Aggregator

==========================================================================Ubuntu Security Notice U

Online brand impersonation is an insidious threat compared to more straightforward attacks. Ransomware, for example, is simply extortion. A cybercriminal encrypts your data, holds it hostage, and demands payment in exchange for encryption keys. The consequences of the attack are either the loss of data or the cost of the ransom (and associated downtime). Online […]

The post Cost of Online Brand Impersonation: Customer Acquisition and Loyalty first appeared on alluresecurity.

The post Cost of Online Brand Impersonation: Customer Acquisition and Loyalty appeared first on Security Boulevard.

AI, Security Experts Discuss Who Defines the Risks, Mitigation Efforts
An attempt by the California statehouse to tame the potential of artificial intelligence catastrophic risks hit a roadblock when Governor Gavin Newsom vetoed the measure late last month. One obstacle is lack of a widely-accepted definition for "catastrophic" AI risks.

Also: AI Safety Bill Vetoed, Global Ransomware Response Guide Gets Some Revisions
In the latest weekly update, ISMG editors discussed the implications of the U.S. investigation into Chinese hackers targeting telecom wiretap systems, the catastrophic risks of AI and the recent veto of an AI safety bill in the U.S., and the latest global ransomware response guidance.

Ransomware Gang Could Have Axis Health's Mental Health, Drug Abuse Records
Ransomware gang Rhysida is threatening to dump data on the darkweb that belongs to a Colorado provider of mental health, substance abuse and other healthcare services unless it pays nearly $1.5 million. The group is leaking records it claims to have stolen from a Mississippi nursing home.

Agency Says Cookies Could Help Attackers Find Network Assets, Vulnerabilities
Unencrypted cookies tied to a suite of secure gateway technology from F5 are gateways for hackers to reach internal devices on corporate networks, warns the Cybersecurity and Infrastructure Security Agency. BIG-IP uses persistent cookies as a traffic load-balancing convenience.

This year’s Cyber Security Awareness Month theme is “Generation Cyber Safe: Because online security knows no age”, but what does that mean? The annual theme of

The post Generational security: The meaning behind this year’s Cyber Security Awareness Month theme appeared first on Security Boulevard.

Companies are putting "AI" in just about all of their products, which opens up new security holes. LLM SecOps and ML SecOps are becoming must-have skills.

Threat detection tools yield too many false positives, security pros say, leading to burnout and resentment.

Эксперты предупреждают о растущей опасности взлома умных устройств.

Бактериофаги, найденные на зубных щетках, могут помочь в борьбе с инфекциями.

The hotel giant will be held to higher security standards in a series of proposed requirements, including implementing a new annually reviewed security program.

A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail leads to sql injection. This vulnerability is traded as CVE-2024-9894. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Fermax Asia Pacific com.fermax.vida 2.4.6. This issue affects some unknown processing of the component Firmware Update Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-48774. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in LEDVANCE com.ledvance.smartplus.eu 2.1.10. This vulnerability affects unknown code of the component Firmware Update Handler. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-48777. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in SAMPMAX com.sampmax.homemax 2.1.2.7. This affects an unknown part of the component Firmware Update Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-48784. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in com.wisdomcity.zwave 1.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Firmware Update Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-48770. The attack may be launched remotely. There is no exploit available.