Tag: vulnerability
-
China’s DeepSeek Aims to Rival OpenAI’s ‘Reasoning’ Model
by
in SecurityNewsDeepSeek-R1 Struggles with Logic Tests and Is Vulnerable to Jailbreaks. Chinese artificial intelligence research company DeepSeek, funded by quantitative trading firms, introduced what it says is one of the first reasoning models to rival OpenAI o1. Reasoning models engage in self-fact checking and perform multi-step reasoning tasks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinas-deepseek-aims-to-rival-openais-reasoning-model-a-26883
-
Schlimmsten-Liste: CISA veröffentlicht die Top 25 Softwarelücken des Jahres
by
in SecurityNewsDie US-Behörde CISA und Mitre haben die Top 25 der gefährlichsten Software-Schwachstellen des Jahres 2024 veröffentlicht. First seen on heise.de Jump to article: www.heise.de/news/Software-Schwachstellen-CISA-veroeffentlicht-die-Top-25-des-Jahres-2024-10107064.html
-
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
by
in SecurityNews
Tags: access, advisory, ai, application-security, attack, backup, best-practice, breach, cisa, cloud, computer, cve, cyber, cyberattack, cybercrime, cybersecurity, data, exploit, extortion, firewall, framework, governance, government, group, guide, Hardware, incident, incident response, infrastructure, injection, intelligence, Internet, LLM, malicious, microsoft, mitigation, mitre, monitoring, network, nist, office, open-source, powershell, privacy, ransomware, regulation, risk, risk-management, russia, service, skills, software, sql, strategy, supply-chain, tactics, technology, theft, threat, tool, update, vulnerability, vulnerability-management, windowsDon’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against…
-
Software-Schwachstellen: CISA veröffentlicht die Top 25 des Jahres 2024
by
in SecurityNewsDie US-Behörde CISA und Mitre haben die Top 25 der gefährlichsten Software-Schwachstellen des Jahres 2024 veröffentlicht. First seen on heise.de Jump to article: www.heise.de/news/Software-Schwachstellen-CISA-veroeffentlicht-die-Top-25-des-Jahres-2024-10107064.html
-
Russian TAG-110 Hacked 60+ Users With HTML Loaded Python Backdoor
by
in SecurityNewsThe Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central Asia, East Asia, and Europe by deploying custom malware, HATVIBE and CHERRYSPY, to compromise government entities, human rights groups, and educational institutions. Initial access is typically gained through phishing or exploiting vulnerable web services, as the campaign’s goal is to…
-
Mobilize Like Your Organization Depended On It
by
in SecurityNewsExplore how seamless integration, automation, and collaboration drive effective vulnerability remediation to protect your organization in real-time. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/mobilize-like-your-organization-depended-on-it/
-
Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations
by
in SecurityNewsEarth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India, Taiwan, and Japan, leveraging spear-phishing and exploiting vulnerabilities in public-facing applications like SSL-VPN and file storage services. The group has deployed various backdoors, including Cobalt Strike, LODEINFO, and the newly discovered NOOPDOOR, to maintain persistent access to compromised networks, which…
-
In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit
by
in SecurityNewsNoteworthy stories that might have slipped under the radar: Nvidia fixes vulnerability with rare ‘critical’ severity, Chinese APT’s first Linux backdoor, new details emerge from the WhatsApp-NSO lawsuit. The post In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit appeared first on SecurityWeek. First seen on securityweek.com Jump to…
-
U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: apple, cisa, cve, cybersecurity, exploit, infrastructure, kev, oracle, update, vulnerability, zero-dayU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week, Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS,…
-
JFrog zeigt proaktive Schritte gegen Schwachstelle im userinfo-Segment
by
in SecurityNewsCVE-2024-10524 verdeutlicht eindrucksvoll die Risiken, die selbst in etablierten Softwareabhängigkeiten schlummern, und betont die Notwendigkeit gründlicher Sicherheitsprüfungen auch für vertrauenswürdige Tools. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-zeigt-proaktive-schritte-gegen-schwachstelle-im-userinfo-segment/a39040/
-
400,000 Systems Potentially Exposed to 2023’s Most Exploited Flaws
by
in SecurityNewsVulnCheck finds hundreds of thousands of internet-accessible hosts potentially vulnerable to 2023’s top frequently exploited flaws. The post 400,000 Systems Potentially Exposed to 2023’s Most Exploited Flaws appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/400000-systems-potentially-exposed-to-2023s-most-exploited-flaws/
-
Programmiersprache Rust: AWS-Wettbewerb für mehr Sicherheit der Standard-Library
by
in SecurityNewsMittels Crowdsourcing will AWS die Standard-Library von Rust auf Schwachstellen und undefiniertes Verhalten untersuchen. First seen on heise.de Jump to article: www.heise.de/news/Amazon-Web-Services-gibt-Geld-fuer-mehr-Sicherheit-der-Standard-Library-von-Rust-10097801.html
-
CERT-In Flags Critical Vulnerabilities in Zoom: Update Your Apps Now
by
in SecurityNewsThe Indian Computer Emergency Response Team (CERT-In) has issued a detailed security advisory about multiple vulnerabilities found in the popular video conferencing application, Zoom. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cert-in-advisory-for-zoom-vulnerabilities/
-
MITRE Unveils Top 25 Most Critical Software Flaws
by
in SecurityNewsThe 25 most dangerous software weaknesses between June 2023 and June 2024 are responsible for almost 32,000 vulnerabilities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mitre-unveils-top-25-software-flaws/
-
SentinelOne AI-SPM detects misconfigurations and vulnerabilities in AI applications
by
in SecurityNewsSentinelOne announced new AI security posture management (AI-SPM) capabilities to protect and secure the use of AI services in the workplace. Built on SentinelOne’s … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/22/sentinelone-ai-spm/
