Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

In Other News: $350 Million Google Settlement, AI-Powered Fraud, Cybersecurity Funding 

Noteworthy stories that might have slipped under the radar: $350 million Google+ data leak settlement, AI used for fraud, 2023 cybersecurity funding report. 

Cybersecurity News tidbits

SecurityWeek’s cybersecurity roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:

Underground service generates realistic fake IDs

An underground service called OnlyFake allegedly uses neural networks to generate realistic photos of fake IDs for just $15. 404 Media has tested the service and reported that it produces fake IDs nearly instantly, and warned that it could streamline bank fraud and the laundering of stolen funds.

Deepfake CFO tricks finance worker into sending $25 million to fraudsters

A finance worker in Hong Kong was tricked into making a $25 million payment to fraudsters posing as his company’s chief financial officer on a video call using deepfake AI technology. In fact, all members of the staff that were on that call were deepfakes.

Advertisement. Scroll to continue reading.

Black Hunt ransomware uses leaked LockBit code

The Black Hunt ransomware, which recently hit roughly 300 companies in Paraguay, appears based on leaked LockBit code, Rapid7 says. Written in C++, a recent sample widely “reuses the leaked Lockbit ransomware code and shares similarities with several other recently spotted ransomware families”. Black Hunt disables Windows security measures, limiting user control, deletes shadow copies, and attempts to spread to network shares. 

Pennsylvania Courts website disrupted by cyberattack

The Pennsylvania Courts’ website fell victim to a denial-of-service (DoS) attack, rendering parts of it unavailable. “At this time, there is no indication that any court data was compromised, and our courts will remain open and accessible to the public,” Chief Justice of Pennsylvania Debra Todd said in a February 4 statement. The website appears to remain down for the time being.

Cybersecurity funding in Q4 2023

DataTribe’s cybersecurity funding insights report for the fourth quarter of 2023 shows that $89 billion were invested across approximately 6,400 deals last year, the lowest figures in the past five years. 

Google agrees to $350 million settlement in Google+ data leak lawsuit

Google has agreed to pay $350 million to settle a shareholder lawsuit related to a 2018 Google+ bug exposing private data associated with as many as 500,000 accounts. As part of the settlement, Google denied any wrongdoing and highlighted finding no evidence that the exposed data was misused.

Internet-exposed Confluence server numbers skewed by honeypots

A Shodan search for internet-exposed Confluence servers that could be vulnerable to remote attacks returns over 200,000 results, but an analysis conducted by VulnCheck shows that a vast majority are actually honeypots. Only approximately 4,000 instances are real Confluence servers.

OpenSSF and CISA provide framework for package repository security

OpenSSF and CISA have teamed up to create a framework for package repository security. The organizations have identified a “taxonomy of package repositories and a set of principles for their security capabilities” Package repositories should strive to adhere to the described best practices.

OT/IoT threat landscape assessment

Nozomi Networks has published a report assessing the OT/IoT threat landscape in the second half of 2023. The report looks at reported vulnerabilities, malware and other types of intrusions, as well as botnets.

Patches

SonicWall has patched an authentication bypass vulnerability in Gen7 firewalls running SonicOS 7.1.1-7040 Image. Google has fixed two high-severity flaws in Chrome. VMware has addressed five vulnerabilities in Aria Operations for Networks, including privilege escalation and XSS bugs. 

Related: In Other News: Palo Alto Loses Patent Lawsuit, Identity Firms Get Funding, Government Hackers

Related: In Other News: Secure Use of AI, HHS Hacking, CISA Director Swatting

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Artificial Intelligence

Microsoft and Mitre release Arsenal plugin to help cybersecurity professionals emulate attacks on machine learning (ML) systems.

Application Security

Thinking through the good, the bad, and the ugly now is a process that affords us “the negative focus to survive, but a positive...

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...