🚨 CISA KEV 1[−]
29 Jul KEVCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-4879 ServiceNow Improper Input Validation Vulnerability CVE-2024-5217 ServiceNow Incomplete List of Disallowed Inputs Vulnerability C…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
29 JulCisco Patches the Products Impacted by RADIUS Protocol VulnerabilityCisco has issued patches for multiple products affected by a critical vulnerability in the RADIUS protocol. The vulnerability, identified as CVE-2024-3596, was disclosed by security researchers on July 7, 2024. This flaw allows an on-path attacker to forge responses using a chose…GBHACKERS.COM
29 JulRaspAP Flaw Let Hackers Escalate Privileges with Raspberry Pi DevicesA critical local privilege escalation vulnerability has been discovered in RaspAP, an open-source project designed to transform Raspberry Pi devices into wireless access points or routers. Identified as CVE-2024-41637, this flaw has been rated with a severity score of 9.9 (Critic…GBHACKERS.COM
29 JulAcronis Warns of Cyber Infrastructure Default Password Abused in AttacksThe vulnerability (CVE-2023-45249) was patched nine months ago but is still being exploited in attacks. Admins are advised to update their systems immediately to prevent unauthorized remote code execution.BLEEPINGCOMPUTER.COM
29 JulNational Vulnerability Backlog Could Surge to 30,000 by 2025The National Vulnerability Database (NVD), maintained by the National Institute of Standards and Technology (NIST), currently has a backlog of over 16,000 vulnerabilities, with an average daily influx of more than 100 new security flaws.BANKINFOSECURITY.COM
29 Jul KEVCritical Flaw in Acronis Cyber Infrastructure Exploited in the WildCybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild. The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code execution that stems …THEHACKERNEWS.COM
29 JulMicrosoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi FlawVMware did not mention in-the-wild exploitation for CVE-2024-37085 but Microsoft says ransomware gangs are abusing the just-patched flaw. The post Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulVMware ESXi hypervisor vulnerability grants full admin privilegesSecurity researchers at Microsoft have discovered a vulnerability in VMware ESXi hypervisors that has been exploited by ransomware operators to gain full administrative access to a domain-joined hypervisor. The problem, identified as CVE-2024-37085 , granted full admin privileges…CSOONLINE.COM
29 JulRansomware operators exploit ESXi hypervisor vulnerability for mass encryptionMicrosoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them. The vulnerability involves creating a group called “ESX Admins” …MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 24[−]
29 Jul2024 Olympics put cybersecurity teams on high alertAs athletes from around the world vie for gold at the 2024 Olympics and Paralympics in Paris, cybercriminals are fine-tuning their own game plans to hack, attack, and exploit the largest event on the planet, making the 30th Olympiad potentially the greatest cybersecurity risk in …CSOONLINE.COM
29 JulCrowdStrike debacle underscores importance of having a planThe dust is largely settled from the global blue-screen-of-death (BSD) CrowdStrike inflicted on over 8.5 million Windows devices by its flawed delivery of a channel file in its Falcon Sensor update, crippling businesses worldwide . And now that nearly all those devices have been …CSOONLINE.COM
29 JulNIST releases new tool to check AI models’ securityThe US Department of Commerce’s National Institute of Standards and Technology (NIST) has released a new open source software package, Dioptra, that allows developers to determine what type of attacks would make an AI model perform less effectively. “Testing the effects of advers…INFOWORLD.COM
29 JulPKfail, Critical Firmware Supply-Chain Issue Let Attackers Bypass Secure BootHackers often attack secure boot during the boot process to execute unauthorized code, which gives them the ability to bypass a system’s security measures. By compromising Secure Boot, they can install rootkits and malware at a low level, gaining persistent control over the…GBHACKERS.COM
29 JulNorth Korean Onyx Sleet Using Group Of Malware And Exploits to Gain IntelligenceOnyx Sleet, a cyber espionage group also known as SILENT CHOLLIMA, Andariel, DarkSeoul, Stonefly, and TDrop2, mainly targets the military, defense sector, and technology in the United States, South Korea, and India. The group historically used spear-phishing, but they have now st…GBHACKERS.COM
