Boletim semanal de cibersegurança Strati de 06 a 12 de Janeiro
11/01/2024Boletim semanal de cibersegurança Strati de 19 a 26 de Janeiro
26/01/2024Meta admits using pirated books to train AI, but won’t pay for it
The company is preparing a fair use-based defense after using copyrighted material. Training advanced AI models with proprietary material has become a controversial issue. Many companies now face legal challenges from authors and media organizations in court. Meta admitted to using the well-known “pirate” dataset, Books3, yet the company is reluctant to compensate writers adequately.
Mais de 170 mil firewalls SonicWall expostos a DoS, 10 mil só no Brasil
Firewalls da empresa estão com a interface de gerenciamento exposta online e vulneráveis a ataques de negação de e possíveis ataques de execução remota de código, segundo relatório.
Google Warns of Chrome Browser Zero-Day Being Exploited
The exploited zero-day, tagged as CVE-2024-0519, is described as an out-of-bounds memory access issue in the V8 JavaScript engine. Google has pushed out an urgent Chrome browser update to fix a trio of high-severity security defects and warned that one of the bugs is already being exploited in the wild.
Yakult Confirms Cyber Attack: Over 95 GB of data Leaked on Dark Web
The biggest producer of probiotic drinks in the world, Yakult, was the target of a significant that exposed private data and corporate records on the dark web. The threat actor DragonForce claims to have accessed over 95GB of Yakult data and is believed to be responsible for the issue. This “cyber incident” impacted the IT systems of the business in New Zealand and Australia.
3 Ransomware Group Newcomers to Watch in 2024
The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 4,368 cases.
Método iShutdown identifica spyware em iPhones incluindo Pegasus e Predator
A Kaspersky, que analisou um conjunto de iPhones comprometidos com o Pegasus, disse que as infecções deixaram vestígios em um arquivo chamado “Shutdown.log”, um arquivo de log do sistema baseado em texto disponível em todos os dispositivos iOS e que registra cada evento de reinicialização junto com suas características ambientais.
Atividade global de botnets tem alta significativa em janeiro
Investigadores de segurança descobriram um aumento significativo na atividade global de botnets entre dezembro de 2023 e a primeira semana de janeiro de 2024, com picos observados superiores a 1 milhão de dispositivos.
Bosch enfrenta vulnerabilidades críticas em termostatos e ferramentas inteligentes
Foram divulgadas múltiplas vulnerabilidades de segurança nos termostatos Bosch BCC100 e nas chaves de torque inteligentes Rexroth NXA015S-36V-B da Bosch, que, se exploradas com sucesso, podem permitir que atacantes executem códigos arbitrários nos sistemas afetados.
US Gov Issues Warning for Androxgh0st Malware Attacks
A joint advisory from CISA and the FBI warns about Androxgh0st malware attacks ensnaring devices in a botnet. The US cybersecurity agency CISA and the FBI have issued a joint advisory warning about the Androxgh0st malware creating a botnet to identify and target vulnerable networks.
Russian APT Known for Phishing Attacks Is Also Developing Malware, Google Warns
A Russian threat group named ColdRiver, which is known for its phishing attacks, has also been developing custom malware, Google warned on Thursday. The internet giant has shared indicators of compromise (IoCs) and YARA rules to help defenders detect and analyze the threat.