Category: AI in news
“AMD’s decision to exclude older processors from the ‘Sinkclose’ vulnerability patch risks damaging customer trust and brand loyalty,” said Arjun Chauhan, senior analyst at Everest Group. “Enterprises using these still-popular chips may feel neglected, leading to dissatisfaction and potentially driving them to consider competitors who offer longer support lifecycles.” Notably, AMD’s recently released Ryzen 9000…
Read More
Aug 12, 2024Ravie LakshmananCybersecurity / Network Security The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with elevated privileges. The vulnerability, tracked as CVE-2024-7589, carries a CVSS score of 7.4 out of a maximum of 10.0, indicating…
Read More
Aug 12, 2024Ravie LakshmananCritical Infrastructure / Vulnerability Cybersecurity researchers have identified a number of security shortcomings in photovoltaic system management platforms operated by Chinese companies Solarman and Deye that could enable malicious actors to cause disruption and power blackouts. “If exploited, these vulnerabilities could allow an attacker to control inverter settings that could take parts…
Read MoreTaxonomy of Generative AI Misuse Interesting paper: “Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data“: Generative, multimodal artificial intelligence (GenAI) offers transformative potential across industries, but its misuse poses significant risks. Prior research has shed light on the potential of advanced AI systems to be exploited for malicious purposes. However, we…
Read More
A notorious ransomware group has demanded more than half a billion dollars from victims in less than two years. That staggering statistic has been made public in an update to a joint advisory issued by the US Cybersecurity and Infrastructure Agency (CISA) and the FBI, warning organisations about the threat posed by the BlackSuit gang.…
Read More
Booker, a former CISO at UnitedHealth Group, says the attack also serves as a blaring reminder to healthcare organizations to “make sure you focus on the basics and essential security measures, like multifactor authentication, have them where you need them, which is everywhere, and have a way to know that what you’re doing is right,…
Read More
Aug 12, 2024Ravie LakshmananCloud Security / Malware The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind. The attack chains are characterized by the use of RAR archive attachments containing a Windows shortcut (LNK) file that,…
Read More
Aug 11, 2024Ravie LakshmananSupply Chain / Software Security Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims’ secrets. “The legitimate Solana Python API project is known as ‘solana-py’ on GitHub, but simply…
Read More
Aug 10, 2024Ravie LakshmananVulnerability / Mobile Security As many as 10 security flaws have been uncovered in Google’s Quick Share data transfer utility for Android and Windows that could be assembled to trigger remote code execution (RCE) chain on systems that have the software installed. “The Quick Share application implements its own specific application-layer communication…
Read More
Aug 10, 2024Ravie LakshmananBrowser Security / Online Fraud An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software. “The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more sophisticated malicious scripts that…
Read More