Category: AI in news
Aug 29, 2024Ravie LakshmananOnline Crime / Privacy French prosecutors on Wednesday formally charged CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russian-born Durov, who is also a French citizen, has been charged with being complicit in the spread…
Read More
Finally in April 2022, the group launched a major attack that crippled 27 Costa Rican government organizations causing disruptions in the country’s customs and taxes platforms, impacting foreign trade and payroll payments. In response, the US State Department put up a $10 million reward for information about the identity or location of Conti’s leaders, as…
Read More
Poortry/BurntCigar, first discovered by Mandiant, is a malicious kernel driver used in conjunction with a loader dubbed Stonestop that attempts to bypasses Microsoft Driver Signature Enforcement. Both the driver and the loader are heavily obfuscated by commercial or open-source packers, such as VMProtect, Themida or ASMGuard. The driver tries to disguise itself by using the…
Read More
Aug 28, 2024Ravie LakshmananVulnerability / Data Security Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL database.…
Read More
Aug 28, 2024Ravie LakshmananCyber Attack / Vulnerability A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace. The activity has been attributed to a threat actor dubbed APT-C-60, according to cybersecurity firms ESET and…
Read More
DSPM solutions provide a comprehensive, up-to-date view into cloud-based data and risk. An integrated CNAPP and DSPM solution elevates this analysis to expose toxic combinations and security gaps across cloud environments. As organizations ramp up their use of cloud-native applications, the amount of sensitive data stored in the cloud grows – as does the difficulty…
Read More
By ARC Labs contributor, Dylan Michalak, Threat Research Intern Sleep obfuscation is a term encompassing malware that waits for some time period to avoid detection. It could include extended sleeping, where malware will wait an extended time (10+ minutes) to start executing to evade shorter sandbox analysis. It could also encompass logic bombs, malicious code that is…
Read More
The combination will also strengthen threat protection for AI applications and models: “This includes mitigating risks like prompt injection, data poisoning, jailbreaking, and unintentional model outcomes. All detections and tests are mapped to industry and regulatory standards like OWASP and MITRE ATLAS,” Gillis wrote. Among the benefits of the Robust Intelligence platform are simplified configuration,…
Read More
RCE through Twig SSTI Twig server-side template injection (SSTI) is a type of security vulnerability that occurs when user input is improperly handled and directly inserted into a Twig template, a popular PHP templating engine. Remote code execution can be achieved when a web application allows the user (an attacker) to inject malicious payloads into…
Read More
The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections. “The BlackByte ransomware group continues to leverage tactics, techniques, and procedures (TTPs) that have formed the foundation of its tradecraft since its inception,…
Read More