Every Sunday, NPR host Will Shortz, The New York Times’ crossword puzzle guru, gets to quiz thousands of listeners in a long-running segment called the Sunday Puzzle. While written to be solvable without too much foreknowledge, the brainteasers are usually challenging even for skilled contestants. That’s why some experts think they’re a promising way to…
Category: Research
Cybersecurity, Exploits, Global Security News, Microsoft, phishing, Research, Russia, Threat Intelligence, Threats, Volexity
Threat researchers spot ‘device code’ phishing attacks targeting Microsoft accounts
Microsoft threat researchers discovered a series of what they are calling “device code” phishing attacks that allowed a suspected Russia-aligned threat group to gain access to and steal data from critical infrastructure organizations, the company said in research released Thursday. The group, which Microsoft tracks as Storm-2372, has targeted governments, IT services and organizations operating…
china, cisco, Cisco IOS XE, Cybersecurity, Exploits, Five Eyes, Global Security News, nation state threats, nation-state hackers, Recorded Future, Research, routers, Salt Typhoon, Threats, vulnerabilities
Salt Typhoon remains active, hits more telecom networks via Cisco routers
Salt Typhoon, the Chinese nation-state threat group linked to a spree of attacks on U.S. and global telecom providers, remains active in its intrusion and has hit multiple additional networks worldwide, including two in the United States, Recorded Future said in a report released Thursday. Recorded Future’s Insikt Group observed seven compromised Cisco network devices communicating…
CVE, Cybersecurity, Exploits, Global Security News, Microsoft, Microsoft Threat Intelligence Center, Research, Russia, Seashell Blizzard, Threats, Uncategorized, vulnerabilities
Russian state threat group shifts focus to US, UK targets
A subgroup of Seashell Blizzard has shifted its focus to targets in the U.S., Canada, Australia and the U.K. within the past year, expanding the scope of its malicious activity, Microsoft’s threat intelligence team said in a report released Wednesday. The initial-access operation, which Microsoft tracks as the “BadPilot campaign,” has allowed the Russian state…
AI, ChatGPT, Climate, energy consumption, energy usage, environment, environmental impact, epoch, epoch ai, Global IT News, Global Security News, openai, Research, study
ChatGPT may not be as power-hungry as once assumed
ChatGPT, OpenAI’s chatbot platform, may not be as power-hungry as once assumed. But its appetite largely depends on how ChatGPT is being used, and the AI models that are answering the queries, according to a new study. A recent analysis by Epoch AI, a nonprofit AI research institute, attempted to calculate how much energy a…
AI, Global IT News, Global Security News, Research
Is AI making us dumb?
Researchers from Microsoft and Carnegie Mellon University recently published a study looking at how using generative AI at work affects critical thinking skills. “Used improperly, technologies can and do result in the deterioration of cognitive faculties that ought to be preserved,” the paper states. When people rely on generative AI at work, their effort shifts…
AI, Artificial Intelligence, CISO, cyber security, Cybersecurity, GenAI, Global Security News, it teams, Research, Security, sophos, study
IT Teams Worry About Increasing Cost of Cyber Tools From AI Features, While Criminals Barely Use Them
Most IT leaders believe generative AI will increase the cost of their security tools, according to Sophos research. But, by the looks of cyber crime forums, hackers are barely using AI.
AI, Benchmark, Global IT News, Global Security News, NPR, npr sunday puzzle, reasoning model, Research, sunday puzzle
These researchers used NPR Sunday Puzzle questions to benchmark AI ‘reasoning’ models
Every Sunday, NPR host Will Shortz, The New York Times’ crossword puzzle guru, gets to quiz thousands of listeners in a long-running segment called the Sunday Puzzle. While written to be solvable without too much foreknowledge, the brainteasers are usually challenging even for skilled contestants. That’s why some experts think they’re a promising way to…
CVE, CVSS, Cybersecurity, Exploits, Global Security News, MITRE, National Vulnerability Database, NIST, Research, Threats, vulnerabilities
Infosec pros: We need CVSS, warts and all
A key pillar of a strong cybersecurity program is identifying vulnerabilities in the complex mix of software programs, packages, apps, and snippets driving all activities across an organization’s digital infrastructure. At the heart of spotting and fixing these flaws is the widely used Common Vulnerability Scoring System (CVSS), maintained by a nonprofit called the Forum…
Amazon Web Services (AWS), cloud computing, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, open source, Research, S3 bucket, SSL, VPN gateway, watchTowr Labs
Here’s all the ways an abandoned cloud instance can cause security issues
There is a line of thought among the public that “the internet is forever.” A security company published research Tuesday that showed why “forever” can be a security nightmare. Over the course of four months, cybersecurity researchers at watchTowr monitored and ultimately took control of what they referred to as “abandoned” digital infrastructure, focusing on…
