News

There you are doing your stollen credit card number shopping, like you do every Sunday. You come across a big batch of them, and the deal seems good. How do you know these things are real? I mean this isn’t exactly Amazon with reviews and a return policy. This is a dark web marketplace. The answer to your dilemma is to use a card checking service. One of, if not the, most popular services on the darker side of the web was Try2Check. I say was since this system was taken down by the US Government this week in what has been described as a multi-national operation.

DLL sideloading is a common technique for attackers to use when getting their malware in place and has been in use since around 2010. Simply put your malicious DLL in the same directory as the application and Windows in all its helpfulness loads it first instead of the legitimate one that might be in another directory. This method is also referred to as DLL search order hijacking. With the age of this technique and advances in EDR/MDR its usefulness has decreased.

There is an old adage that says compliance is not a substitute for security. You can check all the compliance check boxes, pass audits, and still end up with an insecure environment. Level Finance Crypto found this out the hard way after they were hacked due to a vulnerability in how some of their smart contracts were set up, despite passing more than one IT Security Audit.

A recent incident where ChatGPT users at Samsung unknowingly exposed sensitive data via ChatGPT has raised concerns in multiple industries. The banking and finance industry saw several companies put a stop on the use of ChatGPT and certain regulators began investigating how its use could leak PII, or other financial information. To combat this new obstacle to business adoption, Microsoft is looking to offer a private business model which would exclude user input from being used to train the LLM.