Phishing spree: Microsoft and Google are the most imitated brands in online scams

Microsoft and Google were the most commonly impersonated brands in phishing attacks in the first quarter of 2024, according to a report from Check Point. Phishing attempts featuring Microsoft accounted for 381 TP3T of attacks in the first quarter of 2024, compared to 111 TP3T for Google.The technology industry continues to be the most impersonated industry in brand phishing, followed by social networking and banking.

Shanghai General Administration of Communications launched a special action on network and data security of Telematics.

Recently, the Shanghai Municipal Communications Bureau issued the "Notice on the Car Network and Data Security Special Action of "Casting Shield Vehicle Link" 2024" has been publicized. The focus of this special action for the production and sales of intelligent networked vehicles in Shanghai, the production enterprises, the operation of car networking related platform service enterprises car networking network facilities and vehicle and road coordination facilities operating enterprises, as well as automated driving function products and solutions service enterprises. This includes the main responsibility for network and data security, car networking network facilities and system security, intelligent networked automobile product security, car networking platform and application service security, car networking data security, automatic driving function security six major directions.

Attackers placed ads on Baidu to spread malicious versions of Notepad++ and vnote

According to the researchers, if a user clicks on an advertisement to enter a website that distributes a malicious version of Notepad++, he or she will immediately notice inconsistencies: the URL contains vnote instead of Notepad++, and the application offered for download is a modified version of Notepad- (a branch of it) by a Chinese developer. Of the Windows, Linux, and macOS versions offered on the website, only the Linux and macOS versions contain malicious code. vnote's phishing site attempts to mimic the official website. If a user installs the malicious version of Notepad-, it tries to install a backdoor program that is supposed to come from the open source program Geacon.

Musk open source participant number of the world's largest AI large model Grok

On March 17, local time, xAI, an artificial intelligence startup under Tesla CEO Elon Musk, officially announced the open source of the large model Grok-1, following the Apache 2.0 protocol to open the model weights and architecture. The official website shows that xAI has open-sourced Grok-1's weights and architecture on the software hosting platform GitHub.
According to the official website, Grok-1 is a hybrid expert model with 314 billion parameters, which is "the largest open source large language model with the largest number of parameters in the world so far". In comparison, public information shows that OpenAI GPT-3.5 has 175 billion parameters, Grok-1 is significantly ahead.

315 evening party exposed cell phone motherboard machine black and gray industry chain

According to the CCTV 3.15 evening party exposure, scrapped cell phone motherboards are used by lawless elements to manufacture into a motherboard machine, the price ranges from more than 3,000 yuan to more than 6,000 yuan, each motherboard machine contains 20 pieces of scrapped cell phone motherboards, the equipment through the casting of the screen can be done by a computer to focus on the operation of 20 cell phones. Equivalent to the network black and grey production of group control technology in another form of evolution, the use of this equipment can be implemented on the network of all kinds of illegal operations, meaning that the network army ability to get upgraded, such as network live data counterfeiting and other uses.

Some Microsoft source code and confidential information leaked in violent attack by Russian APT group

Microsoft disclosed on Friday (March 8) that Midnight Blizzard (aka APT29 or Cozy Bear), an APT group with a Russian background, accessed some of Microsoft's source code repositories and internal systems during the January 2024 hacking incident, but no security incidents were found to have occurred on Microsoft hosted systems or users. Meanwhile the company noted that it has been discovered in recent weeks that Midnight Storm is using previously stolen information to try to gain unauthorized access. Microsoft is continuing to investigate the scope of the security breach and has communicated with users who may have been affected, but has not released to the public exactly what source code and confidential information was stolen.

Attackers attack Windows and Linux systems via Notepad service

Researchers have discovered threat attackers spreading a backdoor Trojan via the Notepad online notepad service. Named "WogRAT" by the industry for the use of the "WingOfGod" string by the operator behind the malware, the malicious code primarily targets Windows (PE format) and Linux (ELF format) systems. When attacking Windows, the malware disguises itself as utilities such as "flashsetup_LL3gjJ7.exe" or "BrowserFixup.exe" to lure victims. According to VirusTotal data, Asian countries and regions such as Hong Kong, Singapore, China and Japan are the main targets of the WogRAT malware. Security researchers suggest that users should avoid using untrusted executables and try to get programs from official sources for their daily work.

UK's largest outsourcing firm loses $232m to ransom attack

UK-based outsourcing firm Capita has reported losses of more than £106.6 million (roughly Rs. 977 million) in 2023, about a quarter of which was directly caused by the ransomware attack it suffered in March of that year. Capita is currently involved in two data breaches, the first being the aforementioned ransomware incident and the second being the AWS S3 storage bucket exposure. Under the UK's data protection laws, if Capita is found to have failed to fulfill its data protection duties in either incident, the company could face fines of up to $4% of its global turnover. As of December 2023, Capita's global turnover was £2.8 billion (roughly Rs. 25.667 billion).

The 'Cybersecurity' Voice at the National People's Congress 2024

The 2024 National People's Congress and the National Committee of the Chinese People's Political Consultative Conference (CPPCC) will be held on March 4 and 5 in Beijing. 2024 is the key year for the comprehensive implementation of the spirit of the 20th CPC National Congress, and it is also the year for the implementation of the "14th Five-Year Plan". As the time of the National People's Congress and the National Committee of the Chinese People's Political Consultative Conference (CPPCC) is determined, the National People's Congress deputies and CPPCC members are also making preparations to participate in the meeting, and strive to bring the hot and difficult issues that are strongly expected by the people and universally concerned to the two sessions, and to promote the high-quality economic and social development, widely gather consensus and strength.

All the sessions of the two sessions, network security has become a hot topic of concern, experts, scholars, corporate gurus have made suggestions, by the industry's high attention. This year, a number of members of the National Committee of the Chinese People's Political Consultative Conference (CPPCC), National People's Congress (NPC) with network security-related proposals, motions, content focusing on cybersecurity education, network security system construction, personal information security, smart city security construction, medical data security, etc., from which we screened some of the most concerned with you briefly share.

Artificial Intelligence Security Report 2024 Released: 30-Fold Surge in Deep AI Forgery Fraud

The Report shows that in 2023, AI-based deep forgery frauds skyrocketed by 30,001 TP3T, and AI-based phishing emails grew by 10,001 TP3T; there have already been more than a dozen cyber-attacks perpetrated by multiple APT organizations with national backgrounds using AI. The malicious use of AI technology will grow rapidly, posing a serious threat in political security, cyber security, physical security and military security. The research shows that 67% of Chinese companies have already begun to explore opportunities for AIGC applications within their organizations or make related capital investments. It is predicted that in 2026, China's AI big model market size will reach $21.1 billion, and AI will enter a critical period of large-scale landing application.