Jun 17, 2024NewsroomRouter Security / Vulnerability ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. “Certain ASUS router models have authentication bypass vulnerability,…
Read More
A 22-year-old British national allegedly linked to the Scattered Spider hacking group and responsible for attacks on 45 U.S. companies has been arrested in Palma de Mallorca, Spain. The suspect is suspected of being a leader of a cybercrime gang dedicated to stealing data and cryptocurrencies from organizations and then extorting them for not publishing…
Read More
‘We are working closely with our distribution partners to try to recruit new partners especially in the security area and also around data center networking,’ says HPE Aruba Worldwide Channel Chief Lene Skov. With Hewlett Packard Enterprise’s blockbuster $14 billion acquisition of Juniper Networks on track to close later this year or early in 2025,…
Read More
‘What HPE has done with Private Cloud Business Edition is make it attainable and it has opened customer’s eyes to the HPE ecosystem,’ says Champions of Change CEO Xara Tran. When Champions of Change won the first-ever HPE GreenLake Private Cloud Business Edition (PCBE) deal last year, it did a whopping 250 hours of “independent”…
Read More
Generative AI (GenAI) is being hailed as the most transformative innovation since the rise of the internet in the 1990s. For security, GenAI can revolutionize the field if applied correctly, especially when it comes to threat detection and response. It enhances efficiency and productivity by swiftly processing and delivering critical information when it matters most.…
Read More
Jun 17, 2024NewsroomCyber Espionage / Vulnerability A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal command-and-control (C&C) for defense…
Read More
Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle (either right before or after a service is deployed), the ensuing process of compiling and fixing vulnerabilities creates massive overhead for developers. The overhead that degrades velocity and puts…
Read More
The UPX-packed ELF, apart from DSOP.pdf, has the DISGOMOJI malware payload which, upon execution, reads and exfiltrates system information including IP address, username, hostname, operating system, and the current working directory. Apart from the main functions, DISGOMOJI also downloads a shell script uevent_seqnum.sh, to check for connected USB devices and copy the content of those…
Read MoreUsing LLMs to Exploit Vulnerabilities Interesting research: “Teams of LLM Agents can Exploit Zero-Day Vulnerabilities.” Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems. However, these agents still perform poorly…
Read More
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Summer is a time for relaxation, travel, and spending quality moments with family and friends. However, it is also peak season for cybercriminals…
Read More