Proof-of-concept (PoC) code was published for CVE-2024-49113, a denial-of-service (DoS) vulnerability in Windows LDAP.
The post Exploit Code Published for Potentially Dangerous Windows LDAP Vulnerability appeared first on SecurityWeek.
US Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American Voters
The United States has imposed sanctions on two groups linked to Iranian and Russian efforts to target American voters with disinformation ahead of this year’s election.
The post US Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American Voters appeared first on SecurityWeek.
New AI Jailbreak Method ‘Bad Likert Judge’ Boosts Attack Success Rates by Over 60%
Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model’s (LLM) safety guardrails and produce potentially harmful or malicious responses.
The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit 42 researchers Yongzhe Huang, Yang Ji, Wenjun Hu, Jay Chen, Akshata Rao, and
The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit 42 researchers Yongzhe Huang, Yang Ji, Wenjun Hu, Jay Chen, Akshata Rao, and
New York Hospital Says Ransomware Attack Data Breach Impacts 670,000
Richmond University Medical Center has been investigating a ransomware attack since May 2023 and it recently determined that it affects 670,000 people.
The post New York Hospital Says Ransomware Attack Data Breach Impacts 670,000 appeared first on SecurityWeek.
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition.
The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (
The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (
Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption
Microsoft has announced that it’s making an “unexpected change” to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure.
“We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other kinds of breakage,” Richard Lander, a program
“We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other kinds of breakage,” Richard Lander, a program
Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations
Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users’ privacy using its voice-activated Siri assistant.
The development was first reported by Reuters.
The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the
The development was first reported by Reuters.
The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the
Apple to Pay $95 Million to Settle Lawsuit Accusing Siri of Snoopy Eavesdropping
Apple isn’t acknowledging any wrongdoing in the settlement, which must be approved by a Judge and represents a sliver of the $705 billion in profits that Apple has pocketed since September 2014.
The post Apple to Pay $95 Million to Settle Lawsuit Accusing Siri of Snoopy Eavesdropping appeared first on SecurityWeek.
Ransomware gang leaks data stolen in Rhode Island’s RIBridges Breach
The Brain Cipher ransomware gang has begun to leak documents stolen in an attack on Rhode Island’s “RIBridges” social services platform. […]
New DoubleClickjacking attack exploits double-clicks to hijack accounts
A new variation of clickjacking attacks called “DoubleClickjacking” lets attackers trick users into authorizing sensitive actions using double-clicks while bypassing existing protections against these types of attacks. […]