π΄ WormGPT Heralds An Era of Using AI Defenses to Battle AI Malware π΄
π Read
via "Dark Reading".
AI-aided BEC, malware, and phishing attacks will push organizations to level up with generative AI and better protect their users, data, and networks.π Read
via "Dark Reading".
Dark Reading
WormGPT Cybercrime Tool Heralds an Era of AI Malware vs. AI Defenses
A black-hat alternative to GPT models specifically designed for malicious activities like BEC, malware, and phishing attacks is here, and will push organizations to level up with generative AI themselves.
π¦Ώ Gartner: Due to stress, half of cyber leaders will change jobs, and a quarter will quit the field π¦Ώ
π Read
via "Tech Republic".
Among the strategic propositions in Gartner's 2023-2024 cybersecurity outlook are that organizations need to institute cultural changes to lower pressure on security teams.π Read
via "Tech Republic".
TechRepublic
Gartner: Due to stress, half of cyber leaders will change jobs, and a quarter will quit the field
Among the strategic propositions in Gartner's 2023-2024 cybersecurity outlook are that organizations need to institute cultural changes to lower pressure on security teams.
π€―1
π΄ How the EU AI Act Will Affect Businesses, Cybersecurity π΄
π Read
via "Dark Reading".
The draft AI Act represents a significant step in regulating AI technologies, recognizing the need to address the potential risks and ethical concerns.π Read
via "Dark Reading".
Dark Reading
How the EU AI Act Will Affect Businesses, Cybersecurity
Recognizing the need to address potential risks and ethical concerns, the draft AI Act represents a significant step in regulating AI technologies.
π΄ Orca Sues Wiz for 'Copying' Its Cloud Security Tech π΄
π Read
via "Dark Reading".
Two fierce cloud security competitors are locked in a legal battle, as Orca accuses Wiz of ripping off its intellectual property.π Read
via "Dark Reading".
Dark Reading
Orca Sues Wiz for 'Copying' Its Cloud Security Tech
Two fierce cloud security competitors are locked in a legal battle, as Orca accuses Wiz of ripping off its intellectual property.
βΌ CVE-2023-34458 βΌ
π Read
via "National Vulnerability Database".
mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on a targeted account. The fix is a breaking change so a new flag `RelayedNonceFixEnableEpoch` was needed. This was a strict processing issue while validating blocks on a chain. This vulnerability has been patched in version 1.4.17.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42045 βΌ
π Read
via "National Vulnerability Database".
Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30559 βΌ
π Read
via "National Vulnerability Database".
The configuration from the PCU can be modified without authentication using physical connection to the PCU.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30560 βΌ
π Read
via "National Vulnerability Database".
The configuration from the PCU can be modified without authentication using physical connection to the PCU.π Read
via "National Vulnerability Database".
π΄ Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub π΄
π Read
via "Dark Reading".
A cyber attacker gives defenders a taste of their own medicine, with GitHub honeypots concealing infostealers.π Read
via "Dark Reading".
Dark Reading
Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub
A cyber attacker gives defenders a taste of their own medicine, with GitHub honeypots concealing infostealers.
π΄ Cybersecurity Leaders Report Reduction in Disruptive Cyber Incidents With MSS/MDR Solutions π΄
π Read
via "Dark Reading".
Optiv survey highlights organizations' need for talent, challenges with sophistication of threat actors and expanding attack surface. π Read
via "Dark Reading".
Dark Reading
Cybersecurity Leaders Report Reduction in Disruptive Cyber Incidents With MSS/MDR Solutions
Optiv survey highlights organizations' need for talent, challenges with sophistication of threat actors and expanding attack surface.
π΄ Facebook and Microsoft are the Most Impersonated Brands in Phishing Attacks π΄
π Read
via "Dark Reading".
Vade's phishing and malware report reveals phishing volumes increased by more than 54% in H1 2023.π Read
via "Dark Reading".
Dark Reading
Facebook and Microsoft are the Most Impersonated Brands in Phishing Attacks
Vade's phishing and malware report reveals phishing volumes increased by more than 54% in H1 2023.
π΄ Safe Security Acquires RiskLens π΄
π Read
via "Dark Reading".
A combination of SAFE Platform's industry defining AI capabilities coupled with the industry standard FAIR model for cyber risk quantification, that was pioneered by RiskLens.π Read
via "Dark Reading".
Dark Reading
Safe Security Acquires RiskLens
A combination of SAFE Platform's industry defining AI capabilities coupled with the industry standard FAIR model for cyber risk quantification, that was pioneered by RiskLens.
π΄ Secure Code Warrior Ushers in Next Era in Developer Driven Security With $50M Series C Funding Round π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Secure Code Warrior Ushers in Next Era in Developer Driven Security With $50M Series C Funding Round
Boston, London, Sydney β July 13, 2023 β Secure Code Warrior, the leading agile learning platform for developer-driven security leaders, today announced it closed its Series C funding round, led by Paladin Capital Group. At $50M USD, this marks the largestβ¦
π΄ Black Hat Announces Sustainability Pledge π΄
π Read
via "Dark Reading".
Pledge stems from Black Hatβs commitment to become a net zero carbon business by 2030.π Read
via "Dark Reading".
Dark Reading
Black Hat Announces Sustainability Pledge
Pledge stems from Black Hatβs commitment to become a net zero carbon business by 2030.
π΄ Secure Code Warrior Raises $50M to Accelerate Product Innovation π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Secure Code Warrior Raises $50M to Accelerate Product Innovation
Secure Code Warrior closed its Series C funding round, led by Paladin Capital Group. At $50 million, this marks the largest investment since the company's inception, bringing its total funding to date to over $100 million.
π΄ Introducing EncryptionSafe: A Free and Easy-to-Use Encryption App for Windows PC π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Introducing EncryptionSafe: A Free and Easy-to-Use Encryption App for Windows PC
ALEXANDRIA, Va., July 13, 2023 /PRNewswire/ -- SmartPC Tools, a leading provider of innovative software solutions, released EncryptionSafe, a free, easy to use encryption application designed specifically for Windows PCs. With the ever-increasing amount ofβ¦
βοΈ SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge βοΈ
π Read
via "Krebs on Security".
[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.]It was around 9 p.m. on Sunday, July 19, when I received a message through the contact form on KrebsOnSecurity.com that the marital infidelity website AshleyMadison.com had been hacked. The message contained links to confidential Ashley Madison documents, and included a manifesto that said a hacker group calling itself the Impact Team was prepared to leak data on all 37 million users unless Ashley Madison and a sister property voluntarily closed down within 30 days.π Read
via "Krebs on Security".
Krebs on Security
SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge
[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.] It was around 9 p.m. on Sunday, July 19, when I received aβ¦
π΄ White House Fills in Details Of National Cybersecurity Strategy π΄
π Read
via "Dark Reading".
While the plan may convey the right kind of urgency, it lacks both funding and bipartisan support, industry professionals say.π Read
via "Dark Reading".
Dark Reading
White House Fills in Details of National Cybersecurity Strategy
While the plan may convey the right kind of urgency, it lacks both funding and bipartisan support, industry professionals say.
βΌ CVE-2023-37598 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36473 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35945 βΌ
π Read
via "National Vulnerability Database".
Envoy is a cloud-native high-performance edge/middle/service proxy. EnvoyΓ’β¬β’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.π Read
via "National Vulnerability Database".