Month: July 2024
Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software. Threat researchers at security company AhnLab believe that the threat actors are exploiting CVE-2024-23692, a critical-severity security issue that allows executing arbitrary commands without the need to authenticate. The vulnerability affects versions of the software up to and including 2.3m.…
Read More
Since September 2021, Europol’s European Cybercrime Centre (EC3) assisted the operation with analytical and forensic support and enabled information exchange among all partners. Additionally, law enforcement operated a “malware information sharing platform,” inviting private partners to add real-time threat intelligence to the effort. “Over the span of the whole investigation, over 730 pieces of threat…
Read More
Jul 04, 2024NewsroomVulnerability / Critical Infrastructure Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition. “The [remote code execution] vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load…
Read More
Segment 2: Area hospitals are crowded with people reporting breathing difficulties, and public health officials are encouraging people all over the city to “shelter in place” as a precaution. Headquarters is currently upwind of the explosion. The company needs to decide what to tell its employees to do but isn’t sure whether it has the legal…
Read More
Scams From sending phishing emails to posting fake listings, here’s how fraudsters hunt for victims while you’re booking your well-earned vacation 03 Jul 2024 • , 5 min. read Booking.com has become one of the main go-to platforms for travelers looking for holiday accommodation deals, but also for services like car rentals and airline tickets.…
Read More
Jul 04, 2024NewsroomArtificial Intelligence / Data Privacy Brazil’s data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing users’ personal data to train the company’s artificial intelligence (AI) algorithms. The ANPD said it found “evidence of processing of personal data based on inadequate legal hypothesis, lack of transparency, limitation…
Read More
What CISOs should do now Kaspersky claims 270,000 corporate clients, although, to be clear, that counts every customer in the world. While many of its previous customers have already migrated to other security products, those in the US that are still using their software need to make plans now. “Don’t wait until October, the last…
Read More
A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the Cobalt Strike. The crackdown targeted older, unlicensed versions of the Cobalt Strike red teaming framework between June 24 and 28, according to Europol. Of the 690…
Read More
Jul 04, 2024NewsroomData Breach / Mobile Security Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users’ cell phone numbers. The company said it took steps to secure the endpoint to no longer accept unauthenticated requests. The development…
Read More
In episode four of The AI Fix podcast, Graham and Mark learn there’s a 99.9% chance that AI will wipe out humans within 100 years, examine the even more chilling prospect of Barney the dinosaur reading Adolf Hitler’s Mein Kampf to six-year-olds, and resurrect a tried-and-trusted software evaluation method to decide if Claude 3.5 Sonnet…
Read More