Category: AI in news
Juan Perez Juan has been writing about IT since the mid-1990s, first as a reporter and editor, and now as a content marketer. He spent the bulk of his journalism career at International Data Group’s IDG News Service, a tech news wire service where he held various positions over the years, including Senior Editor and…
Read MoreCybersecurity Snapshot: First Quantum-resistant Algorithms Ready for Use, While New AI Risks’ Database Is Unveiled
- by nlqip
NIST has released the first encryption algorithms that can protect data against quantum attacks. Plus, MIT launched a new database of AI risks. Meanwhile, the CSA published a paper outlining the unique risks involved in building systems that use LLMs. And get the latest on Q2’s most prevalent malware, the Radar/Dispossessor ransomware gang and CVE…
Read MoreAug 16, 2024Ravie LakshmananCyber Attack / Malware Chinese-speaking users are the target of an ongoing campaign that distributes malware known as ValleyRAT. “ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage,” Fortinet FortiGuard Labs researchers Eduardo Altares and Joie Salvio said.…
Read MoreSaaS applications have become indispensable for organizations aiming to enhance productivity and streamline operations. However, the convenience and efficiency these applications offer come with inherent security risks, often leaving hidden gaps that can be exploited. Conducting thorough due diligence on SaaS apps is essential to identify and mitigate these risks, ensuring the protection of your…
Read MoreNew Windows IPv6 Zero-Click Vulnerability The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with…
Read MoreAug 16, 2024Ravie LakshmananMobile Security / Software Security A large percentage of Google’s own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware. The issue manifests in the form of a pre-installed Android app called “Showcase.apk” that comes with excessive…
Read MoreAI start-up Anthropic launches bug reporting scheme Artificial intelligence startup Anthropic launched a vulnerability disclosure program (VDP), managed by HackerOne, in August with bounty rewards up to $15,000 for novel, universal jailbreak attacks that could expose vulnerabilities in critical, high-risk domains such as CBRN (chemical, biological, radiological, and nuclear) and cybersecurity. A jailbreak attack in…
Read MoreAn analysis of build artifacts generated by GitHub Actions workflows inside open-source repositories belonging to major companies revealed sensitive access tokens to third-party cloud services, as well as GitHub itself. In addition, a change made this year in the GitHub artifacts feature has introduced a race condition that attackers can exploit to abuse previously unusable…
Read MoreA great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records. We’ll also…
Read MoreHow does this lead to misconfigurations? Let’s assume an administrator creates a CRT with “No Permissions Required.” In adding custom fields, he wants some fields to be readable by unauthenticated users, so he sets their Default Access Level to View; other fields that should not be readable, he sets Default Access Level to None, assuming…
Read MoreRecent Posts
- Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
- Multiple Vulnerabilities in Citrix Products Could Allow for Remote Code Execution
- Multiple Vulnerabilities in Ivanti Endpoint Manager Could Allow for Remote Code Execution
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues