Category: AI in news
Following the publication of proof-of-concept exploit details for a high-severity flaw in SolarWinds Serv-U, researchers have observed both automated and manual in-the-wild exploitation attempts; patching is strongly advised. Background On June 5, SolarWinds published an advisory for a vulnerability in its Serv-U file transfer protocol (FTP) and managed file transfer (MFT) solutions: CVE Description CVSSv3…
Read More
ACMA’s proceedings against Optus On 20 May 2024, ACMA filed proceedings in the Federal Court against Optus alleging that during the data breach between 17 to 20 September 2022, Optus failed to protect the confidentiality of its customers’ personal information from unauthorised interference or unauthorised access as required under the Telecommunications (Interception and Access) Act 1979. The…
Read More
TikTok’s legal troubles in the U.S. could get thornier after the FTC refers complaint to the DOJ. Meanwhile, France says Russia-backed Nobelium / Midnight Blizzard is a major cyber espionage threat to European governments. Plus, a Tenable poll about dealing with vulnerabilities without patches. And did LockBit 3.0 make a comeback in May? Maybe –…
Read MoreRoss Anderson’s Memorial Service The memorial service for Ross Anderson will be held on Saturday, at 2:00 PM BST. People can attend remotely on Zoom. (The passcode is “L3954FrrEF”.) Tags: cryptography, security engineering Posted on June 21, 2024 at 7:04 AM • 0 Comments Sidebar photo of Bruce Schneier by Joe MacInnis. Source link lol
Read More
However, to defeat detection, the scripts first performed checks to ensure the user was not operating in a virtual machine or sandbox (a common way for researchers to vet suspicious sites without compromising their machines); if a VM or sandbox was detected, the script exited without performing its malicious activities. ClickFix Another threat actor popped…
Read More
As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to do so, but the use of third-party services can also come with significant — often unforeseen — risks. Third…
Read More
Concerns outlined in the Final Determination paint a mixed picture for Kaspersky-like commercial security products. “The administration’s move to ban Kaspersky Lab products in the United States underscores the stakes of security products gone bad, wherein the privileges that are supposed to be used to protect networks and systems are instead used to subvert security…
Read More
Jun 21, 2024NewsroomVulnerability / Data Protection A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions…
Read More
Jun 21, 2024NewsroomSoftware Security / Threat Intelligence The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) on Thursday announced a “first of its kind” ban that prohibits Kaspersky Lab’s U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company’s affiliates, subsidiaries and…
Read More
Swatting definition Swattingis a form of criminal harassment in which attackers try to trick police forces into sending a heavily armed strike force to a victim’s home or business. The term takes its name from SWAT (Special Weapons and Tactics), a highly trained police unit that is called on to respond to active shooting scenes.…
Read More