Month: May 2024
CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities | CISA
- by nlqip
Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software—impacting critical infrastructure sectors, including the Healthcare…
Read MoreThe U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury’s Office of Foreign Assets Control…
Read More“We’re at $100 billion-plus annualized revenue run rate, yet 85 percent or more of the global IT spend remains on-premises,” said Andy Jassy, Amazon’s CEO and former longtime leader of AWS. Amazon’s CEO Andy Jassy says AWS’ generative AI strategy is accelerating companies to ditch their on-premises IT environments in favor of the cloud, with…
Read MoreCISA released two Industrial Control Systems (ICS) advisories on May 07, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link lol
Read MoreNew Attack on VPNs This attack has been feasible for over two decades: Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named…
Read MoreThis article is covering effects of the people tracking applications over the “telegram-nearby-map” project on GitHub. This open-source project allows users to track the approximate location of other Telegram users within a specified radius, raising significant concerns about privacy and potential misuse. Functionality and Concerns The tool leverages Telegram’s “People Nearby” feature, which allows users…
Read MoreThe funding was led by major names of Silicon Valley venture capital including Andreessen Horowitz and comes after Wiz executives signaled an intensified push with channel partners. Wiz on Tuesday announced $1 billion in new funding at a $12 billion valuation as the four-year-old company sees surging growth in the cloud and AI security markets.…
Read MoreKara Swisher has been covering Silicon Valley since the early days, and she’s made a ton of enemies the old fashioned way (by telling the truth about the new robber barons of our digital lives). In a new memoir called Burn Book, she pulls the curtain back on a world run by powerful babies. Is…
Read MoreUpdates on Lightspeed, OpenShift AI and Red Hat’s partnership with Nvidia are some of the major news made this week at Summit. Lightspeed expansion. Red Hat OpenShift AI enhancements. And deeper partnerships with the likes of Stability AI, Oracle and Nvidia. These are some of the biggest news items from the Raleigh, N.C.-based open source…
Read MoreThe FBI, UK National Crime Agency, and Europol have unveiled sweeping indictments and sanctions against the admin of the LockBit ransomware operation, with the identity of the Russian threat actor being revealed for the first time. According to a new indictment by the US Department of Justice and a press release by the NCA, the LockBit ransomware operator…
Read MoreRecent Posts
- Fake AI video generators infect Windows, macOS with infostealers
- T-Mobile confirms it was hacked in recent wave of telecom breaches
- GitHub projects targeted with malicious commits to frame researcher
- NSO Group used another WhatsApp zero-day after being sued, court docs say
- Ingram Micro’s Sahoo: ‘Don’t React To AI.’ Act On AI’