Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 13

The European Commission adopted on Thursday the initial implementing rules on cybersecurity of critical entities and networks under the Directive on measures for a high common level of cybersecurity across the Union. The NIS2 Directive addresses cybersecurity risk management measures and cases in which an incident should be considered significant and companies providing digital infrastructures and services should report it to national authorities. The move is seen as another major step in boosting the cyber resilience of Europe’s critical digital infrastructure.

The implementing regulation will apply to specific categories of companies providing digital services, such as cloud computing service providers, data center service providers, online marketplaces, online search engines, and social networking platforms, to name a few. For each category of service providers, the implementing act also specifies when an incident is considered significant.

Adopting the implementing regulation coincides with the deadline for Member States to transpose the NIS2 Directive into national law. As of Oct. 18, 2024, all Member States must apply the measures necessary to comply with the NIS2 cybersecurity rules, including supervisory and enforcement measures. The implementing regulation will be published in the Official Journal in due course and enter into force 20 days thereafter.

Read more | >

Genetic testing company settles with plaintiffs over breach that was revealed when hacker published link to database labeled ‘ashkenazi DNA Data of Celebrities’

The breach, which occurred last October, affected more than 6.9 million customers and included users’ personal details such as their location, name and birthdate, as well as some information about their family trees. That data was shared on BreachForums, an online forum used by cybercriminals.

According to court documents, the data breach was revealed October 6 after a hacker going by the pseudonym Golem, a reference to the Jewish mythical defender made of clay, published a link to a database labeled ashkenazi DNA Data of Celebrities. According to the lawsuit, the hacker referred to the list as the most valuable data you’ll ever see, though most of the names were not famous.

Read more | >

“This makes the scam much harder to spot, as the information provided is personally relevant to the victims, arrives via the expected communication channel, and the linked, fake websites look as expected.”

What’s more, the diversification of the victimology footprint has been complemented by improvements to the toolkit that allow the scammer groups to speed up the scam process using automated phishing page generation, improve communication with targets via interactive chatbots, protecting phishing websites against disruption by competitors, and other goals.

Telekopye’s operations have not been without their fair share of hiccups. In December 2023, law enforcement officials from Czechia and Ukraine announced the arrest of several cybercriminals who are alleged to have used the malicious Telegram bot.

Read more | >

O.o!!!!

OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks.

The report, which focuses on operations since the beginning of the year, constitutes the first official confirmation that generative mainstream AI tools are used to enhance offensive cyber operations.

The first signs of such activity were reported by Proofpoint in April, who suspected TA547 (aka “Scully Spider”) of deploying an AI-written PowerShell loader for their final payload, Rhadamanthys info-stealer.

Continue reading “OpenAI confirms threat actors use ChatGPT to write malware” | >