29 JulMalicious Python Package Attacking macOS Developers To Steal Google Cloud LoginsHackers continuously exploit malicious Python packages to attack developer environments and inject harmful code that enables them to steal sensitive information, install malware, or create backdoors. The method takes advantage of the widely-used repositories for packaging consequ…GBHACKERS.COM
29 JulSelenium Grid Instances Exploited for CryptominingWiz has detailed SeleniumGreed, a campaign in which threat actors target exposed Selenium Grid instances for cryptomining. The post Selenium Grid Instances Exploited for Cryptomining appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulAI-Generated Deepfake Attacks Force Companies To Reassess CybersecurityCompanies are reevaluating their cybersecurity defenses in response to the rise of AI-generated deepfake attacks and identity fraud. According to GetApp, 73% of US organizations have already developed deepfake response plans.HELPNETSECURITY.COM
29 JulMicrosoft shifts focus to kernel-level security after CrowdStrike incidentThe CrowdStrike incident that affected more than 8.5 million Windows PCs worldwide and forced users to face the “Blue Screen of Death,” made Microsoft sit down and revisit the resilience of its operating system. The company is now prioritizing the reduction of kernel-level access…CSOONLINE.COM
29 Jul KEVAcronis Product Vulnerability Exploited in the WildAcronis warns of a critical-severity Acronis Cyber Infrastructure (ACI) vulnerability being exploited in attacks. The post Acronis Product Vulnerability Exploited in the Wild appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulQR Code Phishing is Still on the RiseOrganizations need to be aware of the threat posed by QR code phishing (quishing), according to researchers at Trend Micro.KNOWBE4.COM
29 JulWhatsApp for Windows Lets Python, PHP Scripts Execute with no WarningWhatsApp currently blocks certain file types considered risky, but Python and PHP scripts are not included in the blocklist. Security researcher Saumyajeet Das identified this vulnerability while testing file attachments in WhatsApp conversations.BLEEPINGCOMPUTER.COM
29 JulProofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing EmailsAn unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint's defenses to send millions of messages spoofing various legitimate companies. "These emails echoed from official Proofpoint ema…THEHACKERNEWS.COM
29 JulUkraine Hacked Russian Banks, Leading Major DisruptionA large-scale cyberattack orchestrated by Ukrainian intelligence led to disruptions in the Russian banking sector. According to a source from Ukrainian intelligence, ATM services at several top Russian banks were rendered inoperative, leaving customers unable to withdraw cash. Th…GBHACKERS.COM
29 JulProofpoint settings exploited to send millions of phishing emails dailyA massive phishing campaign dubbed "EchoSpoofing" exploited a security gap in Proofpoint's email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies. [...]BLEEPINGCOMPUTER.COM
29 JulUSB Drive with Write-Protect Switch Recommendationssubmitted by anon2963 to cybersecurity 2 points | 0 comments I am looking for a fast USB drive which has a physical write-protect enable switch on it. I would also want a BadUSB-resistant USB controller. I want this for 2 reasons: So I can diagnose issues on machines where the pr…SH.ITJUST.WORKS
29 JulWith Open Source Artificial Intelligence, Don’t Forget the Lessons of Open Source SoftwareCISA.GOV
29 JulHealthEquity says data breach impacts 4.3 million peopleHSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. [...]BLEEPINGCOMPUTER.COM
29 JulMicrosoft: Ransomware gangs exploit VMware ESXi auth bypass in attacksMicrosoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks. [...]BLEEPINGCOMPUTER.COM
29 JulScammers Exploit Interest in Generative AI ToolsResearchers at Palo Alto Networks’s Unit 42 are tracking phishing attacks exploiting interest in generative AI tools. The researchers observed spikes in suspicious domain registrations over the past year that correlated with current news.KNOWBE4.COM
29 JulPhishing Campaign Exploited Proofpoint Email Protections for SpoofingThreat actors have exploited Proofpoint’s email protection service to deliver millions of spoofed phishing emails. The post Phishing Campaign Exploited Proofpoint Email Protections for Spoofing appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulIdentity Security Posture Management - Dor Fledel - BSW #358Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why? Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the…YOUTUBE.COM
