Category: AI in news
The report points to the need for companies to patch open- source software and components, said Mike McGuire, senior software solutions manager at Synopsys Software Integrity Group. “It’s unpatched vulnerabilities that have led to some of the most significant data breaches,” he said. “Arguably, it’s the duty of these companies to address vulnerabilities, especially if…
Read More
In an era of unprecedented technological advancement, the adoption of AI continues to rise. However, with the proliferation of this powerful technology, a darker side is emerging. Increasingly, malicious actors are using AI to enhance every stage of an attack. Cybercriminals are using AI to support a multitude of malicious activities, ranging from bypassing algorithms that detect…
Read More
Feb 29, 2024NewsroomThreat Intelligence / Cyber Threat Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML “enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against applications configured to…
Read More
What’s happened? The US government warned healthcare organizations about the risk of being targeted by the ALPHV BlackCat ransomware after a surge in attacks. I thought ALPHV BlackCat had been taken down by the cops? Well remembered. Shortly before Christmas, the US Department of Justice (DOJ) announced that it had disrupted the gang’s operations and…
Read More
“Top quartile total earnings across the various roles in the sample are considerably higher than the median pay,” the study added. “In many cases, the top 10% average is as much as three times the median total compensation, indicating a significant pay band within each of the roles.” For cybersecurity directors, the total annual compensation…
Read More
Feb 29, 2024NewsroomRootkit / Threat Intelligence The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It…
Read MoreHow the “Frontier” Became the Slogan of Uncontrolled AI Artificial intelligence (AI) has been billed as the next frontier of humanity: the newly available expanse whose exploration will drive the next era of growth, wealth, and human flourishing. It’s a scary metaphor. Throughout American history, the drive for expansion and the very concept of terrain…
Read More
Feb 29, 2024NewsroomMalware / Endpoint Security The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269 times, with pycryptoconf accounting for…
Read More
However, with many CISOs and their teams already feeling under pressure from the mounting responsibilities of protecting organizations, coming to grips with the growing raft of regulations and requirements, can be overwhelming, said Insight Enterprises’ Rader. “There’s a lot to ingest from multiple agencies in the US, EU requirements and disclosure requirements and even certain…
Read More
At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK, as well as maintain persistent access to compromised…
Read More