Cloudflare builds an AI to lead AI scraper bots into a horrible maze of junk content
Cloudflare has created a bot-busting AI to make life hell for AI crawlers. The network-taming company built the tool after noticing that almost one percent of all requests to access web content that it can see now come from AI crawler bots. Those bots are probably scraping data that’s gathered up to train AI models. Web site operators can in theory block AI crawlers using various means such as a robots.txt file or changing web server settings to disallow visits from bots. Some even use CAPTCHAs to test whether visitors to a site are human, or adopt software designed to stymie bots.
IBM scores perfect 10 … vulnerability in mission-critical OS AIX
IBM “strongly recommends” customers running its Advanced Interactive eXecutive (AIX) operating system apply patches after disclosing two critical vulnerabilities, one of which has a perfect 10 severity score. The two vulnerabilities, CVE-2024-56346 (10) and CVE-2024-56347 (9.6), both allow remote attackers to execute arbitrary commands. IBM’s security bulletin states that both are caused by improper process controls (CWE-114). IBM has never specified the number of clients on AIX, but third-party sources suggest around 9,000 organizations use the OS, which is generally deployed in critical applications powering high-value industries.
US removes sanctions against Tornado Cash crypto mixer
The U.S. Department of Treasury announced today that it has removed sanctions against Tornado Cash, a cryptocurrency mixer used by North Korean Lazarus hackers to launder hundreds of millions stolen in multiple crypto heists. The Department’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash in August 2022 for helping launder over $7 billion since its creation in 2019. However, a Monday court filing linked in today’s press release shows that a Fifth Circuit U.S. federal appeals court ruled on November 26, 2024, that OFAC “overstepped its congressionally defined authority” when it sanctioned the crypto mixer.
A Win for Encryption: France Rejects Backdoor Mandate
In a moment of clarity after initially moving forward a deeply flawed piece of legislation, the French National Assembly has done the right thing: it rejected a dangerous proposal that would have gutted end-to-end encryption in the name of fighting drug trafficking. Despite heavy pressure from the Interior Ministry, lawmakers voted Thursday night (article in French) to strike down a provision that would have forced messaging platforms like Signal and WhatsApp to allow hidden access to private conversations. The vote is a victory for digital rights, for privacy and security, and for common sense.
Oracle denies breach after hacker claims theft of 6 million data records
Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from the company’s Oracle Cloud federated SSO login servers. “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data,” the company told BleepingComputer. This statement comes after a threat actor known as rose87168 released multiple text files yesterday containing a sample database, LDAP information, and a list of the companies that they claimed were stolen from Oracle Clouds’ SSO platform.
AI-Generated Zoom Impersonation Attack Exploits Tax Season to Deploy Remote Desktop Tool
Cybercriminals are now using the same AI-powered tools trusted by developers to craft near-flawless imitations of well-known brands—and delivering these deceptions with strategic timing and precision targeting. Disguised as a routine Zoom meeting invitation related to the 2024 tax season, a campaign recently stopped by Abnormal leveraged generative AI to construct a highly convincing phishing page. However, unlike traditional credential-harvesting scams, these attacks attempted to deceive targets into downloading a remote monitoring and management (RMM) tool—granting threat actors full control over their devices.
