Category: AI in news
Jul 01, 2024NewsroomSupply Chain Attack / Threat Intelligence Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to distribute information-stealing malware. The installers correspond to Notezilla, RecentX, and Copywhiz, according to cybersecurity firm Rapid7, which discovered the supply chain compromise on June 18, 2024. The issue has since…
Read More
Jul 01, 2024NewsroomLinux / Vulnerability OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability has been assigned the CVE identifier CVE-2024-6387. It resides in the OpenSSH server component, also known as sshd, which is designed…
Read More
Isolated Web applications (IWAs) are defined as applications which, rather than being hosted on a live web server and fetched over HTTPS, are packaged into bundles signed by their developers and distributed to users through various methods including platform-specific installation formats like APK, MSI, or DMG, raw singed bundles, through an operating system, browser or…
Read MoreModel Extraction from Neural Networks A new paper, “Polynomial Time Cryptanalytic Extraction of Neural Network Models,” by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but it’s a really interesting result. Abstract: Billions…
Read More
Jul 01, 2024NewsroomVulnerability / Network Security Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. “An Authentication Bypass Using an Alternate Path or Channel vulnerability…
Read More
For starters, don’t use outdated or vulnerable virtual private networking software (VPN) or other edge access tools that are easily attacked. It’s critical to have some sort of process in place to identify security issues in your remote access software and to be prepared, if necessary, to make the hard decision to shut down remote…
Read More
Jun 29, 2024NewsroomCybersecurity / Website Security Google has announced that it’s going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority’s inability to address security issues in a timely manner. “Over the past several years, publicly disclosed incident reports…
Read MoreFriday Squid Blogging: New Squid Species A new squid species—of the Gonatidae family—was discovered. The video shows her holding a brood of very large eggs. Research paper. Tags: academic papers, squid, video Posted on June 28, 2024 at 5:01 PM • Sidebar photo of Bruce Schneier by Joe MacInnis. Source link lol
Read More
There’s some possibly good news on the ransomware front. Companies are becoming more resilient to attacks, and the ransom payments extorted from businesses by hackers are on a downward trend. That’s one of the findings of insurance broker Marsh, which conducted an analysis of the more than 1800 cyber claims it received during 2023 from…
Read More
Car dealerships have been brought to a standstill across the United States after a software provider was hit by a ransomware attack. The attack, believed to be by the BlackSuit ransomware gang, forced CDK Global, makers of a platform widely used by car dealerships to conduct their everyday business, to down its IT systems and…
Read More