Author Archives: [email protected]

OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda

OpenAI on Friday said it banned a set of accounts linked to what it said was an Iranian covert influence operation that leveraged ChatGPT to generate content that, among other things, focused on the upcoming U.S. presidential election. “This week we identified and took down a cluster of ChatGPT accounts that were generating content for […]

Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts

A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications. “Multiple security missteps were present in the course of this campaign, including the following: Exposing environment variables, using long-lived credentials, and absence

4 Steps for a Unified, Effective, and Continuous Compliance Program

Originally published by Scrut Automation.Regulatory Maze is Turning Everyone into a Lost Tourist The growing complexity of regulatory requirements has led to fragmentation in compliance programs across organizations of all sizes. Efforts to develop and enforce consolidated compliance programs still lack coordination and standardization, further deepening the security and compliance gaps ripe for exploitation and […]

Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web

A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a now-defunct dark web marketplace called Slilpp. Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty to one count of conspiracy to commit bank fraud and wire fraud earlier this […]

Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware

Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot and StealC. The activity cluster, orchestrated by Russian-speaking cybercriminals and collectively codenamed Tusk, is said to encompass several sub-campaigns, leveraging the reputation of the platforms to trick users into downloading the