Category: AI in news
A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by “several” ransomware groups to gain elevated permissions and deploy file-encrypting malware. The attacks involve the exploitation of CVE-2024-37085 (CVSS score: 6.8), an Active Directory integration authentication bypass that allows an attacker to obtain administrative access to the host. “A malicious actor…
Read More
Security researchers at Microsoft have discovered a vulnerability in VMware ESXi hypervisors that has been exploited by ransomware operators to gain full administrative access to a domain-joined hypervisor. The problem, identified as CVE-2024-37085, granted full admin privileges to members of a domain group, without proper validation. It has been used by several ransomware groups such…
Read More
‘Red Hat is really doubling down on our commitment to the ecosystem,’ Red Hat VP Kevin Kennedy tells CRN. Amid a boost in business opportunities in artificial intelligence and migration from legacy virtualization vendors, Red Hat is transforming its partner program to standardization worldwide, streamlined incentives and a better digital experience. Kevin Kennedy, vice president…
Read More
Jul 29, 2024Ravie LakshmananEnterprise Security / Data Protection Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild. The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code execution that stems from the use of default passwords. The…
Read More
Hackers have released internal documents stolen from one of America’s largest IT services providers, which counts various US government agencies, including the Department of Defense, amongst its customers. Bloomberg reports that the leaked data, which belonged to Virginia-based Leidos Holdings, was seized by hackers during a previously-reported breach in 2022 of software-as-a-service firm Diligent. The…
Read More
Searchable Encryption has long been a mystery. An oxymoron. An unattainable dream of cybersecurity professionals everywhere. Organizations know they must encrypt their most valuable, sensitive data to prevent data theft and breaches. They also understand that organizational data exists to be used. To be searched, viewed, and modified to keep businesses running. Unfortunately, our Network…
Read More
Other vendors aren’t immune It would be naive to think of a world free of CrowdStrike-like scenarios, especially in the present day of interconnectivity and dependency. CrowdStrike, incidentally, happened to be the one with the slip-up but it could have been anyone, several believe. “It’s important to note that this is not a security failure,”…
Read More
Ideally, such privileged access should be governed stringently, ensuring adequately tested, digitally signed software with limited privileges is used,” Varkey added. “It is also important for the OS vendor to be transparent to its partners on their potential vulnerabilities and risks, which could impact the stability of the Kernel.” However, the CrowdStrike incident, with its…
Read MoreNew Research in Detecting AI-Generated Videos The latest in what will be a continuing arms race between creating and detecting videos: The new tool the research project is unleashing on deepfakes, called “MISLnet”, evolved from years of data derived from detecting fake images and video with tools that spot changes made to digital video or…
Read More
The guidelines outline voluntary practices developers can adopt while designing and building their model to protect it against being misused to cause deliberate harm to individuals, public safety, and national security. The draft offers seven key approaches for mitigating the risks that models will be misused, along with recommendations on how to implement them and…
Read More