Latest Cybersecurity News and Articles

---

EchoStrike: Generate Undetectable Reverse Shells, Perform Process Injection

EchoStrike features an interactive Python wizard for easy customization, various persistence techniques, binary padding for evasion, AES payload encryption, and dynamic binary download.

---

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

North Korean hackers are using RustDoor malware to target cryptocurrency users on LinkedIn, posing as recruiters for legitimate decentralized finance (DeFi) companies like STON.fi.

---

Chrome Switching to NIST-Approved ML-KEM Quantum Encryption

Google is updating Chrome's post-quantum cryptography to defend against quantum computer attacks. The new encryption system, ML-KEM, replaces Kyber for enhanced security.

---

Supply Chain Attack on Google Cloud Composer Could Have Resulted in Remote Code Execution

Google has addressed a critical security flaw in Google Cloud Platform (GCP) Composer that could have allowed remote code execution via a supply chain attack known as dependency confusion.

---

Critical Vulnerability in AutoGPT Puts Over 166,000 Projects at Risk

A critical vulnerability, CVE-2024-6091 (CVSS 9. 8), has been found in AutoGPT, a popular AI tool with over 166,000 projects at risk. The flaw allows for OS Command Injection, potentially enabling unauthorized actions.

---

Rising Clipper Malware Attacks Target Cryptocurrency Users

The malicious software called ClipBankers can monitor clipboard activity and replace cryptocurrency addresses with those controlled by attackers, diverting digital asset transfers to rogue wallets.

---

Zero-Click Calendar Invite: Critical macOS Vulnerability Chain Uncovered

The vulnerability, tracked as CVE-2022-46723, enables attackers to manipulate files within the macOS Calendar app environment and execute remote code during system upgrades.

---

80% of critical infrastructure entities affected by email breaches

New research discusses the state of email security amongst critical infrastructure organizations.

---

23andMe Pledges $30 Million to the 6.4 Million People Affected by Data Breach

23andMe has pledged $30 million to compensate the 6.4 million people affected by a data breach in October 2023. The breach occurred when a hacker used stolen credentials to access a significant amount of account information, including health data.

---

Trends and Dangers in Open-Source Software Dependencies

A report by Endor Labs highlighted that, despite high remediation costs for dependency risks, function-level reachability analysis offers the best value for addressing vulnerabilities in open-source software.

---

Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure

Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information.

---

6% of media websites have robust bot protection

Bot security was analyzed in a recent report by DataDome, finding that more than 65% of websites are unprotected against simple bot attacks.

---

Russia’s RT News Agency Has ‘Cyber Operational Capabilities,’ Assists in Military Procurement, State Department Says

Russia's RT news agency is involved in covert cyber operations to assist in military procurement and spread propaganda globally, according to the U.S. State Department. It has a cyber unit with operational capabilities linked to Russian intelligence.

---

Hacker Tricked ChatGPT Into Providing Detailed Instructions to Make a Homemade Bomb

A hacker tricked ChatGPT into providing detailed instructions on how to make homemade bombs by bypassing safety guidelines. The hacker used a 'jailbreaking' technique, posing the request as part of a fictional game, to deceive the system.

---

Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense

Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs). "Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)," David Adrian, David Benjamin, Bob Beck, and Devon O'Brien of the Chrome Team said. "The

---

Strider Secures $55M to Fuel AI Growth and Global Expansion

Strider Technologies has secured $55 million in Series C funding to bolster its artificial intelligence research, expand into the government sector, and support global growth.

---

U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation

The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator. "The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and

---

Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts

Meta has announced that it will begin training its artificial intelligence (AI) systems using public content shared by adult users across Facebook and Instagram in the U.K. in the coming months. "This means that our generative AI models will reflect British culture, history, and idiom, and that UK companies and institutions will be able to utilize the latest technology," the social media

---

The Dark Nexus Between Harm Groups and ‘The Com’ – Krebs on Security

Western cybercriminals in online groups, like Scattered Spider, target vulnerable teens, pushing them towards harm and violence. The Com, a cybercriminal network, fosters extortion and violence among its members.

---

Metabase Q Raises $11M in Series A Extension Funding

Metabase Q, an IT cybersecurity management company based in San Francisco, has raised $11M in its Series A extension funding. Backers include SYN Ventures and John Watters.