Month: July 2024
“From a theoretical point of view, we must find a useful code path that, if interrupted at the right time by SIGALRM, leaves sshd in an inconsistent state, and we must then exploit this inconsistent state inside the SIGALRM handler,” the researchers wrote in their technical advisory. “From a practical point of view, we must…
Read MoreUpcoming Book on AI and Democracy If you’ve been reading my blog, you’ve noticed that I have written a lot about AI and democracy, mostly with my co-author Nathan Sanders. I am pleased to announce that we’re writing a book on the topic. This isn’t a book about deep fakes, or misinformation. This is a…
Read More
An Australian man was charged by Australia’s Federal Police (AFP) for allegedly conducting an ‘evil twin’ WiFi attack on various domestic flights and airports in Perth, Melbourne, and Adelaide to steal other people’s email or social media credentials. The police started investigating reports from airline employees in April 2024 and found evidence of the man…
Read MoreAdminer–Adminer Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4. 2024-06-24 not yet calculated CVE-2023-451959119a7d8-5eab-497f-8521-727c672e3725 Adminer–Adminer Adminer and AdminerEvo allow…
Read More
Google has hired two top AWS and Microsoft former vice presidents who will lead the company’s newly formed Cloud AI business unit. Google Cloud has hired two vice presidents from rivals Amazon Web Services and Microsoft to lead its artificial intelligence cloud business as the three IT titans battle for AI market leadership. Google’s $38…
Read More
Data extortion and ransomware attacks have had a massive impact on businesses during the first half of 2024. Biggest Cyberattacks And Breaches If the pace of major cyberattacks during the first half of 2024 has seemed to be nonstop, that’s probably because it has been: The first six months of the year have seen organizations…
Read More
Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed ‘Indirector,’ which could be used to steal sensitive information from the CPU. Indirector exploits flaws in Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB), two…
Read More
Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches. Cybersecurity firm Sygnia, who reported the incidents to Cisco, linked the attacks to a Chinese state-sponsored threat actor it tracks as Velvet Ant. “Sygnia detected this exploitation during a larger forensic investigation into the China-nexus cyberespionage group…
Read More
The software maker says it’s continuing to restore systems nearly two weeks after it was struck by a ransomware attack. CDK Global said Monday that it expects to complete the recovery from its recent ransomware attack by later this week, with a projection that all car dealerships will be reconnected to its platform by July…
Read More
‘This funding is going to help us with our globalization strategy,’ says Tiffany Ricks, founder and CEO of HacWare. ‘Our goal is to leverage AI to make sure we take the guesswork out of training your employees on the evolving threats.’ Cybersecurity education firm HacWare Inc. is one of 20 Black- and Latino-led companies that…
Read More