Recent Security News
-
Two more Citrix NetScaler bugs exploited in the wild
January 18, 2024 at 10:38AM Two vulnerabilities in Citrix’s NetScaler ADC and Gateway products, CVE-2023-6548 and CVE-2023-6549, have been patched. The first allows remote code execution with authentication and access to specific IPs, while the second can lead to a denial-of-service attack. Customers are advised to update their affected products promptly to prevent exploitation. Key…
-
‘Chaes’ Infostealer Code Contains Hidden Threat Hunter Love Notes
January 18, 2024 at 10:29AM The latest version of the Chaes infostealer code contains secret messages praising threat hunters for analyzing their work. Additionally, intricate ASCII art pieces are hidden within the code. The malware developers also express gratitude to security researchers, including a special shout-out message to Morphisec researcher Arnold Osipov. The code mentions…
-
Building AI That Respects Our Privacy
January 18, 2024 at 10:07AM The passage discusses the author’s experience with AI and the need to integrate privacy into AI technologies. The author highlights the potential benefits and risks of AI and suggests steps to protect privacy, such as individualized models, closed systems, transparency, and data removal rights. It also advises current actions to…
-
Software Supply Chain Security Startup Kusari Raises $8 Million
January 18, 2024 at 10:00AM Kusari, a software supply chain security startup, has secured $8 million in pre-seed and seed funding led by J2 Ventures and Glasswing Ventures, with support from Unusual Ventures. Founded by members of OpenSSF and CNCF, Kusari aims to provide transparency in the software supply chain with its GUAC tool, reducing…
-
Russian APT Known for Phishing Attacks Is Also Developing Malware, Google Warns
January 18, 2024 at 09:12AM Google has warned about the Russian threat group ColdRiver known for phishing attacks and developing custom malware. Tracked as Star Blizzard, Callisto Group, and others, the group is linked to Russia’s FSB. US and UK governments have issued warnings and sanctions. Google discovered the Spica backdoor malware used for cyberespionage…