Category: AI in news
Aug 09, 2024Ravie LakshmananIoT Security / Wireless Security Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities “led to an entire break in the security of Sonos’s secure boot process across a wide range of devices and remotely being able to…
Read MorePeople-Search Site Removal Services Largely Ineffective Consumer Reports has a new study of people-search site removal services, concluding that they don’t really work: As a whole, people-search removal services are largely ineffective. Private information about each participant on the people-search sites decreased after using the people-search removal services. And, not surprisingly, the removal services did…
Read More
The Cloud Security Alliance has released its list of top cloud threats for 2024. Plus, CISA and the FBI published a guide for determining if a software product was built “secure by design.” Meanwhile, find out how AI can transform offensive security. And the latest on the Royal ransomware gang, the CIS Benchmarks and TikTok’s…
Read More
What it does: FAIR provides a model for understanding, analyzing, and quantifying cyber risk and operational risk in financial terms, according to the Fair Institute. It’s unlike risk assessment frameworks that focus their output on qualitative color charts or numerical weighted scales. Instead it builds a foundation for developing a robust approach to information risk…
Read More
Action1’s expertise in patch management aligns well with CrowdStrike’s current need to enhance its update mechanisms. By integrating Action1’s technology into its platform, CrowdStrike could significantly improve the testing and deployment of updates, something it faced widespread criticism for in the months following the Falcon goof-up. Implications for customers The $1 billion valuation is a…
Read More
Aug 09, 2024Ravie LakshmananNational Security / Identity Theft The U.S. Department of Justice (DoJ) on Thursday charged a 38-year-old individual from Nashville, Tennessee, for allegedly running a “laptop farm” to help get North Koreans remote jobs with American and British companies. Matthew Isaac Knoot is charged with conspiracy to cause damage to protected computers, conspiracy…
Read More
Aug 09, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data. The agency said it has seen adversaries “acquire system configuration files by leveraging available protocols or software on devices,…
Read More
The issue’s impact depends on what the vulnerable service stores in the bucket. With CloudFormation, an infrastructure-as-code tool, templates that are then used to automatically deploy infrastructure stacks as defined by the user are what is stored. These templates can contain sensitive information, such as environment variables, credentials, and more. But it gets worse: An…
Read More
The report also found that, for enterprises, the most-often attacked vertical was healthcare/pharmaceuticals, displacing the insurance vertical which had held the top spot for the last two years. Energy/utilities came in third, a slot it has held for the last three years, the KnowBe4 report said. Other often-attacked verticals were banking, consulting, financial services, and…
Read More
Aug 08, 2024Ravie LakshmananCyber Attack / Cyber Espionage The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error…
Read More