Recent Security News
-
California Advances Unique Safety Regulations for AI Companies Despite Tech Firm opposition
July 4, 2024 at 12:33PM California lawmakers advanced legislation requiring AI companies to test their systems to prevent potential harm, such as disrupting the electric grid or building chemical weapons. The bill, fiercely opposed by tech companies, aims to regulate AI safety standards and oversight. It also addresses concerns about AI discrimination and data privacy,…
-
Ethereum mailing list breach exposes 35,000 to crypto draining attack
July 4, 2024 at 12:18PM A threat actor compromised Ethereum’s mailing list provider and sent a phishing email to over 35,000 addresses, luring recipients to a malicious site offering investment returns. Ethereum disclosed the incident, stating it had no material impact. The internal security team launched an investigation, blocked the attacker, and warned the community.…
-
Software Productivity Tools Hijacked to Deliver Infostealers
July 4, 2024 at 09:10AM Conceptworld Corporation, an India-based software company, was found to be distributing information-stealing malware with its software products. Researchers from Rapid7 discovered that the installation packages of their tools, Notezilla, RecentX, and Copywhiz, had been Trojanized. Despite replacing the malicious installers, users were unknowingly exposed to the dllFake malware, capable of…
-
Hackers attack HFS servers to drop malware and Monero miners
July 4, 2024 at 08:33AM Hackers are targeting older versions of Rejetto’s HTTP File Server (HFS) with malware and cryptocurrency mining. They exploit CVE-2024-23692 to execute commands without authentication. Vulnerable versions include up to 2.3m, categorized as “dangerous” by Rejetto. Attackers gather system information, install backdoors, and deploy various malware, including XMRig for cryptocurrency mining.…
-
Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus
July 4, 2024 at 06:37AM Microsoft has disclosed two security vulnerabilities in Rockwell Automation PanelView Plus, which could be exploited by remote attackers for remote code execution and denial-of-service (DoS) attacks. These flaws are tracked as CVE-2023-2071 and CVE-2023-29464, impacting FactoryTalk View Machine Edition and FactoryTalk Linx. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)…