Cybercrime, Cybersecurity, Exploits, Global Security News, intezer, Research, Solis Security, Threats, VeraCore, XE Group, zero days
From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts
A cybercriminal organization that has been operating for over a decade has moved from credit-card skimming to exploiting zero-day vulnerabilities, according to a joint investigation by cybersecurity firms Solis Security and Intezer. The group, tracked as XE Group, now poses heightened risks to global supply chains, particularly in manufacturing and distribution sectors, by leveraging stealthier…
Blog, Exploits, Global Security News, Research, Security Bloggers Network
Hackers Hijack JFK File Release: Malware & Phishing Surge
Veriti Research has uncovered a potentially growing cyber threat campaign surrounding the release of the declassified JFK, RFK, and MLK files. Attackers are capitalizing on public interest in these historical documents to launch potential malware campaigns, phishing schemes, and exploit attempts. Our research indicates that cybercriminals are quick to react to major public events, and…
Cybersecurity, DARPA, Exploits, firmware, Global Security News, Government, Innovation, Research, Technology
DARPA wants to create ‘self-healing’ firmware that can respond and recover from cyberattacks
Imagine, for a moment, that your network is hit with ransomware. One of your employees clicked on a malicious link and now your network is compromised, data is encrypted and most of the organization’s systems are locked or offline. Then imagine if instead of assembling an incident response team, notifying the board and contacting law…
AI, Cloud, Cybersecurity, Global IT News, Global Security News, Research, Technology, Threat Intelligence
Vulnerability in popular AI developer could ‘shut down essentially everything you own’
A popular platform for developing AI systems has patched an easily exploitable vulnerability that would have given an attacker remote code execution privileges. Researchers at application security firm Noma detail how the flaw, embedded in Javascript code for Lightning.AI’s development platform, could be manipulated to give an attacker virtually unfettered access to a user’s cloud…
Aikido Security, Amplify, Arnica, Cybersecurity, endor labs, Global Security News, Jit, Kodem, Legit Security, Mobb, open source, OpenGrep, Orca Security, Research, security testing, Semgrep, Static Analysis, Technology
Open-source security spat leads companies to join forces for new tool
A conflux of open-source developers and application security companies has been embroiled in a complex debate after a recent change in the licensing policy of a widely used static code analysis tool, resulting in a faction of organizations creating a new, open-source rival. The issue started with a recent change in the licensing policy of…
AI, ai industry, AI research, Global IT News, Global Security News, pressure, Research, researchers, stress
The AI industry’s pace has researchers stressed
To outside observers, AI researchers are in an enviable position. They’re sought after by tech giants. They’re taking home eye-popping salaries. And they’re in the hottest industry of the moment. But all this comes with intense pressure. More than half a dozen researchers TechCrunch spoke with, some of whom requested anonymity for fear of reprisals,…
Blog, Global Security News, Research, Security Bloggers Network
Japanese Companies Threatened by DPRK IT Workers
Nisos Japanese Companies Threatened by DPRK IT Workers The Japanese government warned domestic companies in March 2024 about contracting North Korean (DPRK) IT workers posing as Japanese nationals to earn cash, as it is suspected… The post Japanese Companies Threatened by DPRK IT Workers appeared first on Nisos by Nisos The post Japanese Companies Threatened…
AI, ChatGPT, DDoS, Exploits, Global Security News, openai, Research, Technology, Threats
‘Severe’ bug in ChatGPT’s API could be used to DDoS websites
A vulnerability in ChatGPT’s API can generate DDoS attacks against targeted websites, but the security researcher who discovered it says the flaw has since been addressed by OpenAI. In a security advisory posted to the developer platform GitHub, German security researcher Benjamin Flesch detailed the bug, which occurs when the API is processing HTTP POST…
botnets, CloudFlare, Cybersecurity, DDoS, Global Security News, Internet of Things (IoT), Mirai, Qualys, Research, Threats
CloudFlare detected (and blocked) the biggest DDoS attack on record
Web infrastructure and security company Cloudflare says it detected the biggest Distributed Denial-of-Service (DDoS) attack ever recorded, a 5.6 terabits per second (Tbps) attack directed at an internet service provider (ISP) in Eastern Asia. Despite the staggering volume of the attack, Cloudflare successfully managed and mitigated it without human intervention. The company said in research…
AI, benchmarks, Global IT News, Global Security News, hallucinations, LLMs, Research, TC
AI isn’t very good at history, new paper finds
Top LLMs performed poorly on a high-level history test, a new paper has found. © 2024 TechCrunch. All rights reserved. For personal use only.
