Recent Security News
-
Security Experts Describe AI Technologies They Want to See
January 22, 2024 at 12:19PM The cybersecurity industry seeks transformational technologies to mitigate cyberattacks. AI and Large Language Models (LLMs) have gained traction, particularly in generative-AI applications, attracting significant investment. Security experts envision AI as a proactive guardian, playing a crucial role in real-time defense systems, insider threat detection, and behavioral analytics. AI’s potential lies…
-
North Korean Hackers Weaponize Fake Research to Deliver RokRAT Backdoor
January 22, 2024 at 12:06PM In December 2023, media organizations and North Korea experts were targeted by a cyber campaign orchestrated by the threat actor ScarCruft. This North Korea-linked group, also known as APT37, targeted individuals with malicious files, displaying a sophisticated and evolving approach. The attack is indicative of the group’s ongoing efforts to…
-
MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries
January 22, 2024 at 12:06PM New software supply chain attack method MavenGate targets public and popular libraries used in Java and Android apps. Vulnerabilities allow hijacking of artifacts and injecting malicious code. Oversecured sent reports to tech companies. Attack involves domain name purchases and exploiting abandoned libraries. Sonatype claims automation prevents attacks, but recommends end…
-
EFF adds Street Surveillance Hub so Americans can check who’s checking on them
January 22, 2024 at 11:40AM The Street Surveillance Hub by the Electronic Frontier Foundation exposes the extensive surveillance systems in the US, providing detailed breakdowns and a news feed. Efforts like the Atlas of Surveillance and advocacy aim to shed light on privacy infringements. With police and technology companies expanding surveillance, local and state legislation…
-
Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure
January 22, 2024 at 11:06AM Attempts to exploit a critical Atlassian Confluence vulnerability, CVE-2023-22527, began shortly after its disclosure. Out-of-date versions of Confluence Data Center and Server are affected, allowing unauthenticated attackers to achieve remote code execution. The Shadowserver Foundation reported 40,000 exploitation attempts, highlighting widespread activity and the ongoing risk to vulnerable servers. Based…