lemmydev2

Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is insecure, you’d be able to spy on lots of wealthy or important people. And maybe even steal their luggage. Researchers at the firm CyberX9 found that simple bugs in Airportr’s website allowed them to access virtually all of those users’ personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US...

What once took place in the dark corners of the internet is now a sprawling ecosystem of illicit activity operating in plain sight - and one Cambodia-based operation seems to have made a lot of it possible. (Source: Bloomberg)

Workers on joint US/UK/Australia nuclear submarine program are painting a target on themselves The Director-General of Security at the Australian Security Intelligence Organization (ASIO) has lamented the fact that many people list their work in the intelligence community or on sensitive military projects in their LinkedIn profiles.…

A sophisticated attack technique was uncovered where cybercriminals exploit free trials of Endpoint Detection and Response (EDR) software to disable existing security protections on compromised systems.  This method, dubbed BYOEDR (Bring Your Own EDR), represents a concerning evolution in defense evasion tactics that leverage legitimate security tools as weapons against themselves. Key Takeaways1. Attackers use […] The post Hackers Weaponizing Free Trials of EDR to Disable Existing EDR Protections appeared first on Cyber Security News.

CISA releases Thorium, an open-source tool for malware and forensic analysis, now available to analysts in government, public, and private sectors. CISA has released Thorium, a new open-source platform designed to support malware and forensic analysis. The platform was designed in collaboration with Sandia National Laboratories, the US Agency presented it as a scalable, open-source platform […]

Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin. [...]

OpenAI scrambles to remove personal ChatGPT conversations from Google results.

Won't someone think of the King of Ink?!

Margaret Attridge / Courthouse News Service: A US jury finds Meta violated the California Invasion of Privacy Act when it intentionally recorded the health data of women via the period tracking app Flo  —  The jury got to decide how seriously Big Tech takes privacy, the attorney for a class of Flo users said in closing arguments.

Our tests have shown there are ways to get around the promised security improvements exclusive  Microsoft Recall, the AI app that takes screenshots of what you do on your PC so you can search for it later, has a filter that's supposed to prevent it from screenshotting sensitive info like credit card numbers. But a The Register test shows that it still fails in many cases, creating a potential treasure trove for thieves.…

Cybersecurity researchers have successfully demonstrated how Large Language Model (LLM) honeypots can effectively deceive threat actors into revealing their attack methodologies and malicious payloads. In a recent breakthrough incident, an SSH-based LLM honeypot managed to capture a real threat actor who unknowingly interacted with the artificial intelligence system, believing they had compromised a legitimate server […] The post LLM Honeypot’s Can Trick Threat Actors to Leak Binaries and Known Exploits appeared first on Cyber Security News.

US semiconductor giant is trying to revive sales in the country.