Cybercrime/malcode – Lifeboat News: The Blog

Oct 26
2024

SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures

SEC charges four companies for misleading disclosures regarding the SolarWinds cyberattack, imposing fines totaling $6 million.

Oct 23
2024

Internet Archive Finally Returns (In Read-Only Mode) After Devastating Hack

Hackers made off with the info of 31 million users.

Oct 21
2024

DNA records of millions of Americans could be exposed amid 23andMe turmoil

A huge data breach followed by a plummeting valuation has stoked fears of a sale of 23andMe along with all of its customers’ genetic data.

Oct 21
2024

Hacker tricks ChatGPT into giving out detailed instructions for making homemade bombs

When I was a kid we had the anarchist cookbook.

But an artist and hacker found a way to trick ChatGPT to ignore its own guidelines and ethical responsibilities to produce instructions for making powerful explosives.

The hacker, who goes by Amadon, called his findings a “social engineering hack to completely break all the guardrails around ChatGPT’s output.” An explosives expert who reviewed the chatbot’s output told TechCrunch that the resulting instructions could be used to make a detonatable product and was too sensitive to be released.

Oct 21
2024

Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials

Unknown hackers exploited a patched Roundcube XSS flaw in phishing attacks to steal sensitive credentials.

Oct 20
2024

EU Commission adopts initial cybersecurity rules to enhance critical digital infrastructure resilience

The European Commission adopted on Thursday the initial implementing rules on cybersecurity of critical entities and networks under the Directive on measures for a high common level of cybersecurity across the Union. The NIS2 Directive addresses cybersecurity risk management measures and cases in which an incident should be considered significant and companies providing digital infrastructures and services should report it to national authorities. The move is seen as another major step in boosting the cyber resilience of Europe’s critical digital infrastructure.

The implementing regulation will apply to specific categories of companies providing digital services, such as cloud computing service providers, data center service providers, online marketplaces, online search engines, and social networking platforms, to name a few. For each category of service providers, the implementing act also specifies when an incident is considered significant.

Adopting the implementing regulation coincides with the deadline for Member States to transpose the NIS2 Directive into national law. As of Oct. 18, 2024, all Member States must apply the measures necessary to comply with the NIS2 cybersecurity rules, including supervisory and enforcement measures. The implementing regulation will be published in the Official Journal in due course and enter into force 20 days thereafter.