Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team. “Once…
Tag: EN
Google Chrome Zero-day Exploited in the Wild, Patch Now
Google has urgently updated its Chrome browser across all platforms after a critical vulnerability, identified as CVE-2024-4671, was found being actively exploited. Users are strongly advised to update their browsers immediately to prevent potential security breaches. CVE-2024-4671: Details and Impact…
Best Practices for Companies in protection of User Data
In today’s digital age, where data breaches and cyber threats are rampant, safeguarding user data has become paramount for companies across industries. With increasing concerns about privacy and data security, businesses must prioritize robust measures to protect the sensitive information…
Stack Overflow Users Delete Posts in Protest Over OpenAI Partnership
Several Stack Overflow users have begun deleting their contributions from the platform, a move that has sparked widespread debate within the developer community. This action follows a newly announced partnership between Stack Overflow and OpenAI, detailed in a press release…
Dell Hacked – Attackers Stolen 49 Million Customers Personal Information
Dell Technologies recently disclosed a data breach involving a company portal that contained limited customer information related to purchases. The breach exposed customer names, physical addresses, and detailed order information, including service tags, item descriptions, order dates, and warranty details.…
Britain NCSC faces Password Embarrassment
The inception of the National Cyber Security Centre (NCSC) of the United Kingdom in 2016 marked a pivotal step in issuing alerts concerning cyber attacks and hacking incidents. Tasked as the cyber arm of GCHQ (Government Communications Headquarters), its primary…
Warning! Google Chrome Zero-day Vulnerability Exploited in Wild
Google released a critical security update for its Chrome web browser to address attackers exploiting a high-severity vulnerability. The update brings Chrome to version 124.0.6367.201 for Windows, Mac, and Linux users on the Stable release channel. The vulnerability, tracked as…
Citrix warns customers to update PuTTY version installed on their XenCenter system manually
Citrix urges customers to manually address a PuTTY SSH client flaw that could allow attackers to steal a XenCenter admin’s private SSH key. Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR used PuTTY, a third-party component, for SSH connections…
May 2024 Patch Tuesday forecast: A reminder of recent threats and impact
The thunderstorms of April patches have passed, and it has been pretty calm leading up to May 2024 Patch Tuesday. April 2024 Patch Tuesday turned out to be a busy one with 150 new CVEs addressed by Microsoft. There were…
How secure is the “Password Protection” on your files and drives?
People in certain professions, such as healthcare, law, and corporations, often rely on password protection when sending files via email, believing it provides adequate security against prying eyes. However, simple password protection on a PDF or Excel file is not…
Researchers Hacked Apple Infrastructure Using SQL Injection
Researchers found several points of entry for potential attackers, one of which was Apple’s Book Travel portal, where they took advantage of a significant SQL injection vulnerability. Experimenting with the Masa/Mura CMS revealed the attack surface, primarily the one available…
Cybercriminals are getting faster at exploiting vulnerabilities
Cybercriminals are targeting the ever-increasing number of new vulnerabilities resulting from the exponential growth in the number and variety of connected devices and an explosion in new applications and online services, according to Fortinet. It’s only natural that attacks looking…
Nmap 7.95 released: New OS and service detection signatures
Nmap is a free, open-source tool for network discovery and security auditing. It’s valued by systems and network administrators for network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap identifies available hosts on a network, the…
Selfie spoofing becomes popular identity document fraud technique
Document image-of-image was the most prevalent identity (ID) document fraud technique in 2023, occurring in 63% of all IDs that were rejected, according to Socure. Selfie spoofing and impersonations dominate document-related identity fraud Document image-of-image occurs when the user takes…
GenAI enables cybersecurity leaders to hire more entry-level talent
93% of security leaders said public GenAI was in use across their respective organizations, and 91% reported using GenAI specifically for cybersecurity operations, according to Splunk. A total of 1,650 security leaders participated in the global survey, with many reporting…
New infosec products of the week: May 10, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Abnormal Security, AuditBoard, Cranium, Datadog, Eclypsium, ExtraHop, Forcepoint, SentinelOne, Splunk, Sumo Logic, and Trellix. AuditBoard enhances InfoSec Solutions to reduce compliance fatigue across the organization…
ISC Stormcast For Friday, May 10th, 2024 https://isc.sans.edu/podcastdetail/8976, (Fri, May 10th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, May 10th, 2024…
Researchers Hacked into Apple Infrastructure Using SQL Injection
Researchers found several points of entry for potential attackers, one of which was Apple’s Book Travel portal, where they took advantage of a significant SQL injection vulnerability. Experimenting with the Masa/Mura CMS revealed the attack surface, primarily the one available…
The Post Millennial – 26,818,266 breached accounts
In May 2024, the conservative news website The Post Millennial suffered a data breach. The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical…
5 Reasons Structured Cabling Networks are Critical for IT Security Management
A robust IT infrastructure is non-negotiable in today’s digital age. Central to this infrastructure is structured cabling, the unsung hero ensuring that data flows securely and efficiently across networks. As cyber threats grow more sophisticated, the strategic importance of structured…