Also: F1 authority breached; Prudential victim count skyrockets; a new ransomware actor appears; and more security in brief It’s been a week of bad cyber security revelations for OpenAI, after news emerged that the startup failed to report a 2023…
Tag: EN
Paperclip Maximizers, Artificial Intelligence and Natural Stupidity
Existential risk from AI Some believe an existential risk accompanies the development or emergence of artificial general intelligence (AGI). Quantifying the probability of this risk is a hard problem, to say nothing of calculating the probabilities of the many non-existential…
A decade after collapsing, crypto exchange Mt Gox repays some investors
Plus: Samsung strike; India likely upping chip subsidies; Asian nations link payment schemes Asia In Brief Mt Gox, the Japanese crypto exchange that dominated trading for a brief time in the early 2010s before collapsing amid the disappearance of nearly…
Husky Owners – 16,502 breached accounts
In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones. This article has been indexed from…
Hacker Breaches OpenAI, Steals Sensitive AI Tech Details
Earlier this year, a hacker successfully breached OpenAI’s internal messaging systems, obtaining sensitive details about the company’s AI technologies. The incident, initially kept under wraps by OpenAI, was not reported to authorities as it was not considered a threat…
Passkeys Aren’t Foolproof: New Study Reveals Vulnerabilities in Popular Authentication Method
Despite their growing popularity, passkeys are not as secure as many believe. According to Joe Stewart, principal security researcher at eSentire’s Threat Response Unit (TRU), many online accounts using passkeys can still fall victim to adversary-in-the-middle (AitM) attacks. This…
Apache fixed a source code disclosure flaw in Apache HTTP Server
The Apache Foundation addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The Apache Software Foundation has addressed multiple vulnerabilities in its popular Apache HTTP Server. The vulnerabilities include denial-of-service (DoS), remote code execution, and unauthorized…
USENIX Security ’23 – Notice the Imposter! A Study on User Tag Spoofing Attack in Mobile Apps
Authors/Presenters:Shuai Li, Zhemin Yang, Guangliang Yang, Hange Zhang, Nan Hua, Yurui Huang, and Min Yang Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s…
Qilin Attack On London Hospitals Leaves Cancer Patient With No Option
The latest figures suggest that nearly 1,500 medical operations have been cancelled at some of London’s leading hospitals in the four weeks following Qilin’s ransomware attack on pathology services provider Synnovis. But perhaps no one was more severely impacted…
Security Affairs Malware Newsletter – Round 1
Today marks the launch of the Security Affairs newsletter, specializing in Malware. This newsletter complements the weekly one you already receive. Each week, it will feature a collection of the best articles and research on malware. CapraTube Remix | Transparent…
Critical npm Account Takeover Vulnerability Sold on Dark Web
A cybercriminal known as Alderson1337 has emerged on BreachForums, offering a critical exploit targeting npm accounts. This vulnerability poses a significant threat to npm, a crucial package manager for JavaScript managed by npm, Inc., a subsidiary of GitHub. Alderson1337…
The Decline of Serverless Computing: Lessons For Enterprises To Learn
In the rapidly changing world of cloud technology, serverless computing, once hailed as a groundbreaking innovation, is now losing its relevance. When it first emerged over a decade ago, serverless computing promised to free developers from managing detailed compute and…
Applying Bloch’s Philosophy to Cyber Security
Ernst Bloch, a luminary in the realm of philosophy, introduced a compelling concept known as the “Not-Yet” — a philosophy that envisions the future as a realm of potential and possibility. Bloch’s ideas revolve around the belief that the world…
Breaking the Silence: The OpenAI Security Breach Unveiled
In April 2023, OpenAI, a leading artificial intelligence research organization, faced a significant security breach. A hacker gained unauthorized access to the company’s internal messaging system, raising concerns about data security, transparency, and the protection of intellectual property. In this…
Twilio Alerts Authy Users of Potential Security Risks Involving Phone Numbers
The U.S. messaging giant Twilio has been accused of stealing 33 million phone numbers over the past week as a result of a hacker’s exploit. Authy, a popular two-factor authentication app owned by Twilio that uses the phone numbers…
Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. GootLoader is still…
Alabama State Department of Education suffered a data breach following a blocked attack
Alabama’s education superintendent disclosed a data breach following a hacking attempt on the Alabama State Department of Education. The Alabama State Department of Education announced it had thwarted a ransomware attack on June 17, however, threat actors accessed some data…
Week in review: A need for a DDoS response plan, human oversight in AI-enhanced software development
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 4 key steps to building an incident response plan In this Help Net Security interview, Mike Toole, head of security and IT at Blumira, discusses…
Russian-Linked Cybercampaigns put a Bull’s-Eye on France. Their Focus? The Olympics and Elections
Baptiste Robert, a French cybersecurity expert, called on his government – and especially lawmakers – to prepare for the digital threats to come. The post Russian-Linked Cybercampaigns put a Bull’s-Eye on France. Their Focus? The Olympics and Elections appeared first…
CVE-2024-6387: New OpenSSH RegreSSHion Vulnerability Gives Hackers Root Access on Linux Servers – 700,000+ Linux Boxes Potentially at Risk
Labeled as CVE-2024-6387, the recently discovered vulnerability in OpenSSH has become a serious cause for concern among Linux servers. OpenSSH is a collection of networking tools built on the Secure Shell (SSH) protocol. It is widely utilized to secure remote…