29 JulNew Specula tool uses Outlook for remote code execution in WindowsMicrosoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named "Specula," released today by cybersecurity firm TrustedSec. [...]BLEEPINGCOMPUTER.COM
📋 SECURITY BULLETINS 2[−]
29 JulCrowdStrike was not the only security vendor vulnerable to hasty testingThe CrowdStrike gaffe that caused millions of Windows machines to crash with the infamous Blue Screen of Death (BSOD) could have happened to anyone considering how security updates are pushed these days, experts believe. With updates being rolled out daily by security vendors, it…CSOONLINE.COM
29 JulCrowdStrike Outage Could Cost Cyber Insurers $1.5 BillionMost Claims Will Be Made Under 'Systems Failure' Coverage, Says Moody's Ratings The global IT outage triggered by a faulty CrowdStrike software update could lead to $400 million to $1.5 billion in payouts to cyber insurance policyholders, although the nonstandardized language use…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 9[−]
29 JulPM names new cybersecurity ministerAustralia’s Prime Minister Anthony Albanese has named a new minister for home affairs and for cybersecurity. Tony Burke will take on the responsibility along with immigration and multicultural affairs; minister for the arts; leader of the House. The cabinet change announced on Su…CSOONLINE.COM
29 JulWhite House, CISA Name Key Cybersecurity Officials as National Resilience Strategy Rollout ContinuesThe White House and CISA have named key cybersecurity officials as part of their national resilience strategy rollout. Harry Wingo will become the deputy national cyber director, while Bridget Bean is set to be the new executive director at CISA.CYBERSECURITYDIVE.COM
29 JulMost CISOs Feel Unprepared for New Compliance RegulationsMost CISOs are feeling unprepared for new compliance regulations, such as the SEC’s cybersecurity disclosure rules in the USA and the Digital Operational Resilience Act (DORA) in the EU, presenting a significant challenge.HELPNETSECURITY.COM
29 JulHealth Benefits Administrator Hack Affects 4.3 MillionBreach Was the Result of a Vendor's Compromised Credentials to Access SharePoint Health benefits administrator HealthEquity, which earlier this month reported to the U.S. Securities and Exchange Commission a hacking incident involving the compromised credentials of a vendor, has …DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 10[−]
29 JulFrench Govt Investigating Recent Malware Attack that Compromised 3,000 MachinesThe French government has investigated a malware attack that compromised approximately 3,000 machines within the country. The attack, part of a more extensive botnet operation affecting millions globally, has raised serious concerns about cybersecurity as France prepares to host …GBHACKERS.COM
29 JulScam Attacks Taking Advantage of the Popularity of the Generative AI WaveGenAI-related domains are being registered daily with suspicious activity, including those linked to malware like ransomware and phishing. The trend in GenAI-related domain registrations mirrors industry milestones.UNIT42.PALOALTONETWORKS.COM
29 JulTargeted PyPI Package Steals Google Cloud Credentials from macOS DevsThe malware is designed to target only 64 specific machines, attempting to exfiltrate Google Cloud Platform credentials for potential follow-on attacks such as data theft and malware implantation.DARKREADING.COM
29 Jul4.3 Million Impacted by HealthEquity Data BreachHealthEquity says the personal and health information of 4.3 million individuals was compromised in a data breach. The post 4.3 Million Impacted by HealthEquity Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulHow Searchable Encryption Changes the Data Security GameSearchable Encryption has long been a mystery. An oxymoron. An unattainable dream of cybersecurity professionals everywhere. Organizations know they must encrypt their most valuable, sensitive data to prevent data theft and breaches. They also understand that organizational data …THEHACKERNEWS.COM
29 JulNearly All Ransomware Attacks Now Include Exfiltration of Data…But Not All Are NotifiedOrganizations are falling victim to ransomware attacks where data is stolen, but the victim isn’t being told about it. I have a theory as to why this is happening.KNOWBE4.COM
