Aggregator

Hackers can potentially use AI to manipulate data that's generated and shared by some health apps, diminishing the data's accuracy and integrity, said Sina Yazdanmehr and Lucian Ciobotaru of cybersecurity firm Aplite, describing a recent research project involving Google Health Connect.

Crimenetwork Served as a Platform for Illegal Goods and Services
German police arrested the suspected administrator of the largest German-speaking underground markets for illegal goods and services. Crimenetwork, online since 2012, was used to sell stolen data, drugs and forged documents. The platform had more than 100,000 users and 100 sellers.

Gravy Analytics and Mobilewalla Ordered to Implement Stronger Consent Measures
Two data brokers pledged to stop using geolocation data gleaned from smartphones to sell services that provide a window to the intimate lives of Americans. "Surreptitious surveillance by data brokers undermines our civil liberties," an U.S. Federal Trade Commission official said.

Privacy Advocates Warn of Risks from Expanding DHS Use of AI and Facial Recognition
The U.S. Department of Homeland Security is reportedly expanding its use of emerging surveillance tools, including drones and artificial intelligence, without proper safeguards as experts warn of potential privacy violations and risks involving facial recognition and third-party data usage.

French Police Reportedly Detain Accused Ryuk Money Launderer Ekaterina Zhdanova
An international investigation led by the U.K. busted Russian money cash-for-crypto laundering networks in an operation that's led to the arrest of 84 individuals and U.S. sanctions against others. One of the network allegedly laundered extortion money paid to the Ryuk ransomware group.

<p>From the team that brought you COFF Loader, CS-Situational-Awareness-BOF, CS-Remote-OPs-BOF, and numerous blogs on BOFs, we are excited to release our first on-demand class: Building BOFs. TrustedSec has had private…</p>

Digital Marketing: Empowering Decision-Making with AI-Driven Data Analytics

FBI shares tips on how to tackle AI-powered fraud schemes

A vulnerability, which was classified as problematic, has been found in Pensacola Web Designs Xtremeasp Photogallery 2.0. Affected by this issue is some unknown functionality of the file displaypic.asp. The manipulation of the argument catname leads to basic cross site scripting. This vulnerability is handled as CVE-2006-6936. The attack may be launched remotely. Furthermore, there is an exploit available.

Best practices suggestions: Cell phone data forensics

As the tokenized economy expands, the digital landscape is reshaped by decentralized systems and new forms of asset ownership. In this Help Net Security video, Jeremy Bradley, COO of Zama, explores the emerging privacy-preserving technologies that can help solve this challenge, focusing on Fully Homomorphic Encryption (FHE), which enables data to remain encrypted even during processing, positioning it as a potential cornerstone for secure, decentralized environments.

The post Building trust in tokenized economies appeared first on Help Net Security.

UK disrupts Russian money laundering networks used by ransomware

A vulnerability, which was classified as problematic, has been found in OpenVAS Manager up to 4.0.3. Affected by this issue is some unknown functionality of the component OMP Authentication Handler. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2013-6765. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apache Struts and classified as critical. Affected by this vulnerability is an unknown functionality of the component ParameterInterceptor. The manipulation with the input ../../ leads to improper access controls. This vulnerability is known as CVE-2012-0393. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in ManageEngine Netflow Analyzer. Affected is an unknown function of the file traceRoute.do. The manipulation of the argument name leads to basic cross site scripting. This vulnerability is traded as CVE-2007-3594. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The Binary Holdings Secures $5 Million From ABO Digital To Expand Their Decentralised Network

Authorities shut down Crimenetwork, the Germany’s largest crime marketplace

A vulnerability, which was classified as very critical, has been found in Oracle PeopleSoft Enterprise PeopleTools 8.56/8.57/8.58. This issue affects some unknown processing of the component Security. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2019-2729. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially allowing attackers to bypass image signature verification. This flaw, which affects several Cisco product lines, could enable unauthorized users to load unverified software onto affected devices. The vulnerability is attributed to insecure bootloader settings within the Cisco NX-OS Software. Exploitation of […]

The post Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in Microsoft Windows up to Server 2022 23H2 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SCSI Class System File. The manipulation leads to numeric truncation error. This vulnerability is known as CVE-2024-21434. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.