Tag: attack
-
Slashdot: Chinese Hacker Singlehandedly Responsible For Exploiting 81,000 Sophos Firewalls, DOJ Says
Source URL: https://it.slashdot.org/story/24/12/17/1745239/chinese-hacker-singlehandedly-responsible-for-exploiting-81000-sophos-firewalls-doj-says?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Chinese Hacker Singlehandedly Responsible For Exploiting 81,000 Sophos Firewalls, DOJ Says Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a significant cybersecurity incident involving a Chinese hacker and the associated compromising of firewalls that protect US critical infrastructure. The indictment highlights the escalation of cyber threats…
-
Alerts: CISA Adds One Known Exploited Vulnerability to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2024/12/17/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-55956 Cleo Multiple Products Unauthenticated File Upload Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose…
-
Simon Willison’s Weblog: Quoting Johann Rehberger
Source URL: https://simonwillison.net/2024/Dec/17/johann-rehberger/ Source: Simon Willison’s Weblog Title: Quoting Johann Rehberger Feedly Summary: Happy to share that Anthropic fixed a data leakage issue in the iOS app of Claude that I responsibly disclosed. 🙌 👉 Image URL rendering as avenue to leak data in LLM apps often exists in mobile apps as well — typically…
-
CSA: Decoding the Volt Typhoon Attacks: Analysis & Defense
Source URL: https://insidersecurity.co/insidersecurity-analysis-for-volt-typhoon-attacks-stealthy-apt-campaign/ Source: CSA Title: Decoding the Volt Typhoon Attacks: Analysis & Defense Feedly Summary: AI Summary and Description: Yes Summary: The analysis of the Volt Typhoon cyber campaign highlights advanced tactics targeting critical infrastructure and emphasizes the importance of behavioral analytics in identifying and mitigating such threats. This response is particularly relevant for…
-
The Register: Australia moves to drop some cryptography by 2030 – before quantum carves it up
Source URL: https://www.theregister.com/2024/12/17/australia_dropping_crypto_keys/ Source: The Register Title: Australia moves to drop some cryptography by 2030 – before quantum carves it up Feedly Summary: The likes of SHA-256, RSA, ECDSA and ECDH won’t be welcome in just five years Australia’s chief cyber security agency has decided local orgs should stop using the tech that forms the…
-
Simon Willison’s Weblog: Security ProbLLMs in xAI’s Grok: A Deep Dive
Source URL: https://simonwillison.net/2024/Dec/16/security-probllms-in-xais-grok/#atom-everything Source: Simon Willison’s Weblog Title: Security ProbLLMs in xAI’s Grok: A Deep Dive Feedly Summary: Security ProbLLMs in xAI’s Grok: A Deep Dive Adding xAI to the growing list of AI labs that shipped feature vulnerable to data exfiltration prompt injection attacks, but with the unfortunate addendum that they don’t seem to…
-
The Register: Ransomware scum blow holes in Cleo software patches, Cl0p (sort of ) claims responsibility
Source URL: https://www.theregister.com/2024/12/16/ransomware_attacks_exploit_cleo_bug/ Source: The Register Title: Ransomware scum blow holes in Cleo software patches, Cl0p (sort of ) claims responsibility Feedly Summary: But can you really take crims at their word? Supply chain integration vendor Cleo has urged its customers to upgrade three of its products after an October patch was circumvented, leading to…