Apple has agreed to pay $95 million to settle a class action lawsuit in the U.S. alleging that its Siri assistant recorded private conversations and shared them with third parties. […]
French govt contractor Atos denies Space Bears ransomware attack claims
French tech giant Atos, which secures communications for the country’s military and secret services, has denied claims made by the Space Bears ransomware gang that they compromised one of its databases. […]
In Other News: Volkswagen Data Leak, DoubleClickjacking, China Denies Hacking US Treasury
Noteworthy stories that might have slipped under the radar: location data of 800,000 electric Volkswagen cars leaked, DoubleClickjacking attack, China denies hacking US Treasury.
The post In Other News: Volkswagen Data Leak, DoubleClickjacking, China Denies Hacking US Treasury appeared first on SecurityWeek.
FireScam Android Malware Packs Infostealer, Spyware Capabilities
The FireScam Android infostealer monitors app notifications and harvests credentials and financial data and sends it to a Firebase database.
The post FireScam Android Malware Packs Infostealer, Spyware Capabilities appeared first on SecurityWeek.
Exploit Code Published for Potentially Dangerous Windows LDAP Vulnerability
Proof-of-concept (PoC) code was published for CVE-2024-49113, a denial-of-service (DoS) vulnerability in Windows LDAP.
The post Exploit Code Published for Potentially Dangerous Windows LDAP Vulnerability appeared first on SecurityWeek.
US Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American Voters
The United States has imposed sanctions on two groups linked to Iranian and Russian efforts to target American voters with disinformation ahead of this year’s election.
The post US Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American Voters appeared first on SecurityWeek.
New AI Jailbreak Method ‘Bad Likert Judge’ Boosts Attack Success Rates by Over 60%
Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model’s (LLM) safety guardrails and produce potentially harmful or malicious responses.
The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit 42 researchers Yongzhe Huang, Yang Ji, Wenjun Hu, Jay Chen, Akshata Rao, and
The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit 42 researchers Yongzhe Huang, Yang Ji, Wenjun Hu, Jay Chen, Akshata Rao, and
New York Hospital Says Ransomware Attack Data Breach Impacts 670,000
Richmond University Medical Center has been investigating a ransomware attack since May 2023 and it recently determined that it affects 670,000 people.
The post New York Hospital Says Ransomware Attack Data Breach Impacts 670,000 appeared first on SecurityWeek.
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition.
The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (
The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (
Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption
Microsoft has announced that it’s making an “unexpected change” to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure.
“We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other kinds of breakage,” Richard Lander, a program
“We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other kinds of breakage,” Richard Lander, a program