29 JulReport: Russian Ransomware Gangs Account for 69% of all Ransom ProceedsAccording to an analysis by TRM Labs, Russian-speaking threat actors were responsible for over 69% of all ransomware-related cryptocurrency earnings in the past year, amounting to more than $500 million.BLEEPINGCOMPUTER.COM
29 JulThreat Actots Leveraging ChatGPT To Craft Sophisticated AttacksAdversaries are employing Large Language Models to generate malicious code, delivered via phishing emails, for downloading diverse payloads, including Rhadamanthys, NetSupport, CleanUpLoader, ModiLoader, LokiBot, and Dunihi. It indicates a concerning trend of threat actors levera…GBHACKERS.COM
29 JulEuropean Central Bank Concludes Banking Cyber Stress Test'Room for Improvement," Says ECB Supervisory Board Member The European banking sector is prepared at a high level for withering cyberattacks but there is "room for improvement" in its recovery capabilities, the European Central Bank said at the conclusion of a first-ever cyber st…DATABREACHTODAY.CO.UK
29 JulChange Healthcare Begins to Notify Millions Affected by HackIT Services Vendor Is Sending Individual Letters to Victims on a Rolling Basis Millions of Americans will soon receive a breach notification letter from Change Healthcare, which said on Monday that it has started the process of notifying victims of the massive cyberattack and dat…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 22[−]
29 JulCrowdStrike Outage Themed Maldoc, (Mon, Jul 29th)I found a malicious Word document with VBA code using the CrowdStrike outage for social engineering purposes. It&#;x26;#;39;s an .ASD file (AutoRecover file). My tool oledump.py can analyze it:
ISC.SANS.EDU
29 JulISC Stormcast For Monday, July 29th, 2024 https://isc.sans.edu/podcastdetail/9072, (Mon, Jul 29th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
29 Jul'Stargazer Goblin' Creates 3,000 Fake GitHub Accounts for Malware SpreadA threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service (DaaS) that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year. The network, which co…THEHACKERNEWS.COM
29 JulHackers Attacking Users Searching For W2 FormA malicious campaign emerged on June 21, 2024, distributing a JavaScript file hosted on grupotefex.com, which executes an MSI installer, subsequently dropping a Brute Ratel Badger DLL into the user’s AppData. The command-and-control framework Brute Ratel then download…GBHACKERS.COM
29 JulPass the SALT conference 2024 - 37 videossubmitted by ashar to security_cpe 1 points | 0 comments https://2024.pass-the-salt.org/images/logo-pts23.png A totally free, english spoken conference dedicated to free software & security. Talks & workshops delivered by experts. High quality talks 2024 edition hosts 21 …INFOSEC.PUB
29 Julhardwear.io USA 2024submitted by ashar to security_cpe 1 points | 0 comments https://hardwear.io/archives/hardwear-io-2015.jpg Learn from leading hardware security researchers & professionals and discuss the latest & most innovative research on attacking and defending hardware. Connect with …INFOSEC.PUB
29 Jul97% of CrowdStrike systems are back online; Microsoft suggests Windows changessubmitted by kid to cybersecurity 2 points | 0 comments https://arstechnica.com/information-technology/2024/07/97-of-crowdstrike-systems-are-back-online-microsoft-suggests-windows-changes/ARSTECHNICA.COM
29 JulMicrosoft 365 users targeted by phishers abusing Microsoft Formssubmitted by kid to cybersecurity 2 points | 0 comments https://www.helpnetsecurity.com/2024/07/29/microsoft-365-phishing-forms/HELPNETSECURITY.COM
29 JulSecurityWeek Analysis: 178 Cybersecurity M&A Deals Announced in First Half of 2024178 cybersecurity M&A deals were announced in the first half of 2024, the smallest half year number since SecurityWeek started tracking them. The post SecurityWeek Analysis: 178 Cybersecurity M&A Deals Announced in First Half of 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulNew Research in Detecting AI-Generated VideosThe latest in what will be a continuing arms race between creating and detecting videos: The new tool the research project is unleashing on deepfakes, called “MISLnet”, evolved from years of data derived from detecting fake images and video with tools that spot change…SCHNEIER.COM
29 JulGh0stGambit Dropper Used to Deploy Gh0st RAT Against Chinese UsersThe Gh0st RAT Trojan is being distributed to Chinese Windows users through a fake Chrome website. The malware has been around since 2008 and has evolved over the years, often used by cyberespionage groups in China.ESENTIRE.COM
