brangberg – Page 949

From Misuse to Abuse: AI Risks and Attacks

AI from the attacker’s perspective: See how cybercriminals are leveraging AI and exploiting its vulnerabilities to compromise systems, users, and even other AI applications
Cybercriminals and AI: The Reality vs. Hype
“AI will not replace humans in the near future. But humans who know how to use AI are going to replace those humans who don’t know how to use AI,” says Etay Maor, Chief Security

Google Pays Out $36,000 for Severe Chrome Vulnerability

Google has released Chrome 130 in the stable channel to resolve 17 vulnerabilities, including 13 reported by external researchers.

The post Google Pays Out $36,000 for Severe Chrome Vulnerability appeared first on SecurityWeek.

AI Models in Cybersecurity: From Misuse to Abuse

Exploring differences in AI models on security measures and unveiling threat actor tactics.

The post AI Models in Cybersecurity: From Misuse to Abuse appeared first on SecurityWeek.

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT.
The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser in Internet Explorer Mode.

CISA Flags Critical SolarWinds Web Help Desk Bug for In-the-Wild Exploitation

CISA warns that a critical-severity hardcoded credentials vulnerability in SolarWinds Web Help Desk is exploited in attacks.

The post CISA Flags Critical SolarWinds Web Help Desk Bug for In-the-Wild Exploitation appeared first on SecurityWeek.

Oracle Patches Over 200 Vulnerabilities With October 2024 CPU

Oracle has released 334 new security patches to address roughly 220 unique CVEs as part of its October 2024 Critical Patch Update.

The post Oracle Patches Over 200 Vulnerabilities With October 2024 CPU appeared first on SecurityWeek.

5 Techniques for Collecting Cyber Threat Intelligence

To defend your organization against cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge about new and ongoing threats.
There are many techniques analysts can use to collect crucial cyber threat intelligence. Let’s consider five that can greatly improve your threat investigations.
Pivoting on С2 IP addresses to pinpoint malware

Passkey News: FIDO Unveils New Specifications, Amazon Announces 175 Million Users

FIDO Alliance has published new specifications for securely moving passkeys across providers, as Amazon announced 175 million passkey users.

The post Passkey News: FIDO Unveils New Specifications, Amazon Announces 175 Million Users appeared first on SecurityWeek.

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails.
“The spear-phishing campaign’s impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected,” Trend Micro said in a new analysis.
“

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance.
The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0
“An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing

Author: brangberg