Month: September 2024
Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting (XSS) continue to appear in software, enabling threat actors to exploit them. However, cross-site scripting vulnerabilities are preventable and should not…
Read More
Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external users and potential threat actors. The exposed information includes personally identifiable information (PII), internal system details, user credentials, access tokens for live production systems, and other essential information depending on the Knowledge Base topic. Aaron…
Read More
Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many Secure Boot devices vulnerable to UEFI bootkit malware attacks. Known as ‘PKfail,’ and now tracked as CVE-2024-8105, the supply chain attack is caused by test Secure Boot master key (Platform Key “PK”), which…
Read More
One of the most frequent questions we get from our clients considering our Dedicated Resources are, “How do your Dedicated Resources differ from traditional staff augmentation?” It’s a great question and one that highlights a crucial distinction in how we approach cybersecurity. We’re going break down those differences in the blog below, so you can…
Read More
Sep 17, 2024Ravie LakshmananArtificial Intelligence / Regulatory Compliance Meta has announced that it will begin training its artificial intelligence (AI) systems using public content shared by adult users across Facebook and Instagram in the U.K. in the coming months. “This means that our generative AI models will reflect British culture, history, and idiom, and that…
Read More
Sep 17, 2024Ravie LakshmananSpyware / Privacy The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator. “The United States will not tolerate the reckless propagation of disruptive technologies that…
Read More
Sep 17, 2024Ravie LakshmananBrowser Security / Quantum Computing Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs). “Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC),”…
Read More
Sep 17, 2024The Hacker NewsGenAI Security / SaaS Security Since launching ChatGPT in 2022, OpenAI has defied expectations with a steady stream of product announcements and enhancements. One such announcement came on May 16, 2024, and for most consumers, it probably felt innocuous. Titled “Improvements to data analysis in ChatGPT,” the post outlines how users…
Read MoreAccess Denied You don’t have permission to access “http://cybersecurity.att.com/blogs/security-essentials/physical-security-in-the-age-of-digital-access-control-system-vulnerabilities” on this server. Reference #18.dfd7ce17.1726567564.d42a658d https://errors.edgesuite.net/18.dfd7ce17.1726567564.d42a658d Source link lol
Read More
Sep 17, 2024Ravie LakshmananCryptocurrency / Malware Cryptocurrency exchange Binance is warning of an “ongoing” global threat that’s targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud. Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim’s clipboard activity and…
Read More