Infosec.Pub

Workers on joint US/UK/Australia nuclear submarine program are painting a target on themselves The Director-General of Security at the Australian Security Intelligence Organization (ASIO) has lamented the fact that many people list their work in the intelligence community or on sensitive military projects in their LinkedIn profiles.…

Won't someone think of the King of Ink?!

Margaret Attridge / Courthouse News Service: A US jury finds Meta violated the California Invasion of Privacy Act when it intentionally recorded the health data of women via the period tracking app Flo  —  The jury got to decide how seriously Big Tech takes privacy, the attorney for a class of Flo users said in closing arguments.

OpenAI scrambles to remove personal ChatGPT conversations from Google results.

A sophisticated attack technique was uncovered where cybercriminals exploit free trials of Endpoint Detection and Response (EDR) software to disable existing security protections on compromised systems.  This method, dubbed BYOEDR (Bring Your Own EDR), represents a concerning evolution in defense evasion tactics that leverage legitimate security tools as weapons against themselves. Key Takeaways1. Attackers use […] The post Hackers Weaponizing Free Trials of EDR to Disable Existing EDR Protections appeared first on Cyber Security News.

Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin. [...]

CISA releases Thorium, an open-source tool for malware and forensic analysis, now available to analysts in government, public, and private sectors. CISA has released Thorium, a new open-source platform designed to support malware and forensic analysis. The platform was designed in collaboration with Sandia National Laboratories, the US Agency presented it as a scalable, open-source platform […]

Our tests have shown there are ways to get around the promised security improvements exclusive  Microsoft Recall, the AI app that takes screenshots of what you do on your PC so you can search for it later, has a filter that's supposed to prevent it from screenshotting sensitive info like credit card numbers. But a The Register test shows that it still fails in many cases, creating a potential treasure trove for thieves.…

The Guardian’s review of records found:

Out of nine “assault” and “impeding” felony cases the justice department filed immediately after the start of the protests and promoted by the attorney general, Pam Bondi, prosecutors dismissed seven of them soon after filing the charges. In reports that led to the detention and prosecution of at least five demonstrators, Department of Homeland Security (DHS) agents made false statements about the sequence of events and misrepresented incidents captured on video. One DHS agent accused a protester of shoving an officer, when footage appeared to show the opposite: the officer forcefully pushed the protester. One indictment named the wrong defendant, a stunning error that has jeopardized one of the government’s most high-profile cases.

US semiconductor giant is trying to revive sales in the country.

Cybersecurity researchers have successfully demonstrated how Large Language Model (LLM) honeypots can effectively deceive threat actors into revealing their attack methodologies and malicious payloads. In a recent breakthrough incident, an SSH-based LLM honeypot managed to capture a real threat actor who unknowingly interacted with the artificial intelligence system, believing they had compromised a legitimate server […] The post LLM Honeypot’s Can Trick Threat Actors to Leak Binaries and Known Exploits appeared first on Cyber Security News.