Category: AI in news
Mar 15, 2024NewsroomHardware Security / Data Protection A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines speculative execution and race conditions. “All the common synchronization…
Read More
Two firms have been fined $26 million by the US Federal Trade Commission (FTC) for scaring consumers into believing their computers were infected by malware. The FTC claimed that Restoro Cyprus Limited and Reimage Cyprus Limited, both based in Cyprus, operated a tech support scam since at least 2018 that “bilked tens of millions of…
Read More
Mar 15, 2024NewsroomData Privacy / Artificial Intelligence Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According to new research published by Salt Labs, security flaws found directly in ChatGPT and within the ecosystem could…
Read MoreImproving C++ C++ guru Herb Sutter writes about how we can improve the programming language for better security. The immediate problem “is” that it’s Too Easy By Default™ to write security and safety vulnerabilities in C++ that would have been caught by stricter enforcement of known rules for type, bounds, initialization, and lifetime language safety.…
Read More
Mar 15, 2024NewsroomBrowser Security / Phishing Attack Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites. “The Standard protection mode for Chrome on desktop and iOS will check sites against Google’s server-side list of known bad sites in real-time,” Google’s…
Read More
Mar 15, 2024NewsroomMalvertising / Threat Intelligence Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy Geacon, a Golang-based implementation of Cobalt Strike. “The malicious site found in the notepad++…
Read More
Security analysts receive thousands of alerts daily, and the onslaught is rapidly growing without any signs of slowing down. Meanwhile, cybersecurity talent is extremely difficult to recruit and retain. According to the ISC2 Cybersecurity Workforce Study 2023, the global cybersecurity workforce of about 5.5 million would need to almost double to meet the current need.…
Read More
Persistent threats such as business email compromise (BEC) necessitate an evolution of cybersecurity defenses to protect identities. Transitioning away from a reliance on authenticator apps and IP fencing toward a comprehensive zero-trust framework, incorporating FIDO2 security keys or passkeys, offers a path to more secure and user-friendly authentication experiences. By embracing these technologies, organizations can…
Read More
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years. Onerep’s…
Read More
An affiliate of the LockBit ransomware gang has been sentenced to almost four years in jail after earlier pleading guilty to charges of cyber extortion and weapons charges. 34-year-old Mikhail Vasiliev, who has dual Russian and Canadian nationality, was arrested in 2022 as part of a multinational law enforcement investigation into LockBit that started in…
Read More