Author: nlqip
Sep 25, 2024Ravie LakshmananArtificial Intelligence / Vulnerability A now-patched security vulnerability in OpenAI’s ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool’s memory. The technique, dubbed SpAIware, could be abused to facilitate “continuous data exfiltration of any information the user typed or…
Read MoreSep 25, 2024Ravie LakshmananEmail Security / Threat Intelligence Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation and shipping companies so as…
Read MoreSep 25, 2024Ravie LakshmananVulnerability / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2024-7593 (CVSS score: 9.8), which could be exploited by…
Read MoreWe recommend the following actions be taken: * Apply appropriate updates provided by Google to vulnerable systems immediately after appropriate testing. (**[M1051](https://attack.mitre.org/mitigations/M1051/): Update Software**) * **Safeguard 7.1: Establish and Maintain a Vulnerability Management Process:** Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise…
Read MoreIn testimony before a U.S. House Homeland Security subcommittee, CrowdStrike’s Adam Meyers said the July outage has prompted a major shift in how the vendor approaches content updates impacting the Windows kernel. CrowdStrike has overhauled its approach to deploying threat-related content updates that impact the Windows kernel in the wake of the massively disruptive July…
Read MoreThe deal ‘advances our recovery offerings, strengthens our platform, and reinforces our position as a leading SaaS provider for cyber resilience,’ Commvault CEO Sanjay Mirchandani says. Hybrid cloud cyber resilience vendor Commvault plans to buy Amazon Web Services-focused Clumio for about $47 million– a fraction of the $261 million Clumio has raised since its founding…
Read MoreImage: MidjourneyMicrosoft has released the September 2024 non-security preview update for Windows 10, version 22H2, with fixes for bugs causing Edge web browser freezes and media playback issues. Today’s optional cumulative update (KB5043131) is a maintenance release designed to allow Windows administrators to test fixes and improvements. This will ensure a more reliable user experience…
Read MoreAutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang. Although the firm says it has detected no fraud campaigns targeting impacted individuals, it is sending notifications to alert affected people of potential risks. In mid-August, the car dealership company disclosed that it had…
Read MoreHP Inc. CEO Enrique Lores says the PC and print giant is doubling down on its commercial business with new AI-enhanced products and solutions, which include the EliteBook X AI PC, AI features for printers as well as fleet management and remote remediation capabilities. HP Inc. CEO Enrique Lores said the company is doubling down…
Read MoreImage: MidjourneyArkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning. City officials have informed relevant authorities about the incident, and Homeland Security and FBI agents are investigating, as reported by local media. City…
Read More