Aggregator

When a large hospital in an urban area is shut down by ransomware, the disruption can be significant, but when a rural hospital faces a similar cyber outage, the impact on patient safety and the community can be extreme, said Nitin Natarajan of the Cybersecurity and Infrastructure Security Agency.

Academics Build AI Agent With OpenAI to Execute Phone Scams at Scale
Hackers can use OpenAI's real-time voice API to carry out for less than a dollar deepfake scams involving voice impersonations of government officials or bank employees to swindle victims, said researchers at the University of Illinois Urbana-Champaign.

Forrester's Cody Scott on Why 2025 Will Be Pivotal for Security Leaders
Forrester's 2025 Predictions for Cybersecurity, Risk and Privacy report forecasts that security leaders will scale back generative AI investments by 10%. AI productivity gains have fallen short of expectations, forcing CISOs to reprioritize budgets and reassess gen AI’s role in security operations.

Series D Funding on $4.2B Valuation to Support OT, Medical Device Security Growth
Armis has closed a $200 million Series D funding round on a $4.2 billion valuation to drive growth in cyber exposure management with a focus on acquisitions and federal expansion. CEO Yevgeny Dibrov says the funds will accelerate Armis' work in operational technology and medical device security.

US Treasury Issues Regulations Restricting Investments in Foreign Semiconductors, AI
The U.S. Department of Treasury published final regulations Monday for investors planting dollars abroad that aims to restrict investments from the United States into sensitive technologies developed by foreign adversaries while continuing to ensure open investments practices remain intact.

Authors/Presenters:Cassie Crossley

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – AppSec Village – The Missing Link – How We Collect And Leverage SBOMs appeared first on Security Boulevard.

A vulnerability, which was classified as critical, was found in Pylons Waitress up to 3.0.0. This affects the function getpeername. The manipulation leads to missing release of resource. This vulnerability is uniquely identified as CVE-2024-49769. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Erudika scoold up to 1.63.x. Affected by this issue is some unknown functionality of the file /api of the component Setting Handler. The manipulation leads to authentication bypass using alternate channel. This vulnerability is handled as CVE-2024-50334. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Kyverno up to 1.12.x on Kubernetes. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper authorization. This vulnerability is known as CVE-2024-48921. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Pylons Waitress up to 3.0.0 on Python. Affected is the function recv_bytes of the component HTTP Pipelining Handler. The manipulation leads to time-of-check time-of-use. This vulnerability is traded as CVE-2024-49768. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS up to 10.12.3 and classified as critical. This vulnerability affects unknown code of the component Kernel. The manipulation leads to memory corruption. This vulnerability was named CVE-2017-2401. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in rxvt 2.6.2. This affects the function tt_printf. The manipulation of the argument -T/-name leads to memory corruption. This vulnerability is uniquely identified as CVE-2001-1077. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

DarkRaaS is Allegedly Selling Access to an Unidentified Oil and Gas Company