Author: Admin
October 26, 2024Ravi LakshmananCyber attack / threat intelligence Ukraine’s Computer Emergency Response Team (CERT-UA) has detailed a new malicious electronic campaign targeting government agencies, businesses and military structures. “Messages use the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust architecture,” CERT-UA said. “These emails contain attachments in the form of Remote Desktop Protocol (‘.rdp’) configuration files.” Once executed, RDP files establish a connection to a remote server, allowing threat actors to remotely access compromised nodes, steal data, and install additional malware for subsequent attacks. Infrastructure preparations for this activity are believed to have been underway…
October 25, 2024Ravi LakshmananWi-Fi Vulnerability / Security A security flaw affecting the Wi-Fi test suite could allow unauthenticated local attackers to execute arbitrary code with elevated privileges. The CERT Coordination Center (CERT/CC) stated that the vulnerability is being tracked as CVE-2024-41992said that sensitive code from the Wi-Fi Alliance was found on Arcadyan FMIMG51AX000J routers. “This flaw allows a local, unauthenticated attacker to exploit Wi-Fi Test Suite by sending specially crafted packets, allowing the execution of arbitrary commands with root privileges on affected routers,” CERT/CC said in a statement. said in an advisory issued Wednesday. Wi-Fi test suite is integrated platform…
Watermark for text generated by LLM Google researchers there is developed watermark for text created by LLM. The basics are pretty obvious: LLM chooses between tokens based in part on a cryptographic key, and someone who knows the key can discover that choice. What makes this difficult is (1) how much text is required for the watermark to work and (2) how robust the watermark is to editing after creation. Google’s version looks pretty good: it can be detected in text up to 200 tokens. tags: academic works, artificial intelligence, cryptography, Google, identification, Master of Laws Posted on October 25,…
October 25, 2024Ravi LakshmananCloud Security / Artificial Intelligence Apple has made its Private Cloud Compute (PCC) Virtual Research Environment (VRE) publicly available, allowing the research community to test and validate the privacy and security guarantees of its offering. PCC which Apple promulgated earlier this June was marketed as “the most advanced security architecture ever deployed for large-scale cloud computing.” With the new technology, the idea is to offload Apple Intelligence’s complex computing queries to the cloud in a way that doesn’t sacrifice user privacy. an apple said it invites “all security and privacy researchers—or those with an interest and technical…
October 25, 2024Ravi LakshmananRegulatory Compliance / Data Breach The U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies with “misleading disclosures” related to a large-scale cyber attack that resulted in SolarWinds hack in 2020. The SEC said the companies — Avaya, Check Point, Mimecastand Unisys – are being punished for how they managed the disclosure process after the SolarWinds Orion software supply chain incident and downplayed the breach, thereby violating the Securities Act of 1933, the Securities Act of 1934 and related regulations thereunder . To that end, Avaya will pay a $1 million fine,…
October 25, 2024Hacker newsArtificial Intelligence / Identity Security Artificial Intelligence (AI) has quickly turned from a futuristic concept into a powerful weapon in the hands of bad actors. Today, AI-based attacks aren’t just theoretical threats – they’re happening across industries and outpacing traditional defense mechanisms. The solution, however, is not futuristic. It turns out that a properly designed identity security platform can provide fraud protection using artificial intelligence. Learn more about how a secure identity platform can eliminate AI deepfakes and serve as a critical component of this new era of cyber defense. The threat of AI impersonation fraud is…
October 25, 2024Ravi LakshmananDigital Advertising / Privacy Ireland’s data protection authority fined LinkedIn 310 million euros ($335 million) on Thursday for violating the privacy of its users by conducting behavioral analysis of personal data to target advertising. “The investigation examined LinkedIn’s processing of personal data for the purposes of behavioral analysis and targeted advertising of users who have created LinkedIn profiles (members),” Data Protection Commission (DPC) said. “The decision (…) concerns the legality, fairness and transparency of this processing.” The fine was imposed in accordance with the European Union (EU) General Data Protection Regulation (GDPR), an information privacy law that…
October 24, 2024Ravi LakshmananRansomware / Cybercrime Cybersecurity researchers have discovered an advanced version of the Qilin ransomware that features increased sophistication and evasive tactics. The new variant is tracked by cyber security company Halcyon under the alias Qilin.B. “Notably, Qilin.B now supports AES-256-CTR encryption for AESNI-capable systems, while retaining Chacha20 for systems without such support,” Halcyon Research Team said in a report shared with The Hacker News. “Additionally, RSA-4096 with OAEP padding is used to protect the encryption keys, making it impossible to decrypt the files without the attacker’s private key or derived seed values.” Tilin, also known as Agendafirst…
Vulnerability in AWS Cloud Development Kit exposes users to possible account hijacking risks
Cybersecurity researchers have discovered a security flaw affecting the Amazon Web Services (AWS) Cloud Development Kit (CDK) that could lead to account hijacking under certain circumstances. “The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, leading to full account takeover,” Aqua said in the report shared with The Hacker News. After responsible disclosure on June 27, 2024, the issue was reviewed by project support specialists at CDK version 2.149.0 released in July. AWS CDK is an open source software development framework for defining cloud application resources using Python,…
October 24, 2024Ravi LakshmananVulnerability / Network Security Cisco said on Wednesday that it has released updates to address a widely used security flaw in the Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. Vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA software and Cisco Firepower Threat Defense (FTD). A security issue caused by resource exhaustion can be exploited by unauthenticated remote attackers to cause a DoS of the RAVPN service. “An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an…