Good afternoon

A security vulnerability impacting a significant number of LG smart TVs was recently disclosed. This flaw could allow attackers to remotely seize control of susceptible devices. Researchers at Bitdefender discovered two critical vulnerabilities (CVE-2023-6317 and CVE-2023-6318) that, when combined, could grant unauthorized users complete control over a targeted LG smart TV.

Even though the cybersecurity pros I work with haven't fallen for the latest LinkedIn scam, seeing it hit my inbox made me realize just how dangerous and believable these attacks are. The sophistication of this one surprised even me, and that's concerning.

A hacking competition called Pwn2Own 2024 in Vancouver awarded over $1.1 million to participants who discovered vulnerabilities in various software and devices. This security competition incentivizes hackers to discover and report vulnerabilities in widely used software and devices.

Cybercriminals are looking for ways to integrate large language models (LLMs) into their attacks, and they have three main options: trying to bypass the safeguards on existing LLMs, building their own LLMs, or using uncensored open-source models.

In a proactive measure to enhance user security, Google has announced an update to its Chrome browser, effectively patching a series of vulnerabilities, including the zero-day flaw CVE-2024-3159, unveiled at the Pwn2Own hacking contest in March 2024.

It’s been three months since the Securities and Exchange Commission’s cyber disclosure rules took effect and rather than creating a deluge of incident revelations, only a trickle has emerged.

APIs were the target of 29% of web attacks in 2023, with cybercriminals exploiting the swiftly growing API economy for new avenues of attack, according to a report from Akamai.

DDoS attacks against the financial services sector historically accounted for about 10-15% of all attacks, however that trend began to rise in 2021, the FS-ISAC and Akamai found.

The NIST Cybersecurity Framework (CSF) 2.0, an evolution of its predecessor, is a comprehensive guide designed to assist organizations across various sectors in managing and mitigating cybersecurity risks effectively.

Google’s new Security Command Center Enterprise (SCC Enterprise) could streamline cloud risk management through AI automation, saving security teams time, experts say. Enhanced with Mandiant threat intelligence and generative AI, SCC Enterprise aims to offer comprehensive insights across the cloud security lifecycle.

Lookout recently discovered an advanced phishing kit exhibiting novel tactics to target cryptocurrency platforms as well as the Federal Communications Commission (FCC) via mobile devices.

The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates’ money by pretending the FBI seized their site and infrastructure.

Despite arrests, infrastructure seizure and international law enforcement efforts, LockBit ransomware has resurfaced, promising robust security and threatening aggressive cyber attacks on UK and USA government sectors.

NIST on Feb 26th announced the official release of version 2.0 of its Cybersecurity Framework (CSF), the first major update since its creation a decade ago.

Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks. More simply, Google plans to prevent bad websites on the internet from attacking a visitor's devices (like printers or routers) in your home or on your computer.

Although it's been sitting there since 2000, researchers were just recently able to suss out a fundamental design flaw in a Domain Name System (DNS) security extension, which under certain circumstances could be exploited to take down wide expanses of the Internet.

Apple on Wednesday unveiled PQ3, a new post-quantum cryptographic protocol for iMessage that is designed to protect encrypted communications even against future quantum computing attacks.

Email attacks relying on QR codes surged in the last quarter, with attackers specifically targeting corporate executives and managers, reinforcing recommendations that companies place additional digital protections around their business leadership.

Ransomware operators were especially successful targeting critical zero-day vulnerabilities in widely used IT products.