Netizen Blog and News
The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.
Category: Technology
-
The year 2023 marked a significant surge in phishing attacks targeting cryptocurrency wallets, highlighting the increasing sophistication of cybercriminal activities in the blockchain space. These attacks, impacting a wide range of networks including Ethereum, Binance Smart Chain, Polygon, Avalanche, and nearly 20 others, have led to substantial financial losses, totaling nearly $295 million stolen from…
-
In a significant cybersecurity development, ESET, a leading Slovak cybersecurity firm, has unearthed a deceptive network of 18 malicious loan apps, collectively known as “SpyLoan.” These apps, designed to exploit users seeking financial services, have been downloaded over 12 million times. Primarily targeting regions in Southeast Asia, Africa, and Latin America, SpyLoan apps masquerade as…
-
AI training data poisoning is a form of cybersecurity threat that targets the integrity of machine learning models by deliberately inserting misleading or harmful data into the training set. This tactic can compromise the model’s accuracy, leading to incorrect or manipulated outputs. Nightshade, a tool developed by Ben Zhao’s team at the University of Chicago,…
-
On Thursday, the Office of Foreign Assets Control (OFAC) under the U.S. Department of the Treasury announced sanctions against the North Korean-affiliated group Kimsuky, along with eight international agents accused of aiding in evading sanctions. These sanctions, imposed against the North Korean cyberespionage group, (which is also known as APT43) mark a significant step in…
-
Functioning as a Telegram bot-based toolkit, Telekopye, an e-commerce threat vector, streamlines the execution of advanced phishing operations. It enables perpetrators, referred to as ‘Neanderthals’, to deploy a range of tactics including spear-phishing through crafted HTML pages, domain spoofing, and social engineering via SMS and email phishing campaigns. This toolkit marks a significant escalation in…
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken a significant step towards enhancing the cybersecurity posture of the nation’s critical infrastructure sectors. The agency has announced the launch of an innovative pilot program, aimed at extending cutting-edge cybersecurity shared services to critical infrastructure entities, especially those most in need of such support. This…
-
Cryptocurrency wallets, particularly those created between 2011 and 2015, have recently been thrust into the spotlight due to a significant vulnerability known as “Randstorm.” This vulnerability has raised concerns across the cryptocurrency community, highlighting the risks associated with outdated software and insufficient security measures in digital asset management. What is the Randstorm Vulnerability? The Randstorm…
-
The discovery of CVE-2023-22518 presents a significant concern for organizations using Confluence Data Center and Server. Atlassian has granted the vulnerability a 10/10 CVSS score based on an internal assessment, however the NVD has yet to provide a score. This is the second major vulnerability discovered in Atlassian Confluence over the past few weeks; CVE-2023-22515,…
-
Overview: Phish Tale of the Week Often times phishing campaigns, created by malicious actors, target users by utilizing social engineering. For example, in this text message, the actors are appearing as USPS, the United States Postal Service, and informing you that action needs to be taken regarding your delivery. The message politely explains that “USPS”…
-
The GPU.zip vulnerability, discovered by researchers from Carnegie Mellon Software and Societal Systems and detailed in their research paper titled “GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression,” jeopardizes the security of numerous graphics processing units (GPUs). This side-channel attack exploits an inherent weakness associated with graphical data compression in integrated GPUs (iGPUs).…
Netizen Blog and News 