Category: Cyber Security

Mar 13, 2024NewsroomPatch Tuesday / Software Update Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution. Of the 61 vulnerabilities, two are rated Critical, 58 are rated Important, and one is […]

COMMENTARY Cyber-incident attribution gets a lot of attention, for good reasons. Identifying the actor(s) behind an attack enables taking legal or political action against the adversary and helps cybersecurity researchers recognize and prevent future threats.  As I wrote in the first part of this series, attribution is both a technical and analytical process. Therefore, extracting the […]

AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to confirm the legitimacy of all the data in the database, […]

Mar 13, 2024NewsroomLarge Language Model / AI Security Google’s Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The findings come from HiddenLayer, which said the issues impact consumers using Gemini Advanced with Google Workspace as well […]

DarkGate malware operators have been exploiting a now-patched Windows SmartScreen bypass flaw through a phishing campaign that distributes fake Microsoft software installers to propagate the malicious code. Trend Micro researchers, among others, discovered a then zero-day Internet Shortcut Files security feature bypass vulnerability tracked as CVE-2024-21412 earlier this year, which Microsoft patched as part of its […]

Microsoft is once again harassing Google Chrome users on Windows 10 and Windows 11 with popup desktop advertisements promoting Bing and its GPT-4 Bing Chat platform. However, due to the quality of the pixelated ads, some who received them were concerned that they were being displayed by malware, even though the embedded links led directly to Microsoft. […]

Mar 13, 2024The Hacker NewsSaaS Security / Webinar Identities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector. The use of SaaS applications involves a wide range of identities, including human and non-human, such as service accounts, API keys, and OAuth authorizations. Consequently, any […]