09 December 2023
■ Hackers Hit Erris Water in Stance Over Israel
Cybercriminals target a private water scheme in the Erris area, impacting 180 homeowners, raising concerns about politically motivated cyber-attacks on critical infrastructure.
■ Researchers Automated Jailbreaking of LLMs With Other LLMs
Researchers introduce TAP, an automated machine learning technique capable of exploiting vulnerabilities in large language models (LLMs), potentially producing harmful or toxic responses.
■ Bypassing Major EDRs Using Pool Party Process Injection Techniques
A newly identified technique utilizes Windows thread pools, employing a series of primitives for memory allocation and executing malicious code, bypassing major EDRs and posing new challenges in cybersecurity.
■ ALPHV Ransomware Site Outage Rumored to Be Caused by Law Enforcement
Speculation suggests a law enforcement operation might be behind the recent outage affecting ALPHV ransomware gang websites, potentially disrupting their operations.
■ Norton Healthcare Discloses Data Breach After May Ransomware Attack
Norton Healthcare in Kentucky confirms a data breach resulting from a May ransomware attack, exposing personal information of patients, employees, and their dependents, highlighting healthcare sector vulnerabilities.
■ Privilege Elevation Exploits Used in Over 50% of Insider Attacks
Reports indicate elevation of privilege flaws as the primary vulnerability exploited by corporate insiders for unauthorized network activities, emphasizing the significance of securing privileged access.
■ Amazon Sues REKK Fraud Gang That Stole Millions in Illicit Refunds
Amazon's legal action targets a fraudulent refund scheme stealing millions of dollars in products from Amazon's platforms, showcasing the ongoing challenges in combating fraudulent activities online.
■ New 5Ghoul Attack Impacts 5G Phones with Qualcomm, MediaTek Chips
"5Ghoul" vulnerabilities in Qualcomm and MediaTek 5G modems affect over 710 5G smartphone models and devices, potentially exposing a wide range of users to security risks.