Mar 04, 2024NewsroomAI Security / Vulnerability As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform. These include instances where loading a pickle file leads to code execution, software supply chain security firm JFrog said. “The model’s payload grants the attacker a shell on the compromised…
Read More
“People in CISO circles absolutely talk a lot about liability. We’re all concerned about it,” Deaner acknowledges. “People are taking the changes to those regulations very seriously because they’re there for a reason.” In Nagler’s view, more defined regulatory parameters might actually turn out to be “the best gift” for CISOs. “Leaders are taking notice…
Read More
U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. “Structured as a ransomware as a service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and county governments, emergency services,…
Read More
Video As the specter of AI-generated disinformation looms large, tech giants vow to crack down on fabricated content that could sway voters and disrupt elections taking place around the world this year 01 Mar 2024 As a record number of people across the world will go to the polls this year, concerns rise about the…
Read More
Mar 02, 2024NewsroomSpyware / Privacy A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant’s ongoing litigation against the Israeli spyware vendor. The decision, which marks a major legal victory for Meta, which filed the lawsuit in October…
Read More
Mar 02, 2024NewsroomCybercrime / Social Engineering The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including the U.S. Departments of the…
Read More
“Microsoft hasn’t given up on securing the admin-to-kernel boundary, though,” researchers from Avast explain. “Quite the opposite. It has made a great deal of progress in making this boundary harder to cross. Defense-in-depth protections, such as DSE (Driver Signature Enforcement) or HVCI (Hypervisor-Protected Code Integrity), have made it increasingly difficult for attackers to execute custom…
Read MoreFriday Squid Blogging: New Extinct Species of Vampire Squid Discovered Paleontologists have discovered a 183-million-year-old species of vampire squid. Prior research suggests that the vampyromorph lived in the shallows off an island that once existed in what is now the heart of the European mainland. The research team believes that the remarkable degree of preservation…
Read More
Security agencies from several nations warn that attackers were able to deceive the integrity checking tools provided by Ivanti in response to the recent attacks exploiting zero-day vulnerabilities in its Connect Secure and Policy Secure gateways. The agency also identified a technique in a lab setting that could be used to achieve malware persistence on…
Read More
Adam Levin was a guest on Dark Rhiino’s Security Confidental podcast. In the episode, he encouraged listeners to protect both their security and their identities by “lying like a superhero.” Providing false or misleading information, accounts will be harder to break into in the event of a data breach. Listen to the episode below: Source…
Read More