A high-stakes clash between the US government and Anthropic over autonomous cybersecurity capabilities has triggered a sudden global shutdown of advanced AI models.
Category: cybercrime/malcode
WhatsApp phishing attack uses fake business docs to hack PCs
An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access.
The threat actor is using file names that indicate business and financial documents delivered by the victim’s contacts, whose accounts had been compromised.
By downloading and executing the malicious attachments, the recipient starts an infection chain that leads to installing the legitimate ManageEngine Endpoint Central, which is used by IT administrators to manage systems from a centralized dashboard.
Klue OAuth breach victim list grows as Icarus hackers claim attack
Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers’ Salesforce environments, as the new “Icarus” extortion group publicly claims the attack.
The disclosure comes after cybersecurity firms Huntress and ReliaQuest detailed how attackers abused compromised Klue Battlecards integrations to steal Salesforce CRM data from multiple organizations.
In a statement published this week, Klue CEO Jason Smith confirmed that the company discovered unauthorized activity on June 12 affecting part of Klue’s integration infrastructure.
Spin-orbit torque hardware creates random keys and reveals unauthorized access attempts
The information exchanged by modern devices is typically protected by cryptographic techniques, approaches that convert readable data into scrambled, unreadable code that can only be deciphered by authorized parties or devices. To descramble encrypted data, devices or accounts need access to randomly generated cryptographic keys, unique, randomly generated sequences of binary code, letters or numbers that are essential for encrypting or decrypting data.
To detect cyberattacks, most traditional hardware security systems monitor the power consumption, electrical signals or other changes in devices. However, cyberattackers have devised effective techniques that sometimes allow them to bypass these systems’ defenses.
Researchers at Huazhong University of Science and Technology and Hubei University recently introduced a new hardware security system based on spin-orbit torque (SOC) devices, technologies that operate by leveraging both electrical charge and a quantum property known as electron spin.
Klue OAuth breach linked to ‘Icarus’ Salesforce data theft attacks
Market intelligence platform Klue suffered a OAuth breach that enabled the “Icarus” threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign.
Sources told BleepingComputer of the attack yesterday, telling us that numerous organizations had their Salesforce data stolen and were now being extorted by the relatively new extortion group.
Cybersecurity firms ReliaQuest and Huntress have both published reports confirming the security incident, with Huntress stating that their Salesforce data was stolen in the attack.