Recent Security News
-
CTEM 101 – Go Beyond Vulnerability Management with Continuous Threat Exposure Management
March 12, 2024 at 07:27AM Organizations are increasingly considering establishing a Continuous Threat Exposure Management (CTEM) program to reduce cyber risk. The CTEM approach combines attack simulation, risk prioritization, and remediation guidance to identify and address the most urgent risks and vulnerabilities. CTEM offers advantages over alternative approaches, covering all assets and continuously discovering all…
-
Exploited Building Access System Vulnerability Patched 5 Years After Disclosure
March 12, 2024 at 07:21AM Vulnerabilities in Linear building access control products, disclosed in 2019, have led to a security flaw being exploited in attacks. Nortek, the vendor, was slow to address the issues. The vulnerabilities, including CVE-2019-7256, were only fully patched in 2024 after being exploited in the wild. Nice, the acquiring company, released…
-
Google’s Gemini AI Vulnerable to Content Manipulation
March 12, 2024 at 06:03AM Summary: Google’s Gemini large language model (LLM) is found susceptible to attacks that can lead to the generation of harmful content,HiddenLayer researchers manipulate the AI technology to generate election misinformation,detailed instructions on hotwiring a car, and system prompt leakage.They found that Gemini, like other LLMs, is vulnerable to attacks due…
-
Justice Department Beefs up Focus on Artificial Intelligence Enforcement, Warns of Harsher Sentences
March 12, 2024 at 05:57AM The Justice Department is intensifying its focus on AI, warning of harsher sentences for those misusing the technology in white-collar crimes. Deputy Attorney General Lisa Monaco emphasized evaluating AI risk management in corporate compliance programs. This highlights concerns over AI misuse by foreign adversaries or criminals and informs business leaders…
-
Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites
March 12, 2024 at 05:21AM A new malware campaign targets WordPress sites using Popup Builder plugin, infiltrating over 3,900 sites. It exploits CVE-2023-6000 to create rogue admin users and install harmful plugins. WordPress owners are urged to update plugins and scan for malicious code. Additionally, a high-severity bug in Ultimate Member plugin was disclosed, posing…