Category: AI in news
Six MSP executives share details on how they’re helping customers to stay secure through education and awareness training for their teams. As cyberthreats continue to evolve—and intensify—MSPs are continuing to update and adapt the security training that they facilitate for customers. This week, CRN’s reporting team spoke with executives from numerous solution and service providers…
Read More
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact. Introduction In this blog, we take a look at a server-side request forgery (SSRF) vulnerability in Copilot Studio that leveraged Copilot’s ability to…
Read More
“Removing the power to connect equipment to or install program in CCS as this is likely to have a chilling effect on technology investment and Hong Kong digital economy, which will undermine trust in service providers who operate in Hong Kong,” Dr. Eden Wood, president of AmCham wrote in the letter. The HKGCC has raised…
Read MoreHacking Wireless Bicycle Shifters This is yet another insecure Internet-of-things story, this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack. Research paper. Another news story. Slashdot thread. Tags: academic papers, firmware, hacking,…
Read More
Aug 20, 2024Ravie LakshmananVulnerability / Container Security Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and access credentials for services used by the cluster. “An attacker with command execution in a Pod running within an affected Azure Kubernetes Services…
Read More
Aug 20, 2024Ravie LakshmananVulnerability / Threat Intelligence A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan. “The most notable feature of this backdoor is that it communicates with a command-and-control (C&C) server via DNS traffic,” the Symantec Threat Hunter Team, part of Broadcom,…
Read More
Samantha Mabey, director of digital security solutions at Entrust, commented: “Now that NIST has finalized three quantum-resistant security algorithms, it becomes increasingly crucial for CISOs to prepare for the quantum computing era. The shift to post-quantum cryptography is more than a technical update; it’s a vital step in protecting sensitive information, and promises to be…
Read More
Aug 20, 2024Ravie LakshmananMalware / Cyber Espionage Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations. Targets of these attacks span several sectors, including governmental institutions, financial companies, energy and oil and gas companies.…
Read More
Moreover, there are no safeguards at the repository level to detect bad packages. “Anyone can write a piece of code and just upload it to those platforms,” Yehuda Gelb, research engineer at Checkmarx, tells CSO. “For instance, in Python, you can just create a Python package and upload it, and there’s no one really in…
Read More
Aug 20, 2024Ravie LakshmananVulnerability / Ransomware The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware attacks. The vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that could lead to code execution. “Jenkins…
Read More