Blog, Global Security News, Research, Security Bloggers Network
Trump’s Digital Footprint: Unveiling Malicious Campaigns Amid Political Milestones
As the political landscape heats up, so does the activity in the cyber threat domain. High-profile events such as inaugurations often become a prime opportunity for cybercriminals to launch malicious campaigns. With Trump’s upcoming inauguration on January 20th, our research sheds light on the digital threats tied to such politically charged events, focusing on previous…
Blog, Global Security News, Research, Security Bloggers Network
The Insider Threat Digital Recruitment Marketplace
Nisos The Insider Threat Digital Recruitment Marketplace Nisos routinely monitors mainstream and alternative social media platforms, as well as cloud-based messaging applications and dark web forums… The post The Insider Threat Digital Recruitment Marketplace appeared first on Nisos by Nisos The post The Insider Threat Digital Recruitment Marketplace appeared first on Security Boulevard.
AI, generative ai, Global IT News, Global Security News, open source, reasoning, Research, sky-t1
Researchers open source Sky-T1, a ‘reasoning’ AI model that can be trained for less than $450
So-called reasoning AI models are becoming easier — and cheaper — to develop. On Friday, NovaSky, a team of researchers based out of UC Berkeley’s Sky Computing Lab, released Sky-T1-32B-Preview, a reasoning model that’s competitive with an earlier version of OpenAI’s o1 on a number of key benchmarks. Sky-T1 appears to be the first truly…
2025, Agentics, AI, AI and Machine Learning in Security, AI and ML in Security, Analytics & Intelligence, Autonomous, cyberattacks, Cybersecurity, General Intelligence, Global Security News, nation-states, openai, predictions, Research, Security Awareness, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, task force, Threat Intelligence
Beware the Rise of the Autonomous Cyber Attacker
AI’s growing sophistication signals a future in which networks can be compromised autonomously, and the industry must prepare for this near-term reality. The post Beware the Rise of the Autonomous Cyber Attacker appeared first on Security Boulevard.
AI, generative ai, Global IT News, Global Security News, Research, synthetic, synthetic data, Training
The promise and perils of synthetic data
Is it possible for an AI to be trained just on data generated by another AI? It might sound like a harebrained idea. But it’s one that’s been around for quite some time — and as new, real data is increasingly hard to come by, it’s been gaining traction. Anthropic used some synthetic data to…
AI, deep learning, Global IT News, Global Security News, quantization, Research, study
A popular technique to make AI more efficient has drawbacks
One of the most widely used techniques to make AI models more efficient, quantization, has limits — and the industry could be fast approaching them. In the context of AI, quantization refers to lowering the number of bits — the smallest units a computer can process — needed to represent information. Consider this analogy: When…
AI, alignment, Anthropic, deception, generative ai, Global IT News, Global Security News, Research, study
New Anthropic study shows AI really doesn’t want to be forced to change its views
AI models can deceive, new research from Anthropic shows — pretending to have different views during training when in reality maintaining their original preferences. There’s no reason for panic now, the team behind the study said. Yet they said their work could be critical in understanding potential threats from future, more capable AI systems. “Our…
AI, generative ai, Global IT News, Global Security News, reasoning, reasoning models, Research
‘Reasoning’ AI models have become a trend, for better or worse
Call it a reasoning renaissance. In the wake of the release of OpenAI’s o1, a so-called reasoning model, there’s been an explosion of reasoning models from rival AI labs. In early November, DeepSeek, an AI research company funded by quantitative traders, launched a preview of its first reasoning algorithm, DeepSeek-R1. That same month, Alibaba’s Qwen…
AI, generative ai, Global IT News, Global Security News, Microsoft, open source, phi-4, Research
Microsoft debuts Phi-4, a new generative AI model, in research preview
Microsoft has announced the newest addition to its Phi family of generative AI models. Called Phi-4, the model is improved in several areas over its predecessors, Microsoft claims — in particular math problem solving. That’s partly the result of improved training data quality. Phi-4 is available in very limited access as of Thursday night: only…
Cybersecurity, Exploits, Geopolitics, Global Security News, Microsoft, Research, Threats, Turla
Turla living off other cybercriminals’ tools in order to attack Ukrainian targets
A Russian nation-state threat actor has been observed leveraging tools from other cybercriminal groups to compromise targets in Ukraine, a recent report by Microsoft Threat Intelligence disclosed. This clandestine approach, which is the second time in as many weeks that Microsoft has highlighted the group’s effort, shows how Turla uses a wide range of attack…
Clop, Exploits, Global Security News, LockBit, MITRE, Ransomware, Research, Technology, Threats
Latest round of MITRE ATT&CK evaluations put cybersecurity products through rigors of ransomware
MITRE Corporation released findings Wednesday from its latest round of ATT&CK evaluations, assessing the capabilities of enterprise cybersecurity solutions against some of the most prevalent ransomware tactics and North Korean malware. The sixth such evaluation from the nonprofit research organization measured 19 different vendors’ ability to protect enterprise systems by evaluating them against two prominent…