Author: Admin
September 18, 2024Ravi LakshmananMobile Security / Encryption The GSM Association, the governing body that oversees the development of the Rich Communications Services (RCS) protocol, said on Tuesday it is working to implement end-to-end encryption (E2EE) to secure messages sent between the Android and iOS ecosystems. “The next important milestone is the addition of a universal RCS profile to important user protections such as compatible end-to-end encryption,” Tom Van Pelt, CTO, GSMA said. “This will be the first deployment of a standardized, interoperable message encryption between different computing platforms that solves significant technical challenges such as key federation and group membership…
September 18, 2024Ravi LakshmananVirtualization / Network Security Broadcom on Tuesday released updates to address a critical security flaw affecting VMware vCenter Server that could open the way for remote code execution. The vulnerability tracked as CVE-2024-38812 (CVSS score: 9.8) was described as a heap overflow vulnerability in DCE/RPC protocol. “An attacker with network access to vCenter Server could cause this vulnerability by sending a specially crafted network packet that could potentially lead to remote code execution,” the virtualization service provider. said in the bulletin. The flaw is similar to two other remote code execution flaws, CVE-2024-37079 and CVE-2024-37080 (CVSS scores:…
September 17, 2024Ravi LakshmananArtificial intelligence / regulatory compliance Meta has announced that it will begin training its artificial intelligence (AI) systems in the coming months using publicly available content shared by adult users on Facebook and Instagram in the UK. “This means that our generative AI models will reflect British culture, history and idioms, and that UK companies and institutions will be able to use the latest technology,” the social media giant said. said. As part of the process, users aged 18 and over are expected to receive in-app notifications starting this week on both Facebook and Instagram explaining how…
September 17, 2024Ravi LakshmananSpyware / Privacy The US Treasury Department has imposed new sanctions against five executives and one entity associated with the Intellexa consortium for their role in the development, operation and distribution of commercial spyware called Predator. “The United States will not tolerate the mindless proliferation of disruptive technologies that threaten our national security and undermine the privacy and civil liberties of our citizens,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “We will continue to prosecute those who seek to promote the spread of exploitative technologies, while encouraging the responsible…
September 17, 2024Ravi LakshmananBrowser Security / Quantum Computing Google has announced that it is switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to protect against the risk posed by cryptographically compliant quantum computers (CRQC). “Chrome Offers Key Share Prediction for Hybrid ML-KEM (Code Point 0x11EC)” by David Adrian, David Benjamin, Bob Beck, and Devon O’Brien of the Chrome Team said. “PostQuantumKeyAgreementEnabled flag and company policy will apply to both Kyber and ML-KEM.” The changes are expected to take effect in Chrome version 131, which is available on track for release in early…
September 17, 2024Hacker newsGenAI Security / SaaS Security Since ChatGPT launched in 2022, OpenAI has defied expectations with a steady stream of product announcements and improvements. One such message was made on May 16, 2024, and it probably seemed innocuous to most consumers. Titled “Data Analysis Improvements in ChatGPT”, The post shows how users can add files directly from Google Drive and Microsoft OneDrive. It should be noted that other genAI tools such as Google AI Studio and Claude Enterprise have also recently added similar capabilities. Great, right? Maybe When you connect your organization’s Google Drive or OneDrive account to…
September 17, 2024Ravi LakshmananCryptocurrency / Malware Cryptocurrency exchange Binance is warning of an “ongoing” global threat targeting cryptocurrency users with clipper malware to facilitate financial fraud. Clipper malware, also known as ClipBankersis a type of malware which Microsoft calls crying softwarewhich comes with capabilities to monitor the victim’s clipboard activities and steal sensitive data that the user copies, including replacing cryptocurrency addresses with addresses under the attacker’s control. In this case, digital asset transfers initiated on the compromised system are routed to a fake wallet instead of the intended destination address. “During cut and switch, the critical software monitors the…
September 17, 2024Ravi LakshmananSoftware Security / Data Protection SolarWinds has released patches to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could lead to remote code execution. Vulnerability, tracked as CVE-2024-28991rated 9.0 out of a maximum of 10.0 on the CVSS grading system. This has been described as an instance of untrusted data deserialization. “SolarWinds Access Rights Manager (ARM) has been found to be vulnerable to a remote code execution vulnerability,” the company said in a statement. said in the consulting room. “If exploited, this vulnerability would allow an authenticated user to…
September 16, 2024Hacker newsPayment Security / Data Protection The PCI DSS landscape is evolving rapidly. As the Q1 2025 deadline looms large, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are of concern because they require organizations to strictly control and manage payment page scripts and use a robust change detection mechanism. With the deadline fast approaching and the serious consequences of non-compliance, there is no room for complacency, so in this article we will look at the best way to meet these complex coding requirements. PCI DSS…
September 16, 2024Ravi LakshmananFinancial Security / Malware Cybersecurity researchers continue to warn of attempts by North Korean threat actors to direct potential victims to LinkedIn to deliver malware called RustDoor. The latest advisory comes from Jamf Threat Labs, which said it discovered an attempted attack in which a user contacted a professional social network claiming to be a recruiter for a legitimate decentralized cryptocurrency exchange (DEX) called STON.fi. The malicious cyber activity is part of a multi-pronged campaign by cyber threat actors supported by the Democratic People’s Republic of Korea (DPRK) to infiltrate networks of interest under the guise of…