Category: AI in news
Four alleged members of the FIN9 cybercrime gang have been charged in relation to a series of hacks that caused over US $71 million of losses for companies across the United States. The defendants, all Vietnamese nationals, are accused of launching a series of sophisticated phishing and supply-chain attacks to gain unauthorised access to company…
Read MoreJun 27, 2024NewsroomVulnerability / Enterprise Security A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been…
Read MoreAble to spot unwelcome changes to files or detect tell-tale patterns (Social Security numbers, administrative credentials, and so on) in unwelcome places (like outgoing email attachments), Yara is a powerful tool with a seemingly endless number of uses. There are limits to signature-based detection, so it would be a bad idea to rely on Yara…
Read MoreWikileaks’s Julian Assange is a free man, deepfakes cause trouble in the playground, and we hear hot takes about ransomware and tales from inside a devastating denial-of-service attack. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this…
Read MoreGenerative Artificial Intelligence is a transformative technology that has captured the interest of companies worldwide and is quickly being integrated into enterprise IT roadmaps. Despite the promise and pace of change, business and cybersecurity leaders indicate they are cautious around adoption due to security risks and concerns. A recent ISMG survey found that the leakage…
Read MoreGenerative AI’s impact cannot be understated, as more than 55% of organizations are already piloting or actively using the technology. For all its potential benefits, generative AI raises valid security concerns. Any system that touches proprietary data and personally identifiable information must be protected to mitigate risk while enabling business agility. CISOs tasked with bringing…
Read MoreLast time I launched a new podcast it was December 2016. As luck should have it, “Smashing Security” turned out to be quite a success – with something like 10 million downloads over the years and we just published our 378th episode. But a lot has changed since we launched “Smashing Security”. And that’s why…
Read More“The malicious code dynamically generates payloads based on HTTP headers, activating only on specific mobile devices, evading detection, avoiding admin users and delaying execution,” according to c/side. Some of the doctored JavaScript files include a fake Google analytics link that redirects users to sports or pornography websites. As c/side warns, the content being served up…
Read MoreJun 26, 2024NewsroomVulnerability / Data Protection A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions – From 2023.0.0 before…
Read MoreTo manage your cloud resources effectively and securely, you need to consistently tag assets across all your cloud platforms. Here we explain tagging’s main benefits, as well as proven strategies and best practices for tagging success. The first step in securing a cloud environment is understanding where your assets are running. This can pose huge…
Read MoreRecent Posts
- Global infostealer malware operation targets crypto users, gamers
- Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks
- Ukraine Bans Telegram Use for Government and Military Personnel
- LinkedIn Halts AI Data Processing in UK Amid Privacy Concerns Raised by ICO
- False claims of hacked voter data – Week in security with Tony Anscombe