29 JulMillions of Websites Susceptible XSS Attack via OAuth Implementation FlawResearchers discovered and published details of an XSS attack that could potentially impact millions of websites around the world. The post Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulRoger’s Hacking StoriesIn this post, I'll share two fascinating hacking stories I've experienced: one involving a sophisticated scam that targeted a major U.S. Fortune 500 conglomerate, and another detailing the implementation of honeypots by a renowned U.S. think tank that went wrong. KNOWBE4.COM
29 JulMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
29 JulIs Windows the Easiest to Patch? 🤔 Paul’s Security Weekly Discusses!Join us for a thought-provoking discussion from this week's Paul’s Security Weekly podcast! 💻🔒 Douglas McKee and Paul talk about the challenges of patching in cybersecurity, with a focus on Microsoft Windows. Is Windows truly the easiest to patch, even when dealing with critical …YOUTUBE.COM
29 JulIoT: Internet of Threats?The Internet of Things (IoT) has slowly but surely weaved its way into our homes and places of work. From smart homes to industrial control systems, IoT has brought convenience and efficiency to our lives. However, with this increased connectivity we have increased our risk.KNOWBE4.COM
29 JulThe 2024 Olympics Offers Plenty of Opportunity For Online ScammersFortinet’s Threat Intelligence Report covering the Paris Olympics provides some very detailed coverage of how threat actors are taking advantage of individuals and organizations who have their attention pointing directly toward Paris this summer.KNOWBE4.COM
29 JulAgencies Warn of North Korean Hacks on Nuclear InstallationsAndariel Group Seeking Classified Technology to Power Pyongyang's Nuclear Program United States, British and South Korean government agencies blamed a North Korean espionage group for targeting their defense, aerospace and energy sectors to steal Western nuclear and military tech…DATABREACHTODAY.CO.UK
29 JulThe Evolving Role of the CISO - Allan Alford - BSW #358The CISO role has been evolving for 20 years, but the last 2 years have accelerated that evolution. Some might say it's evolving into extinction. What are the factors driving this evolution? Allan Alford, CEO at Alford and Adams Consulting and host of The Cyber Ranch Podcast, joi…YOUTUBE.COM
29 JulGitHub Network Fuels Malware Distribution OperationThreat Actors Profit from GitHub's Inauthentic Accounts Network Hackers apparently stymied by improved network detection of malware are turning to fake GitHub repositories to host malicious links and archives embedded with viruses. A threat actor dubbed "Stargazer Goblin" is a st…DATABREACHTODAY.CO.UK
29 JulLearning From CrowdStrike's Outage: Insights From Snyk's CEOPeter McKay on Improving Developer Practices, Integrating Security and Cutting Risk Snyk CEO Peter McKay discusses lessons from the recent CrowdStrike outage, emphasizing the importance of robust development practices, effective communication and the integration of quality and se…DATABREACHTODAY.CO.UK
29 JulTech Orgs Feel 'Abandoned' as UN Finalizes Cybercrime TreatyLeading Cybersecurity, Technology Companies 'Gravely Concerned' Over Cyber Treaty Leading cybersecurity and technology firms in the West feel "abandoned" by the United States and Europe as talks for a United Nations cybercrime treaty near their end. Member nations resumed cybercr…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 7[−]
29 JulGoogle's Password Bug Hits Millions: Cybersecurity Today for Monday, July 29, 2024Google's Password Bug Hits Millions & French Police Battle Malware - Cybersecurity Today In this episode of Cybersecurity Today, Jim Love covers Google's recent apology after a bug caused the passwords of 15 million Chrome users to vanish. The episode also dives into the French a…CYBERSECURITYTODAY.LIBSYN.COM
29 JulGh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome SiteThe remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website ("chrome-web[.]com") serving maliciou…THEHACKERNEWS.COM
29 JulReport: 95% of Organizations Face Severe Software Supply Chain RiskOSC&R report reveals that 95% organizations face high software supply chain risks. Despite advancements in application security programs, more work is needed to manage risks effectively.REVERSINGLABS.COM
