How Malware Hides in Images and What You Can Do About It

From gizmodo.com

There are plenty of dangers to watch out for when it comes to keeping your devices and your data safe, including viruses, phishing attempts, compromised wifi networks, and rogue USB sticks. Here, we’re going to talk about one of the lesser-known threats: Compromised images.

You might not have realized it, but malware can be injected into digital photos that appear to be perfectly normal. The technique for doing so is known as steganography, or the practice of hiding one file in another, and it’s not always done maliciously. The method takes advantage of the hidden data that comes along with an image, data which isn’t necessarily translated into pixels on your screen.

Read more…

Major Database Security Threats & How You Can Prevent Them

From tripwire.com

Major Database Security Threats & How You Can Prevent Them

Organizations and businesses must use a range of measures, protocols, and tools to protect their databases from cybercriminals. If breached, malicious actors can gain access to sensitive information that they can use for financial gain. Security teams must adapt and constantly improve to protect against ever-evolving security threats, and maintain the integrity of a database.

This article will discuss the major database security threats, and how you can prevent them.

Read more…

American Airlines learned it was breached from phishing targets

From bleepingcomputer.com

American Airlines

American Airlines says its Cyber Security Response Team found out about a recently disclosed data breach from the targets of a phishing campaign that was using an employee’s hacked Microsoft 365 account.

As the airline said in filings with the Office of the New Hampshire Attorney General, after receiving these phishing reports, American’s CIRT discovered unauthorized activity in the company’s Microsoft 365 environment.

The investigation also revealed the attacker accessed multiple employees’ accounts (also compromised via phishing attacks) and used them to send more phishing emails to targets American has not yet disclosed.

Read more…

NullMixer: oodles of Trojans in a single dropper

From malware.news

NullMixer is a dropper leading to an infection chain of a wide variety of malware families. NullMixer spreads via malicious websites that can be found mainly via search engines. These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper.

It looks like these websites are using SEO to stay at the top of search engine results, making them easy to find when searching the internet for “cracks” and “keygens”. When users attempt to download software from one of these sites, they are redirected multiple times, and end up on a page containing the download instructions and archived password-protected malware masquerading as the desired piece of software. When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine. These malware families may include backdoors, bankers, credential stealers and so on. For example, the following families are among those dropped by NullMixer: SmokeLoader/Smoke, LgoogLoader, Disbuk, RedLine, Fabookie, ColdStealer.

Read more…

Phishing attacks skyrocketing, over 1 million observed

From helpnetsecurity.com

phishing activity trends 2022

The APWG’s Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks — the worst quarter for phishing that APWG has ever observed.

The total for June was 381,717 attacks or phishing sites. The number of phishing attacks reported has quadrupled since early 2020 — when APWG was observing between 68,000 and 94,000 attacks per month.

Read more…

AI won’t take coders’ jobs. Humans still rule for now

From theregister.com

IN BRIEF AI probably won’t replace software engineers, but will dramatically change the way they work in the future especially if they can instruct machines using natural language to generate code.

Several organizations – from OpenAI and Microsoft to Amazon and research labs like DeepMind – have trained neural networks to learn how to code. A recent survey of more than 2,000 developers by GitHub found that the vast majority of respondents found GitHub’s Copilot helped increase their productivity since the AI tool can act like a super-autocomplete, helping devs write boilerplate code for programs more quickly.

But will programmers’ jobs be taken by machines in the future? “I don’t believe AI is anywhere near replacing human developers,” Vasi Philomin, Amazon’s vice president for AI services, told IEEE Spectrum.

Read more…