Author: nlqip
MS-ISAC ADVISORY NUMBER: 2024-023 DATE(S) ISSUED: 02/22/2024 OVERVIEW: Multiple vulnerabilities have been discovered in ConnectWise ScreenConnect, the most severe of which could allow for remote code execution. ConnectWise ScreenConnect is ConnectWise’s remote desktop and mobile support solutions to allow technicians to perform remote support, gain remote access and run remote meetings. Successful exploitation of the…
Read More
A huge reward is being offered for information leading to the identification or location of any of the leaders of the LockBit ransomware gang. The bounty offer comes from the US State Department, following this week’s disruption of the criminal organisation’s activities. LockBit, which has been operating since 2020, has targeted thousands of victims around…
Read MoreNew Image/Video Prompt Injection Attacks Simon Willison has been playing with the video processing capabilities of the new Gemini Pro 1.5 model from Google, and it’s really impressive. Which means a lot of scary new video prompt injection attacks. And remember, given the current state of technology, prompt injection attacks are impossible to prevent in…
Read MoreCISA released one Industrial Control Systems (ICS) advisory on February 22, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations. Source link ddde ddde ddde ddde ddde ddde ddde ddde ddde ddde…
Read More
Feb 22, 2024NewsroomQuantum Computing / Encryption Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging platform against future attacks arising from the threat of a practical quantum computer. “With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-1709 ConnectWise ScreenConnect Authentication Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited…
Read More
A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity…
Read More
Fostering a domestic crane industry Given China’s dominance in the global supply of port cranes, the Biden administration seeks to revive a US-based crane industry. “The Administration continues to deliver for the American people by rebuilding the US’s industrial capacity to produce port cranes with trusted partners,” the White House said in its fact sheet.…
Read More
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In our digitized world, online banking has become an integral part of managing your finances, offering unparalleled convenience. However, with this convenience comes…
Read More
Feb 22, 2024NewsroomMalware / Cyber Espionage An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote access trojan called Konni RAT (aka UpDog). The findings come from German cybersecurity company DCSO, which linked the activity as originating from the…
Read More