Category: AI in news
CSO caught up with Adam Meyers, CrowdStrike’s SVP of counter adversary operations, whose team produced the report, for an exclusive interview on the report’s findings. (Questions regarding the “Channel File 291 incident” were directed to CrowdStrike’s Remediation and Guidance Hub, where the company is providing continuous information and updates, including an FAQ.) Famous Chollima’s shocking…
Read More
Securonix: AI-reinforced SIEM Securonix introduced two new capabilities within its Securonix EON suite — Cyber Data Fabric and Noise Canceling SIEM. These updates are designed to enhance the company’s Unified Defense SIEM solution, targeted at helping CyberOps teams tackle sophisticated cyberattacks more effectively. Cyber Data Fabric offers modular architecture for intelligent data classification, ensuring relevant…
Read More
As AI transforms industries, security remains critical. Discover the importance of a security-first approach in AI development, the risks of open-source tools, and how Tenable’s solutions can help protect your systems. Artificial Intelligence (AI) is transforming industries and starting to be massively adopted by software developers to build core business applications. However, as organizations embrace…
Read More
Aug 06, 2024Ravie LakshmananMalware / Windows Security The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns. The packages in question, harthat-api and harthat-hash, were published on July 7, 2024,…
Read More
A massive cyberattack targeting Mobile Guardian, a UK-based mobile device management (MDM) firm, has caused widespread disruption to schools and businesses worldwide, including North America, Europe, and Singapore. The incident has resulted in the loss of data and remote wiping of iOS and ChromeOS devices for thousands of users. Mobile Guardian has acknowledged the global…
Read MoreA Better Investigatory Board for Cyber Incidents When an airplane crashes, impartial investigatory bodies leap into action, empowered by law to unearth what happened and why. But there is no such empowered and impartial body to investigate CrowdStrike’s faulty update that recently unfolded, ensnarling banks, airlines, and emergency services to the tune of billions of…
Read More
In the world of cybersecurity, as everywhere else, AI and generative AI are top of mind. Malicious actors are using AI and genAI to create more insidious malware, more convincing phishing emails, and more realistic deepfakes. At the same time, vendors are fighting back by incorporating AI capabilities into their cybersecurity tools. The goal is…
Read More
Aug 06, 2024Ravie LakshmananMobile Security / Vulnerability Google has addressed a high-severity security flaw impacting the Android kernel that it has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel. “There are indications that CVE-2024-36971 may be under limited, targeted…
Read More
Aug 06, 2024Ravie LakshmananEnterprise Security / Vulnerability A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on affected instances. Tracked as CVE-2024-38856, the flaw has a CVSS score of 9.8 out of a…
Read More
It’s unclear how many enterprises employ Apache OFBiz as many organizations might use it internally, but based on public data known users include large organizations such as IBM, HP, Accenture, United Airlines, Home Depot, and Upwork. Some third-party commercial applications, such as Atlassian JIRA, also use OFBiz modules. The project is used globally and across…
Read More