29 JulFrench Police Push PlugX Malware Self-Destruct Payload to Clean PCsThe operation started in France on July 18, 2024, and is anticipated to extend to other countries like Malta, Portugal, Croatia, Slovakia, and Austria. Victims in France will be individually notified by the ANSSI about the clean-up process.BLEEPINGCOMPUTER.COM
29 JulUS border agents must get warrant before cell phone searches, federal court rulesCritics have long argued that device searches at the U.S. border are unconstitutional and violate the Fourth Amendment. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
29 JulAndroid spyware 'Mandrake' hidden in apps on Google Play since 2022A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. [...]BLEEPINGCOMPUTER.COM
29 JulBeware of fake AI tools masking very real malware threatsEver attuned to the latest trends, cybercriminals distribute malicious tools that pose as ChatGPT, Midjourney and other generative AI assistantsWELIVESECURITY.COM
📡 INFOSEC NEWS 16[−]
29 JulIndustry Moves for the week of July 29, 2024 - SecurityWeekExplore industry moves and significant changes in the industry for the week of July 29, 2024. Stay updated with the latest industry trends and shifts.SECURITYWEEK.COM
29 JulNVIDIA Patches Flaw in Jetson Software Used in AI-Powered SystemsThe flaw in the Jetson Linux component of the JetPack SDK impacts devices such as the Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series, and Jetson Nano.SCMAGAZINE.COM
29 JulDazz Snaps up $50M for AI-Based, Automated Cloud Security RemediationExisting investors Greylock Partners, Cyberstarts, Insight Partners, and Index Ventures are collectively described as “leading” the round. Dazz, which launched in 2021, has now raised around $110 million in total.TECHCRUNCH.COM
29 JulMeta Nukes Massive Instagram Sextortion Network of 63,000 AccountsMeta has taken down 63,000 Instagram accounts in Nigeria involved in sextortion scams, including a network of 2,500 accounts linked to 20 individuals targeting adult men in the US.BLEEPINGCOMPUTER.COM
29 JulHow to Write a Generative AI Cybersecurity PolicyIt’s clear that generative AI is a permanent addition to the enterprise IT toolbox. For CISOs, the pressure is on to roll out AI security policies and technologies that can mitigate very real and present risks.TRENDMICRO.COM
29 JulData From Deleted Github Repositories May Not Actually be DeletedResearchers at Truffle Security have found, or arguably rediscovered, that data from deleted GitHub repositories (public or private) and from deleted copies (forks) of repositories isn't necessarily deleted.THEREGISTER.COM
29 JulSenators to FTC: Car Companies’ Data Privacy Practices Must be InvestigatedU.S. senators have raised concerns about how car companies handle consumer data, revealing that major automakers share and sell drivers' information without proper consent.THERECORD.MEDIA
29 JulDespite Bans, AI Code Generation Tools Widely Used in OrganizationsDespite bans, organizations are widespread in using AI code tools, causing security concerns, as reported by Checkmarx. While 15% prohibit AI tools for code generation, a staggering 99% still use them.INFOSECURITY-MAGAZINE.COM
29 JulHacking gang leaks documents stolen from Pentagon IT providerHackers have released internal documents stolen from one of America's largest IT services providers, which counts various US government agencies, including the Department of Defense, amongst its customers. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
29 JulMillions Of Websites Susceptible To XSS Attack Via OAuth Implementation FlawPACKETSTORMSECURITY.COM
29 JulYes, Americans can opt out of airport facial recognition. Here’s howU.S. airports are rolling out facial recognition to scan travelers' faces before boarding their flights. Americans, at least, can opt out. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
29 JulComparing From and Reply-To headers | Kaspersky official blogComparing From and Reply To headers boosts detection of business email compromise (BEC) attacks and spear phishing.KASPERSKY.COM
29 JulFormer Avaya employee gets 4 years for $88M license piracy schemeThree individuals who orchestrated a massive-scale pirate operation involving the sale of Avaya business telephone system software licenses worth over $88,000,000 have received imprisonment sentences. [...]BLEEPINGCOMPUTER.COM
29 JulApple iOS 18.1 Beta previews Apple Intelligence for the first timeApple has released the iOS 18.1 Beta to developers, allowing them to test some of its upcoming AI-powered Apple Intelligence features before they are released for testing in the public previews. [...]BLEEPINGCOMPUTER.COM