Category: AI in news
Apr 06, 2024NewsroomSkimmer / Threat Intelligence Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of “improper neutralization of special elements” that could pave the way for arbitrary code…
Read MoreFriday Squid Blogging: SqUID Bots They’re AI warehouse robots. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Tags: artificial intelligence, robotics, squid Posted on April 5, 2024 at 5:02 PM • 0 Comments Sidebar photo…
Read More
How does DBSC prevent cookie theft? The DBSC API will let a website tell the browser to start a new session and generate a private-public key pair for that session. The browser will then register the public key with the website using an endpoint path specified by the website and the website will then respond…
Read More
Two China-based Android app developers are being sued by Google for an alleged scam targeting 100,000 users worldwide through fake cryptocurrency and other investment apps. The company is taking action after scammers reportedly tricked victims with bogus promises of high returns from Android apps offering cryptocurrency investment opportunities. At least 87 fake apps on Google…
Read More
Apr 05, 2024NewsroomArtificial Intelligence / Supply Chain Attack New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers’ models, and even take over the continuous integration and continuous deployment (CI/CD) pipelines. “Malicious…
Read More
A recent survey by Google and CSA (Cloud Security Alliance) has shed light on the evolving landscape of cybersecurity and the potential impact of Artificial Intelligence (AI). The survey targeted IT professionals, gauging their beliefs on how AI would influence corporate cybersecurity efforts. The findings revealed a spectrum of opinions, with a significant majority (63%)…
Read More
The IT security software vendor, on Wednesday, patched four critical vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure Gateways, the company’s flagship VPN solutions, capable of allowing remote code execution (RCE) and denial of service (DoS) attacks on the affected systems. Ivanti to undergo a security overhaul According to the open letter, published along…
Read More
Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means compliance is a time-consuming, high-stakes process that demands strong organizational and communication skills on top…
Read MoreMaybe the Phone System Surveillance Vulnerabilities Will Be Fixed It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations.…
Read More
Apr 05, 2024NewsroomCyber Espionage / Cybersecurity Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are being targeted by a new version of an “evolving threat” called JSOutProx. “JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET,” Resecurity said in a technical report published this week. “It employs the…
Read More