Recent Security News
-
Strength in Numbers: The Case for Whole-of-State Cybersecurity
January 17, 2024 at 10:07AM A recent CloudSEK XVigil report reveals a 95% surge in cyberattacks on government agencies in 2022. The public sector faces greater cybersecurity challenges due to limited resources and widespread personal data. A whole-of-state (WoS) cybersecurity strategy is proposed for collaborative defense, supported by the State and Local Cybersecurity Grant Program.…
-
Using Wazuh to build a cybersecurity architecture with open source tools
January 17, 2024 at 10:07AM Cybersecurity architecture involves designing an organization’s approach to securing its information systems. It aims to establish a resilient defense against cyber threats. Leveraging open source tools offers cost-effectiveness and flexibility. Selecting tools like Wazuh, ClamAV, Suricata, pfSense, ModSecurity, VeraCrypt, OpenDLP, and OpenVAS helps build a robust cybersecurity architecture. Wazuh, in…
-
PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions
January 17, 2024 at 09:57AM PAX Technology’s PoS terminals have high-severity vulnerabilities that could allow threat actors to execute arbitrary code. The STM Cyber R&D team discovered six flaws, including privilege escalation and local code execution, impacting various PAX devices. The vulnerabilities were responsibly disclosed to PAX, and patches were released in November 2023. Key…
-
Combating IP Leaks into AI Applications with Free Discovery and Risk Reduction Automation
January 17, 2024 at 09:57AM Wing Security introduces a free discovery and a paid tier for automated control over AI SaaS applications, aiming to enhance intellectual property and data protection. 83.2% of companies use GenAI applications, with 99.7% employing AI-powered SaaS. Their solution offers steps to Know, Assess, and Control AI risks while automating workflows…
-
AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs
January 17, 2024 at 08:30AM Researchers discovered a new attack method, LeftoverLocals (CVE-2023-4969), exploiting a GPU vulnerability to access sensitive data from AI and other applications. LeftoverLocals can affect Apple, AMD, Qualcomm, and Imagination Technologies GPUs. Qualcomm and Apple are releasing patches, while AMD plans mitigations in March 2024. The vulnerability allows local attackers to…