Recent Security News
-
PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions
January 17, 2024 at 09:57AM PAX Technology’s PoS terminals have high-severity vulnerabilities that could allow threat actors to execute arbitrary code. The STM Cyber R&D team discovered six flaws, including privilege escalation and local code execution, impacting various PAX devices. The vulnerabilities were responsibly disclosed to PAX, and patches were released in November 2023. Key…
-
Combating IP Leaks into AI Applications with Free Discovery and Risk Reduction Automation
January 17, 2024 at 09:57AM Wing Security introduces a free discovery and a paid tier for automated control over AI SaaS applications, aiming to enhance intellectual property and data protection. 83.2% of companies use GenAI applications, with 99.7% employing AI-powered SaaS. Their solution offers steps to Know, Assess, and Control AI risks while automating workflows…
-
AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs
January 17, 2024 at 08:30AM Researchers discovered a new attack method, LeftoverLocals (CVE-2023-4969), exploiting a GPU vulnerability to access sensitive data from AI and other applications. LeftoverLocals can affect Apple, AMD, Qualcomm, and Imagination Technologies GPUs. Qualcomm and Apple are releasing patches, while AMD plans mitigations in March 2024. The vulnerability allows local attackers to…
-
Achieving “Frictionless Defense” in the Age of Hybrid Networks
January 17, 2024 at 08:30AM The term “frictionless” in cybersecurity acknowledges the lack of a perfect security solution. With a growing cybersecurity workforce shortage and increasingly dispersed networks, the emphasis is on quickly and easily gaining visibility into network activities. Integrations are vital in achieving a “frictionless defense,” particularly in modern distributed infrastructures and cloud…
-
GitHub Rotates Credentials in Response to Vulnerability
January 17, 2024 at 08:30AM GitHub rotated credentials and addressed a vulnerability impacting GitHub.com and GitHub Enterprise Server after receiving a vulnerability report. The security defect allowed access to credentials within a production container but had minimal impact. GitHub resolved the flaw and released patches for GitHub Enterprise Server, also rotating the private GitHub GPG…