US Gathers Allies to Talk AI Safety as Trump’s Vow to Undo Biden’s AI Policy Overshadows Their Work
Thu, 21 Nov 2024 03:07:00 +0000
Trump promised in his presidential campaign platform to “repeal Joe Biden’s dangerous Executive Order that hinders AI Innovation, and imposes Radical Leftwing ideas on the development of this technology.”
The post US Gathers Allies to Talk AI Safety as Trump’s Vow to Undo Biden’s AI Policy Overshadows Their Work appeared first on SecurityWeek.
https://www.securityweek.com/us-gathers-allies-to-talk-ai-safety-as-trumps-vow-to-undo-bidens-ai-policy-overshadows-their-work/
Risk Intelligence Startup RIIG Raises $3 Million
Wed, 20 Nov 2024 16:43:03 +0000
Risk intelligence and cybersecurity solutions provider RIIG has raised $3 million in a seed funding round led by Felton Group.
The post Risk Intelligence Startup RIIG Raises $3 Million appeared first on SecurityWeek.
https://www.securityweek.com/risk-intelligence-startup-riig-raises-3-million/
Twine Snags $12M for AI-Powered ‘Digital Employees’ Tech
Wed, 20 Nov 2024 13:59:01 +0000
Twine and its investors are betting on the idea of AI-powered “digital cyber employees” to handle mundane but critical security tasks.
The post Twine Snags $12M for AI-Powered ‘Digital Employees’ Tech appeared first on SecurityWeek.
https://www.securityweek.com/twine-snags-12m-for-ai-powered-digital-employees-tech/
Surf Security Adds Deepfake Detection Tool to Enterprise Browser
Wed, 20 Nov 2024 13:44:55 +0000
Surf Security has released Deepwater, a deepfake detection tool integrated into the company’s enterprise browser.
The post Surf Security Adds Deepfake Detection Tool to Enterprise Browser appeared first on SecurityWeek.
https://www.securityweek.com/surf-security-adds-deepfake-detection-tool-to-enterprise-browser/
Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments
Wed, 20 Nov 2024 18:39:00 +0530
Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim’s funds at scale.
The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic.
“Criminals can now misuse Google Pay and Apple
https://thehackernews.com/2024/11/ghost-tap-hackers-exploiting-nfcgate-to.html
D-Link Warns of RCE Vulnerability in Legacy Routers
Wed, 20 Nov 2024 12:53:11 +0000
Six discontinued D-Link router models are affected by a remote code execution (RCE) vulnerability that will not be patched.
The post D-Link Warns of RCE Vulnerability in Legacy Routers appeared first on SecurityWeek.
https://www.securityweek.com/d-link-warns-of-rce-vulnerability-in-legacy-routers/
CISA Warns of Progress Kemp LoadMaster Vulnerability Exploitation
Wed, 20 Nov 2024 12:14:02 +0000
CISA is warning organizations that CVE-2024-1212, a Progress Kemp LoadMaster OS command injection vulnerability, is being exploited in attacks.
The post CISA Warns of Progress Kemp LoadMaster Vulnerability Exploitation appeared first on SecurityWeek.
https://www.securityweek.com/cisa-warns-of-progress-kemp-loadmaster-vulnerability-exploitation/
NHIs Are the Future of Cybersecurity: Meet NHIDR
Wed, 20 Nov 2024 17:00:00 +0530
The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take
https://thehackernews.com/2024/11/nhis-are-future-of-cybersecurity-meet.html
GitHub Launches Fund to Improve Open Source Project Security
Wed, 20 Nov 2024 11:21:43 +0000
GitHub has launched a $1.25 million fund to be invested in improving the security of 125 open source projects.
The post GitHub Launches Fund to Improve Open Source Project Security appeared first on SecurityWeek.
https://www.securityweek.com/github-launches-fund-to-improve-open-source-project-security/
Cyera Raises $300 Million at $3 Billion Valuation
Wed, 20 Nov 2024 11:00:00 +0000
Data security firm Cyera has raised $300 million in Series D funding, which brings the total investment in the company to $760 million.
The post Cyera Raises $300 Million at $3 Billion Valuation appeared first on SecurityWeek.
https://www.securityweek.com/cyera-raises-300-million-at-3-billion-valuation/
Oracle Patches Exploited Agile PLM Zero-Day
Wed, 20 Nov 2024 10:30:00 +0000
Oracle has patched a high-severity information disclosure zero-day in Agile PLM that has been exploited in the wild.
The post Oracle Patches Exploited Agile PLM Zero-Day appeared first on SecurityWeek.
https://www.securityweek.com/oracle-patches-exploited-agile-plm-zero-day/
Ford Blames Third-Party Supplier for Data Breach
Wed, 20 Nov 2024 09:50:00 +0000
Ford has completed its investigation into recent data breach claims and determined that its systems and customer data have not been compromised.
The post Ford Blames Third-Party Supplier for Data Breach appeared first on SecurityWeek.
https://www.securityweek.com/ford-says-leaked-data-comes-from-supplier-and-is-not-sensitive/
Decades-Old Security Vulnerabilities Found in Ubuntu’s Needrestart Package
Wed, 20 Nov 2024 14:46:00 +0530
Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction.
The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that
https://thehackernews.com/2024/11/decades-old-security-vulnerabilities.html
Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity
Wed, 20 Nov 2024 12:30:00 +0530
Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised.
The idea, the tech giant said, is to avoid incidents like that of CrowdStrike’s earlier this July, enable more apps and users to be run without admin privileges, add controls surrounding the use of unsafe apps and drivers, and offer
https://thehackernews.com/2024/11/microsoft-launches-windows-resiliency.html
China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks
Wed, 20 Nov 2024 12:28:00 +0530
A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection.
Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications
https://thehackernews.com/2024/11/china-backed-hackers-leverage-sigtran.html
Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities
Wed, 20 Nov 2024 10:07:00 +0530
Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.
The flaws are listed below –
CVE-2024-44308 (CVSS score: 8.8) – A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content
CVE-2024-44309 (CVSS score: 6.1
https://thehackernews.com/2024/11/apple-releases-urgent-updates-to-patch.html
Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation
Wed, 20 Nov 2024 09:54:00 +0530
Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild.
The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information.
“This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network
https://thehackernews.com/2024/11/oracle-warns-of-agile-plm-vulnerability.html
Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices
Tue, 19 Nov 2024 19:31:00 +0530
The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal.
“At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices,” the Black Lotus Labs team at
https://thehackernews.com/2024/11/ngioweb-botnet-fuels-nsocks-residential.html
Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts
Tue, 19 Nov 2024 19:30:00 +0530
Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools.
The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report shared with The
https://thehackernews.com/2024/11/hackers-hijack-unsecured-jupyter.html
Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority
Tue, 19 Nov 2024 17:00:00 +0530
Privileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access—rather than securing the accounts and users entrusted with it. This emphasis is perhaps due to the persistent challenges of Privileged Access Management (PAM) deployments. Yet, as the threat landscape evolves, so must organizational priorities. To
https://thehackernews.com/2024/11/privileged-accounts-hidden-threats-why.html