Category: Uncategorized
-
Agentic AI in SOCs: A Solution to SOAR’s Unfulfilled Promises [email protected] (The Hacker News)
Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency. However, despite three generations of technology and 10 years of advancements, SOAR hasn’t fully delivered on its potential, leaving SOCs still grappling with many of the sameRead More
-
ChatGPT macOS Flaw Could’ve Enabled Long-Term Spyware via Memory Function [email protected] (The Hacker News)
A now-patched security vulnerability in OpenAI’s ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool’s memory. The technique, dubbed SpAIware, could be abused to facilitate “continuous data exfiltration of any information the user typed or responses received by ChatGPT, including any future…
-
Iran Was Behind Thousands of Text Messages Calling for Revenge Over Quran Burnings, Sweden Says Associated Press
Sweden is accusing Iran of hacking SMS service and sending out thousands of text messages calling for revenge over Quran burnings. The post Iran Was Behind Thousands of Text Messages Calling for Revenge Over Quran Burnings, Sweden Says appeared first on SecurityWeek. Read More
-
Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware [email protected] (The Hacker News)
Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation and shipping companies so as to inject malicious content into existing email conversations.…
-
CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns [email protected] (The Hacker News)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2024-7593 (CVSS score: 9.8), which could be exploited by a remote unauthenticated attacker to bypass theRead…
-
CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes Ryan Naraine
CrowdStrike says it has revamped several testing, validation, and update rollout processes to prevent a repeat of the July BSOD incident. The post CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes appeared first on SecurityWeek. Read More
-
Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities Eduard Kovacs
Bitsight finds critical vulnerabilities in several automatic tank gauge (ATG) products used in various critical infrastructure sectors. The post Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities appeared first on SecurityWeek. Read More
-
AI-Generated Malware Found in the Wild Kevin Townsend
HP has intercepted an email campaign comprising a standard malware payload delivered by an AI-generated dropper. The post AI-Generated Malware Found in the Wild appeared first on SecurityWeek. Read More
-
Necro Android Malware Found in Popular Camera and Browser Apps on Play Store [email protected] (The Hacker News)
Altered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version of a known malware loader called Necro. Kaspersky said some of the malicious apps have also been found on the Google Play Store. They have been cumulatively downloaded 11 million times. They include – Wuta…
-
Microsoft Names Deputy CISOs, Governance Council to Manage Security Push Ryan Naraine
Microsoft says each Deputy CISO will oversee specific domains, ranging from gaming and cloud security to AI and government systems. The post Microsoft Names Deputy CISOs, Governance Council to Manage Security Push appeared first on SecurityWeek. Read More