720-891-1663

AI, Alerts, Best Practices, Compliance, Hacks, News Bites, Safety, Security Practices

Security News Update for October 18, 2024

Leave a comment

Now North Korea Using Fake IT Workers to Extort Employers

Scams evolve. Now that the scam concept is public, North Korea is pivoting. They are extorting the companies that hire these North Koreans as IT employees after the employees steal corporate secrets. Read the details here.

SURPRISE! (Not) – OpenAI Confirms Attackers use ChatGPT to Write Malware

In a surprise (to no one) announcement, OpenAI says it has disrupted “over 20” malicious cyber operations abusing ChatGPT, this year. While security companies like Proofpoint have said this was happening, this is the first time OpenAI has admitted it. How many of these operations are out there undetected? Credit: Bleeping Computer

Microsoft Lost Customer Security Logs

Oops! Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorized activity. The loss affected many services including Entra, Sentinel, virtual desktop and others, with the losses being different for each. They are blaming the loss on a software bug. While Microsoft said they have notified all affected customers, some customers disagree and were not notified. Credit: Tech Crunch and Bleeping Computer

September Veeam Patch Now Being Exploited

When the patches come out, so do the hackers. This bug had a score of 9.8 which definitely motivates the bad actors. The bug patch was released on September 4th. The proof of concept exploit hack was released on September 15th. CISA tagged the bug as “known to be used in ransomware campaigns”. Credit: The Record

New Attacks on Intel AND AMD Trusted Execution Environments

Security researchers say they have found ways to attack the secure enclave processors in both Intel and AMD chips. One attack is called CounterSEVeillance; the other is called TDXDown. Intel says the attack is low risk in real world environments, but has released an update. AMD says that the attack works but programmers programming security operations should not be using the compromised instructions and provide guidance on what they should do. How many programmers read the processor chip best practices manuals? Credit: Security Week

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2024 CyberCecurity, All rights reserved. Privacy Policy