Vietnam now requires it for some purchases. It may be a fraud risk in Singapore. Or ML could be making it safe The use of selfies to verify identity online is an emerging trend in some parts of the world…
Millionen Linux-Systeme sind über OpenSSH angreifbar
Sicherheitsexperten bei Qualys haben eine gravierende Lücke in OpenSSH erkannt und über 14 Millionen potenziell verwundbare OpenSSH-Serverinstanzen entdeckt. Die RegreSSHion genannte Sicherheitslücke ermöglicht es Angreifern von extern mit Root-Rechten auf Linux-Systeme zuzugreifen. Dieser Artikel wurde indexiert von Security-Insider | News…
Continuous Threat Exposure Management for Google Cloud
On July 9th, 2020, an independent security firm discovered a trove of personal health information belonging to Pfizer patients on the public internet. The breach exposed unencrypted conversations between patients and providers of four different Pfizer products, including full names,…
July 2024 Patch Tuesday forecast: The end of an AV giant in the US
The US celebrated Independence Day last week, providing many with a long weekend leading into patch week. With summer vacations underway, many developers must be out of the office because June was fairly quiet regarding software updates. This included June…
How nation-state cyber attacks disrupt public services and undermine citizen trust
In this Help Net Security interview, Rob Greer, VP and GM of the Enterprise Security Group at Broadcom, discusses the impact of nation-state cyber attacks on public sector services and citizens, as well as the broader implications for trust and…
Monocle: Open-source LLM for binary analysis search
Monocle is open-source tooling backed by a large language model (LLM) for performing natural language searches against compiled target binaries. Monocle can be provided with a binary and search criteria (authentication code, vulnerable code, password strings, etc.), and it will…
Organizations change recruitment strategies to find cyber talent
An estimated 4 million professionals are needed to fill the growing cybersecurity workforce gap, according to Fortinet. At the same time, Fortinet’s 2024 Global Cybersecurity Skills Gap Report found that 70% of organizations indicated that the cybersecurity skills shortage creates…
ISC Stormcast For Monday, July 8th, 2024 https://isc.sans.edu/podcastdetail/9042, (Mon, Jul 8th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, July 8th, 2024…
Not-so-OpenAI allegedly never bothered to report 2023 data breach
Also: F1 authority breached; Prudential victim count skyrockets; a new ransomware actor appears; and more security in brief It’s been a week of bad cyber security revelations for OpenAI, after news emerged that the startup failed to report a 2023…
Paperclip Maximizers, Artificial Intelligence and Natural Stupidity
Existential risk from AI Some believe an existential risk accompanies the development or emergence of artificial general intelligence (AGI). Quantifying the probability of this risk is a hard problem, to say nothing of calculating the probabilities of the many non-existential…
A decade after collapsing, crypto exchange Mt Gox repays some investors
Plus: Samsung strike; India likely upping chip subsidies; Asian nations link payment schemes Asia In Brief Mt Gox, the Japanese crypto exchange that dominated trading for a brief time in the early 2010s before collapsing amid the disappearance of nearly…
Husky Owners – 16,502 breached accounts
In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones. This article has been indexed from…
Deshalb hat Microsoft einen Jailbreak für GPT, Llama und Gemini entwickelt
KI-Modelle sind normalerweise darauf trainiert, bestimmte Antworten zu vermeiden. Diese Sicherheitsmaßnahmen können aber mit Jailbreaks umgangen werden. Eine besonders effektive Methode präsentiert nun Microsoft mit dem sogenannten Skeleton Key. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen…
Hacker Breaches OpenAI, Steals Sensitive AI Tech Details
Earlier this year, a hacker successfully breached OpenAI’s internal messaging systems, obtaining sensitive details about the company’s AI technologies. The incident, initially kept under wraps by OpenAI, was not reported to authorities as it was not considered a threat…
Passkeys Aren’t Foolproof: New Study Reveals Vulnerabilities in Popular Authentication Method
Despite their growing popularity, passkeys are not as secure as many believe. According to Joe Stewart, principal security researcher at eSentire’s Threat Response Unit (TRU), many online accounts using passkeys can still fall victim to adversary-in-the-middle (AitM) attacks. This…
Apache fixed a source code disclosure flaw in Apache HTTP Server
The Apache Foundation addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The Apache Software Foundation has addressed multiple vulnerabilities in its popular Apache HTTP Server. The vulnerabilities include denial-of-service (DoS), remote code execution, and unauthorized…
USENIX Security ’23 – Notice the Imposter! A Study on User Tag Spoofing Attack in Mobile Apps
Authors/Presenters:Shuai Li, Zhemin Yang, Guangliang Yang, Hange Zhang, Nan Hua, Yurui Huang, and Min Yang Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s…
Qilin Attack On London Hospitals Leaves Cancer Patient With No Option
The latest figures suggest that nearly 1,500 medical operations have been cancelled at some of London’s leading hospitals in the four weeks following Qilin’s ransomware attack on pathology services provider Synnovis. But perhaps no one was more severely impacted…
Security Affairs Malware Newsletter – Round 1
Today marks the launch of the Security Affairs newsletter, specializing in Malware. This newsletter complements the weekly one you already receive. Each week, it will feature a collection of the best articles and research on malware. CapraTube Remix | Transparent…
Haben KI-Modelle wie ChatGPT ein Bewusstsein? Meinungen von Experten und Laien gehen auseinander
Bei ihren Antworten wirken KI-Modelle wie ChatGPT sehr menschlich. Das wirft die Frage auf: Haben diese Modelle ein Bewusstsein? Ein Forscherteam wollte wissen, wie Menschen dazu denken. Die Auswertung einer Umfrage überrascht. Dieser Artikel wurde indexiert von t3n.de – Software…
Apple zeigt, wozu seine KI fähig ist: So könnt ihr die 4M-Demo ausprobieren
Apple hat eine Demo seines KI-Modells 4M veröffentlicht. So kann jeder Interessent das Modell für sich selbst testen. In der Demo zeigt Apple, wozu es in der Lage ist. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen…
Critical npm Account Takeover Vulnerability Sold on Dark Web
A cybercriminal known as Alderson1337 has emerged on BreachForums, offering a critical exploit targeting npm accounts. This vulnerability poses a significant threat to npm, a crucial package manager for JavaScript managed by npm, Inc., a subsidiary of GitHub. Alderson1337…
The Decline of Serverless Computing: Lessons For Enterprises To Learn
In the rapidly changing world of cloud technology, serverless computing, once hailed as a groundbreaking innovation, is now losing its relevance. When it first emerged over a decade ago, serverless computing promised to free developers from managing detailed compute and…
Applying Bloch’s Philosophy to Cyber Security
Ernst Bloch, a luminary in the realm of philosophy, introduced a compelling concept known as the “Not-Yet” — a philosophy that envisions the future as a realm of potential and possibility. Bloch’s ideas revolve around the belief that the world…