Security Weekly NewsSubscribe
Vulnerability Management, ICS/SCADA, AI/ML

Electric Sheep, Exchange, Darcula, NuGet, Rockwell, FTX, Aaran Leyland, and More – SWN #373

AI Dreams of Electric Sheep, Exchange, Darcula, NuGet, Rockwell, FTX, Aaran Leyland, and More, on this edition of the Security Weekly News.

Full episode and show notes

Hosts

Professor at Roger Williams University
  1. 1. Germany warns of 17K vulnerable Microsoft Exchange servers exposed online
  2. 2. New Darcula phishing service targets iPhone users via iMessage
  3. 3. Odd NuGet package for industrial equipment raises espionage concerns
  4. 4. Apple ID ‘push bombing’ scam campaign hits cyber startup founders
  5. 5. Rockwell Automation posts advisories on 10 new bugs
  6. 6. AI bots hallucinate software packages and devs download them
  7. 7. AI hustlers stole women’s faces to put in ads. The law can’t help them.
  8. 8. FTX fraudster Sam Bankman-Fried sentenced to 25 years in prison
Cyber security lead EMEA at Defence
  1. 1. U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation

    The recent indictment by the U.S. Department of Justice against seven Chinese nationals marks a significant milestone in the complex arena of global cybersecurity and espionage. These individuals are accused of participating in a protracted 14-year cyber espionage campaign, allegedly acting on behalf of the Chinese government. This operation, purportedly orchestrated by a hacking group known as APT31, targeted a diverse range of entities including U.S. and foreign critics, journalists, businesses, and political figures, reflecting a concerted effort to further China’s economic espionage and foreign intelligence agendas.

    As a cybersecurity professional deeply entrenched in the study and mitigation of digital threats, the breadth and depth of this operation are both fascinating and alarming. APT31’s activities, characterized by sophisticated malware deployment, meticulous attack infrastructure management, and precise surveillance operations, underscore the evolving landscape of state-sponsored cyber threats. The group’s association with the Wuhan Xiaoruizhi Science and Technology Company, a front allegedly used to mask the Ministry of State Security’s cyber operations, illustrates the lengths to which nations may go to disguise their digital espionage endeavors.

Related

Fortinet, Palo Alto, VMWare – PSW #852

Fast cars kill people, Apple 0-Days, memory safety, poisoning the well, babble babble and malware that tries really hard to be stealthy, Palto Alto and Fortinet have some serious new vulnerabilities, open-source isn't free, but neither is commercial software, get on the TPM bus, find URLs with stealth, stealing credentials with more Palto Alto and ...