U.S. government issues critical infrastructure AI security recommendations.
The U.S. government has recently issued new security rules aimed at safeguarding critical infrastructure from potential threats posed by A.I. technology. “These guidelines are informed by the whole-of-government effort to assess A.I. risks across all sixteen critical infrastructure sectors…
0 Comments5 Minutes
Sandbox Escape Vulnerabilities in Judge0 Open Systems to Takeover
The Judge0 open-source online code execution system has several severe security issues that could be exploited to execute code on the target system. The three serious issues allow an “adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host…
0 Comments4 Minutes
ToddyCat Hackers Utilize Powerful Tools for Industrial Data Theft
ToddyCat Hackers have been seen using many tools to penetrate vulnerable environments and steal data. Kaspersky described the attacker as using multiple tools to harvest data on an “industrial scale” from Asia-Pacific government agencies, some of which are defense-related. You might be…
0 Comments3 Minutes
State-backed hackers exploit 2 Cisco vulnerabilities for espionage
A recent malware campaign used two zero-day vulnerabilities in Cisco networking equipment to distribute bespoke malware and enable surreptitious data collection on target environments. Cisco Talos tracked the activity under the name UAT4356 (also known as Storm-1849 by Microsoft), called it…
0 Comments6 Minutes
CoralRaider Malware Campaign Distributes Info-Stealers by Using CDN Cache
Since at least February 2024, a new, ongoing CoralRaider malware campaign has been distributing three distinct stealers—CryptBot, LummaC2, and Rhadamanthys. These malicious programs have been identified as hosted on Content Delivery Network (CDN) cache sites. With a reasonable degree of confidence,…
0 Comments4 Minutes
Cyberattacks Real Cost
Cybersecurity breaches can devastate both organizations and individuals. While considerable focus is often directed toward the methods and motivations behind these breaches, it’s crucial to understand the true financial ramifications of a cyberattack. According to Cybersecurity Ventures, the…
1 Comment8 Minutes
New Android Trojan ‘SoumniBot’ Hides with Clever Tricks
SoumniBot, a new Android trojan, exploits manifest extraction and parsing flaws to target South Korean users. The malware is “notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest,” according to Kaspersky researcher Dmitry…
0 Comments5 Minutes
AWS, Google, and Azure CLI Tools May Contain Credential Leaks
According to a recent cybersecurity study, sensitive Credential Leaks may be exposed in build logs by using command-line interface (CLI) tools from Google Cloud and Amazon Web Services (AWS), which puts enterprises in serious danger. The cloud security company Orca has termed this vulnerability…
0 Comments3 Minutes
Popular PuTTY SSH Client Is Open to Key Recovery Attack
Users are being notified by the developers of the PuTTY Secure Shell (SSH) and Telnet client about a serious flaw that affects versions 0.68 through 0.80 and has the potential to be used to fully recover NIST P-521 (ecdsa-sha2-nistp521) private keys. The vulnerability has been designated…
0 Comments4 Minutes
Palo Alto Networks Issues Quick Fixes for PAN-OS Exploitation
In order to address a maximum-severity security hole affecting PAN-OS software that has been actively exploited in the wild, Palo Alto Networks has published hotfixes. The critical vulnerability, identified as CVE-2024-3400 (CVSS score: 10.0), involves command injection in the GlobalProtect…
0 Comments3 Minutes