Blog

07Oct 2024 by

Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection

Actualités
Google has announced that it's piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil. The enhanced fraud protection feature aims to keep users safe when they attempt to install malicious apps from sources other than the Google Play Store, such as web browsers, messaging apps,
Read More
07Oct 2024 by

THN Cybersecurity Recap: Top Threats and Trends (Sep 30 – Oct 6)

Actualités
Ever heard of a "pig butchering" scam? Or a DDoS attack so big it could melt your brain? This week's cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans. Get the scoop before it's too late! ⚡ Threat of the Week Double Trouble: Evil Corp & LockBit Fall: A consortium of international law enforcement agencies took steps to arrest four
Read More
07Oct 2024 by

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

Actualités
A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4. "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute
Read More
07Oct 2024 by

E.U. Court Limits Meta’s Use of Personal Facebook Data for Targeted Ads

Actualités
Europe's top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious consequences for ad-driven companies operating in the region. "An online social network such as Facebook cannot use all of the personal data
Read More
05Oct 2024 by

A Single Cloud Compromise Can Feed an Army of AI Sex Bots (Krebs on Security)

Actualités, Sécurité
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape. Image: Shutterstock. Researchers at security firm Permiso Security say attacks against generative artificial intelligence (AI) infrastructure like Bedrock from Amazon Web Services (AWS) have increased markedly over the last six months, particularly when someone in the organization accidentally exposes their cloud credentials or key online, such as in a code repository like GitHub. Investigating the abuse of AWS accounts for several organizations, Permiso found attackers had seized on stolen AWS credentials…
Read More
05Oct 2024 by

Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability

Actualités
Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with
Read More
05Oct 2024 by

A Single Cloud Compromise Can Feed an Army of AI Sex Bots (Krebs on Security)

Actualités, Sécurité
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape. Image: Shutterstock. Researchers at security firm Permiso Security say attacks against generative artificial intelligence (AI) infrastructure like Bedrock from Amazon Web Services (AWS) have increased markedly over the last six months, particularly when someone in the organization accidentally exposes their cloud credentials or key online, such as in a code repository like GitHub. Investigating the abuse of AWS accounts for several organizations, Permiso found attackers had seized on stolen AWS credentials…
Read More
05Oct 2024 by

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Actualités
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape. Image: Shutterstock. Researchers at security firm Permiso Security say attacks against generative artificial intelligence (AI) infrastructure like Bedrock from Amazon Web Services (AWS) have increased markedly over the last six months, particularly when someone in the organization accidentally exposes their cloud credentials or key online, such as in a code repository like GitHub. Investigating the abuse of AWS accounts for several organizations, Permiso found attackers had seized on stolen AWS credentials…
Read More