-
145,000 ICS Systems, Thousands of HMIs Exposed to Cyber Attacks
by
in SecurityNewsCritical infrastructure, the lifeblood of modern society, is under increasing threat as a new report from Censys reveals that over 145,000 industrial control system (ICS) devices are exposed to the internet. Among these, thousands of human-machine interfaces (HMIs), which allow operators to control critical systems, remain unsecured, leaving them vulnerable to exploitation by […] The…
-
Sicherheitsrisiko: D-Link rät zur Entsorgung einiger Routermodelle
by
in SecurityNewsÜber eine Schwachstelle können Angreifer Schadcode ausführen. Bestimmte Router von D-Link bekommen aber kein Sicherheitsupdate mehr. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsrisiko-D-Link-raet-zur-Entsorgung-einiger-Routermodelle-10097743.html
-
More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days
by
in SecurityNewsThreat actors already hacked thousands of Palo Alto Networks firewalls exploiting recently patched zero-day vulnerabilities. Thousands of Palo Alto Networks firewalls have reportedly been compromised in attacks exploiting recently patched zero-day vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in PAN-OS. CVE-2024-0012is a vulnerability in Palo Alto Networks PAN-OS that allows unauthenticated attackers with network access to the management…
-
Destatis: Doch kein Datenleck? IDEV-Meldesystem wieder online
by
in SecurityNewsDas Statistische Bundesamt (Destatis) hat sein Meldesystem IDEV wieder online genommen. Die Plattform war nach Meldungen über einen Hack mit angeblich abgeflossenen Daten im Umfang von 3,8 GByte abgeschaltet worden. Eine Analyse habe aber laut Destatis keine Hinweise auf eine Schwachstelle oder … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/11/22/destatis-doch-kein-datenleck-idev-meldesystem-wieder-online/
-
Risiko durch veraltete Kurz-URL-Formate Day-Schwachstelle in GNU Wget
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/-cyberkriminelle-nutzen-sicherheitsluecke-gnu-wget-jfrog-untersucht-a-367f299da8293de7b06bf5a704b143d4/
-
Chinese Hackers Breached Deep Into US Telecom to Spy on Calls and Texts
by
in SecurityNewsIn a breach that lawmakers are calling the most serious in U.S. history, Chinese hackers infiltrated the nation’s telecommunications systems, gaining the ability to listen to phone conversations and read text messages by exploiting outdated equipment and vulnerabilities in network connections. The revelations come as investigators scramble to understand the full scope of the intrusion.…
-
FortiClient VPN Flaw Enables Undetected Brute-Force Attacks
by
in SecurityNewsA design flaw in the logging mechanism of Fortinet’s VPN servers has been uncovered, allowing attackers to conduct brute-force attacks without detection. This vulnerability, disclosed by cybersecurity researchers at Pentera, highlights a critical gap in Fortinet’s ability to log successful authentication attempts during brute-force attacks, leaving enterprises vulnerable to potential breaches. The issue lies in…
-
BTS #42 The China Threat
by
in SecurityNewsIn this episode, Paul Asadoorian, Allan Alford, and Josh Corman discuss the growing threat posed by China, particularly in the context of cyber operations and geopolitical ambitions. They explore the implications of China’s strategies, the vulnerabilities in critical infrastructure, and the need for transparency and trust in digital systems. The conversation highlights the urgency of……
-
Wiz Fortifies Application Security With $450M Dazz Purchase
by
in SecurityNewsBuy of Application Security Startup Enhances Code-to-Cloud Vulnerability Management. Wiz acquired application security posture management startup Dazz for $450 million to provide enterprises with a unified code-to-cloud solution. CEO Merav Bahat highlights how this partnership will streamline vulnerability management and strengthen remediation capabilities for global organizations. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/wiz-fortifies-application-security-450m-dazz-purchase-a-26875
-
Breach Roundup: Russia Suspected of Severing Undersea Cables
by
in SecurityNewsAlso: VPN Vulnerabilities Attract Hackers, Hackers Use Swiss Mail to Send Malware. This week, Russia suspected in Balctic Sea cable sabotage, VPNs draw ransomware attackers and Swiss snail mail malware. An AI training company reported a cybertheft of $250,000 and a U.S. space firm reported a breach. Microsoft said it will pay $$$ for AI…
-
Apple Patches Two Zero-Day Attack Vectors
by
in SecurityNewsThreat actors exploited two vulnerabilities in Intel-based machines. Google’s Threat Analysis Group discovered the flaws. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/apple-patches-zero-day-vulnerabilities/
-
Most prevalent, menacing software vulnerabilities ranked by MITRE
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/most-prevalent-menacing-software-vulnerabilities-ranked-by-mitre
-
CISA Red Team Finds Alarming Critical Infrastructure Risks
by
in SecurityNews
Tags: cisa, cyber, defense, detection, endpoint, infrastructure, network, RedTeam, risk, vulnerabilityRed Team Finds Vulnerabilities in Critical Infrastructure Org’s Security Framework. The U.S., cyber defense agency is urging critical infrastructure operators to learn from the experience of a volunteer read teaming test and not rely too heavily on host-based endpoint detection and response solutions at the expense of network layer protections. First seen on govinfosecurity.com Jump…
-
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
by
in SecurityNews
Tags: access, attack, authentication, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, detection, exploit, framework, iam, identity, infrastructure, intelligence, least-privilege, login, mfa, microsoft, monitoring, password, risk, service, software, strategy, tactics, threat, tool, update, vulnerabilityA landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on. The landmark report Detecting and Mitigating Active Directory Compromises, released in September by cybersecurity agencies…