Aggregator

Crypto is here to stay, and regulators worldwide know it. The European Union set out to be one of th

Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risks—download the full report here. New research by web exposure management specialist Reflectiz reveals several

An increase in compliance activities such as the creation of software bills of materials (SBOMs)

An increase in compliance activities such as the creation of software bills of materials (SBOMs), performing software composition analysis (SCA) scans on code repositories, and securing the attack surface created by artificial intelligence (AI) applications are among the key software security trends highlighted in the latest edition of the Building Security in Maturity Model (BSIMM) report.

The post BSIMM15 highlights compliance and AI security: Why modern tooling is key appeared first on Security Boulevard.

Malware / Enterprise SecurityEnterprise-grade Juniper Networks routers have become the target of

Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the threat actor in TCP traffic.  "J-magic campaign marks the rare occasion of malware designed&

IntroductionOn November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’

Автоматический выход отправляется на цифровую свалку.

In a candid discussion with HackerNoon, the leadership team of Fedrok AG detail their journey into e

The development of generative AI offered both opportunities for beneficial productivity transformation and opportunities for malicious exploitation.  GhostGPT, an uncensored AI chatbot created specifically for cybercrime, is the most recent threat in this domain. GhostGPT, which researchers at Abnormal Security identified, is a new frontier in the use of artificial intelligence for illicit activities, such […]

The post GhostGPT – New AI Black Hat Tool Used by Hackers to Generative Malware & Exploits appeared first on Cyber Security News.

After TikTok was briefly banned in the US last weekend, an unusual phenomenon unearthed. Report

Cybersecurity researchers have uncovered a new large-scale campaign invol

Fall was a busy conference

Fall was a busy conference season for Tidal Cyber. My colleagues and I participated in events including Black Hat, FutureCon, Health-ISAC, FS-ISAC, ATT&CKCon, and numerous regional Cybersecurity Summits. As we spoke with attendees, one of the big takeaways was that organizations are trying to understand their risk associated with using AI. Rick Gordon and I had the opportunity to dig into this in more detail at the ACSC 2024 Annual Member Conference. The theme was “Developing AI Governance and Security Practice”, and several discussions focused on how organizations can assess the risk versus the reward of bringing AI into their organization as a business tool. 

The post Operationalizing MITRE ATLAS to Defend Against Attacks on AI appeared first on Security Boulevard.

Published: 22 January 2025 at 14:45 UTC

US agencies revealed Chinese threat actors used two advanced exploit chains to breach Ivanti Cloud Service Appliances (CSA). The US government’s cybersecurity and law enforcement revealed that Chinese threat actors used at least two sophisticated exploit chains to compromise Ivanti Cloud Service Appliances (CSA). A CISA and FBI published a joint advisory warning that Chinese hackers […]

Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

A vulnerability classified as problematic was found in HCL BigFix Patch Management Download Plug-ins up to 1177. This vulnerability affects unknown code. The manipulation leads to download of code without integrity check. This vulnerability was named CVE-2024-42183. It is possible to launch the attack on the local host. There is no exploit available.