-
Incident response playbooks: Turning theoretical plans into effective real-life responses
Most organisations take pride in their Incident Response (IR) playbooks, which are often stored neatly on shared drives or in binders, ready for emergencies. However, when a real breach occurs, these meticulously crafted documents frequently fall short. Phone numbers may be outdated, escalation paths unclear, and team roles uncertain. In the midst of an active…
-
CometJacking: Single Click Transforms Perplexity’s Comet AI Browser into Data Stealer
Cybersecurity researchers have unveiled a new attack method known as CometJacking, which specifically targets Perplexity’s agentic AI browser, Comet. This attack involves embedding malicious prompts within seemingly harmless links to extract sensitive data from connected services, such as email and calendar applications. Michelle Levy, Head of Security Research at LayerX, emphasised that “CometJacking shows how…
-
First malicious AI-MCP server discovered
Security researchers have identified what they believe to be the world’s first malicious Model Context Protocol (MCP) server, which has been made available as open source on GitHub, a Microsoft-owned code repository. MCP, created by Anthropic, has faced criticism for its optional security measures and inherent vulnerabilities. This protocol aims to standardise connections between AI…
-
Industrial cellular routers in Australia exploited for smishing attacks
A popular make of industrial cellular routers, with nearly 10,000 devices connected to the Internet in Australia alone, is being exploited by attackers for short messaging service (SMS) text spam, commonly known as smishing. French security vendor Sekoia discovered earlier this year that the application programming interface (API) of hundreds of Milesight cellular routers was…
-
Phishing is shifting from email to mobile – Is your staff training keeping up?
With the alarming increase in SMS, voice, and QR-code phishing incidents, it is crucial to prioritise the security of mobile users. Cybercriminals are becoming increasingly sophisticated, employing various tactics to exploit vulnerabilities in mobile communication. As more individuals rely on their smartphones for personal and professional interactions, the risk of falling victim to these scams…
-
US government shutdown affecting CISA hampers threat-intelligence sharing
The recent lapse in critical information sharing at the Cybersecurity and Infrastructure Security Agency (CISA) has raised significant concerns among stakeholders. This breakdown in communication hampers the agency’s ability to effectively respond to emerging threats and protect vital infrastructure. As cyber threats continue to evolve, the need for timely and accurate information sharing becomes increasingly…
-
New self-replicating WhatsApp malware called SORVEPOTEL
Brazilian users have become the primary target of a new self-propagating malware campaign, codenamed SORVEPOTEL by Trend Micro. This malware exploits the trust associated with the popular messaging app WhatsApp to extend its reach across Windows systems. Researchers, including Jeffrey Francis Bonaobra, Maristel Policarpio, Sophia Nilette Robles, Cj Arsley Mateo, Jacob Santos, and Paul John…
-
Ransomware-As-A-Service (RAAS) malware changing tactics – again
Threat analysts at the cyber security firm Barracuda have noted a shift in tactics employed by the Akira ransomware-as-a-service operation. This shift involves moving away from custom malware tools to utilising living-off-the-land techniques. Barracuda’s Managed XDR team recently mitigated an Akira ransomware attack that attempted to evade detection by exploiting existing tools within the target’s…
-
When loading a machine learning model means loading an assailant
Organisations often underestimate the risks associated with downloading and loading machine learning models, similar to the caution exercised when opening unfamiliar email attachments or downloading random apps. A recent study by Researchers from Politecnico Di Milano revealed that loading a shared model can pose risks comparable to executing untrusted code. Their tests identified six previously…
-
Android spyware masquerading as Signal encryption plugins
Cybersecurity researchers have identified two Android spyware campaigns, named ProSpy and ToSpy, which impersonate popular applications like Signal and ToTok to target users in the United Arab Emirates (U.A.E.). Slovak cybersecurity firm ESET reported that these malicious apps are distributed through deceptive websites and social engineering tactics, tricking unsuspecting users into downloading them. Once installed,…
