The North Korean APT37 hacking group uses a new ‘FadeStealer’ information-stealing malware containing a ‘wiretapping’ feature, allowing the threat actor to snoop and record from victims’ microphones. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
The North Korean APT37 hacking group uses a new ‘FadeStealer’ information-stealing malware containing a ‘wiretapping’ feature, allowing the threat actor to snoop and record from victims’ microphones. […] Read More
BleepingComputer
French Cybercriminal Pleads Guilty for Hacking Corporate Data
In a significant development in the realm of cybercrime, a 22-year-old French citizen, Sebastien Raoult, also known as Sezyo Kaizen, has pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft in the U.S. District Court in Seattle.
This case sheds light on a sophisticated cybercriminal operation that utilized phishing emails and deceptive tactics to breach corporate systems, resulting in a total loss estimated to exceed $6 million for victim companies.
Sebastien Raoult’s journey through the legal system began with his arrest in Morocco last year.
Following his apprehension, he was subsequently sent back to the United States in January 2023 to face charges related to cybercrimes committed alongside two co-conspirators.
The accusation, handed down by a grand jury in the Western District of Washington in June 2021, marked the start of legal proceedings against the cybercriminal trio.
Document
FREE Demo
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
The modus operandi of Raoult and his co-conspirators involved hacking into the protected computers of corporate entities to rob confidential information and customer records.
This collection of data included personally identifiable information and sensitive financial details.
The cybercriminals targeted numerous companies, spanning across Washington State, the broader United States, and even international entities.
Following successful intrusions, a user operating under the false name “ShinyHunters” posted the stolen data for sale on dark web forums, including RaidForums, EmpireMarket, and Exploit.
One particularly harmful aspect of this operation was the threat posed by ShinyHunters. If victims failed to meet ransom demands, ShinyHunters threatened to leak or sell the stolen sensitive files.
This added an element of extortion to the cybercriminals’ activities, increasing the pressure on affected companies to comply with their demands.
The core of Raoult and his co-conspirators’ strategy was the creation of fake login pages that mimicked legitimate businesses.
These deceptive websites were used to send phishing emails to unsuspecting company employees.
These emails were crafted to appear as if they originated from genuine businesses and contained links to fraudulent login pages.
Unaware victims then provided their account sign-on credentials on these fake pages. Armed with these stolen login details, the cybercriminals infiltrated victims’ accounts, accessed sensitive data, and scoured the stolen information for additional credentials to access further data within companies’ networks and third-party service providers, including cloud storage services.
The impact of this cybercriminal operation was extensive, with hundreds of millions of customer records compromised and a staggering estimated loss of over $6 million for the victim companies.
Raoult now faces the consequences of his actions, with the conspiracy to commit wire fraud carrying a maximum sentence of 27 years in prison.
Additionally, aggravated identity theft mandates a mandatory minimum two-year prison term to follow any other sentences imposed.
The FBI Seattle Cyber Task Force was pivotal in investigating this complex case, while Assistant United States Attorney Miriam R. Hinman led the prosecution.
The Department of Justice’s Office of International Affairs provided substantial assistance, highlighting the global reach of this cybercrime.
The collaborative efforts of Moroccan and French authorities were also instrumental in advancing this case.
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.
The post French Cybercriminal Pleads Guilty for Hacking Corporate Data appeared first on Cyber Security News.
Cyber Security News
Smashing Security podcast #388: Vacuum cleaner voyeur, and pepperoni pact blocks payout
Join us as we delve into the world of unexpected security breaches and legal loopholes, where your robot vacuum cleaner might be spying on you, and ordering a pizza could cost you your right to sue.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault. Read More
Google Revealed RETVec to Defend Malicious Emails & Spam for Gmail Users
The text-to-dense representation techniques vary, evolving from character bi-grams to advanced subword vectorizers, combating OOV challenges like adversarial attacks and typos.
As the strategies include subword-level tokenization and decomposing unknown words into n-grams for effective neural network training.
Researchers at Google recently developed and unveiled a new resilient and efficient text vectorizer dubbed “RETVec,” which will defend Gmail users against malicious emails and spam.
Document
Protect Your Storage With SafeGuard
StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.
RETVec is an efficient, multilingual, next-gen text vectorizer with built-in adversarial resilience. This next-gen text vectorizer is resilient to character-level manipulations like-
Insertion
Deletion
Typos
Homoglyphs
LEET substitution
There are two layers in the RETVec character encoder, and here below, we have mentioned those layers:-
Integerizer layer
Binarizer layer
RETVec architecture (Source – Arxiv)
RETVec uses a unique character encoder, handling UTF-8 efficiently. It effortlessly supports 100+ languages without lookup tables or fixed vocabulary. Also, being a layer, it seamlessly fits into any TF model without extra pre-processing.
RETVec Binarizer boosts word representation but lacks competitiveness. Researchers enhance it with a small model, boosting accuracy and outperforming others.
TensorFlow models easily employ RETVec for string vectorization in just one line. Besides this, the raw strings were handled with built-in pre-processing.
Moreover, this system also works perfectly for on-device mobile and web use cases since it supports the:-
TFJS
TF Lite
Researchers tested RETVec against adversarial content using a Google spam filter. Swapping SentencePiece with RETVec improved spam detection by 38% at a 0.80% false positive rate, reducing latency by 30%.
This suggests RETVec is competitive for real-world tasks, boosting confidence in its effectiveness.
How to optimize RETVec for better multilingual skills, robustness, and smaller models in large language models (LLMs) is a key question. For smaller LLMs, where the vocabulary layer can be over 20% of the parameters, RETVec eliminates it.
Yet, using RETVec in generative models poses challenges, as its 256-float embedding doesn’t directly convert to softmax output. A new training method compatible with text generation is needed.
Experimenting with character-by-character decoding and the VQ-VAE model renders indecisive results. Future work addresses these limitations and explores RETVec’s use as a word embedding, replacing GloVe and word2vec and training text similarity models with its character encoder.
To install the latest TensorFlow version of RETVec, you can use “pip”:-
pip install retvec
Besides this, on TensorFlow 2.6+ and Python 3.8+, the RETVec has already been tested.
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.
The post Google Revealed RETVec to Defend Malicious Emails & Spam for Gmail Users appeared first on Cyber Security News.
Cyber Security News