Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Man Arrested for Snowflake Hacking Spree Faces US Extradition

Alexander “Connor” Moucka was arrested this week by Canadian authorities for allegedly carrying out a series of hacks that targeted Snowflake’s cloud customers. His next stop may be a US jail.

Wired
#google#git#intel#auth
Canadian Man Arrested in Snowflake Data Extortions

A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg first reported Moucka's alleged ties to the Snowflake hacks on Monday. At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories used by some of the world’s largest corporations.

ABB Cylon Aspect 3.08.00 Off-By-One

A vulnerability was identified in a ABB Cylon Aspect version 3.08.00 where an off-by-one error in array access could lead to undefined behavior and potential denial of service. The issue arises in a loop that iterates over an array using a less than or equals to condition, allowing access to an out-of-bounds index. This can trigger errors or unexpected behavior when processing data, potentially crashing the application. Successful exploitation of this vulnerability can lead to a crash or disruption of service, especially if the script handles large data sets.

Oh, the Humanity! How to Make Humans Part of Cybersecurity Design

Government and industry want to jump-start the conversation around "human-centric cybersecurity" to boost the usability and effectiveness of security products and services.

Enhance customer experiences with Generative AI

The advent of Generative AI and its application in real-life use cases has been on the cards for…

On Election Day, Disinformation Worries Security Pros the Most

A Dark Reading poll reveals widespread concern over disinformation about election integrity and voter fraud, even as Russia steps up deepfake attacks meant to sow distrust in the voting process among the electorate.

Iranian APT Group Targets IP Cameras, Extends Attacks Beyond Israel

The Iran-linked group Emennet Pasargad aims to undermine public confidence in Israeli and Western nations by using hack-and-leak campaigns and disrupting government services, including elections.

APT36 Refines Tools in Attacks on Indian Targets

The Pakistan-based advanced persistent threat actor has been carrying on a cyber-espionage campaign targeting organizations on the subcontinent for more than a decade, and it's now using a new and improved "ElizaRAT" malware.

Antivirus, Anti-Malware Lead Demand for AI/ML Tools

Companies are attaching the term "AI" to everything these days, but in cybersecurity, machine learning is more than hype.

OWASP Beefs Up GenAI Security Guidance Amid Growing Deepfakes

As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, next-generation threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate.