Europe: The DDoS battlefield appeared first on Help Net Security.
http://news.poseidon-us.com/SpGWFM

Meta announces AI training and inference chip project

Into its second generation.
http://news.poseidon-us.com/SpFtF5

BT to cut up to 55,000 jobs by 2030

As fibre and AI arrive.
http://news.poseidon-us.com/SpFpmF

OX Security adds ChatGPT plugin for AppSec

OX Security, an application security vendor, now has a plugin for ChatGPT, allowing users to leverage the power of the headline-making generative AI assistant to protect the software supply chain, generate personalized security recommendations and remedy security issues quickly. The Israel-based company, in a press release issued yesterday, said that generative AI has already altered the security landscape, and not for the better. AI models, according to OX, have been used to seek out new vulnerabilities and draft phishing messages, among other things. To read this article in full, please click here
http://news.poseidon-us.com/SpFc3X

Cisco fixes critical flaws in Small Business Series Switches

Nine vulnerabilities – 4 of them critical – have been found in a variety of Cisco Small Business Series Switches. PoC exploit code is available (but not public), and there is no indication that they are being exploited in the wild. About the vulnerabilities The critical vulnerabilties (CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, CVE-2023-20189) can be triggered via the switches’ web-based user interface, and may enable a remote attacker without authentication to run arbitrary code on a vulnerable … More → The post Cisco fixes critical flaws in Small Business Series Switches appeared first on Help Net Security.
http://news.poseidon-us.com/SpDJhk

ISC Stormcast For Thursday, May 18th, 2023 https://isc.sans.edu/podcastdetail/8502, (Thu, May 18th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/SpCVQg