Recent Security News
-
GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability
November 29, 2023 at 12:18AM A critical security flaw in Apache ActiveMQ (CVE-2023-46604) is being exploited to distribute the GoTitan botnet and PrCtrl Rat malware for remote control of infected systems. Threat groups like Lazarus are using the flaw to deliver various payloads, including DDoS bots and cryptojackers. Meeting Takeaways: 1. A critical security flaw…
-
Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability
November 29, 2023 at 12:18AM Google patched seven Chrome security issues, including an actively exploited zero-day (CVE-2023-6345) in the Skia graphics library. Users should update to the latest version to prevent potential threats. This marks the sixth zero-day patched in 2023. Chromium-based browser users should also update. Meeting Takeaways: 1. Google has issued security updates…
-
CISA to Congress: US Under Threat of Chemical Attacks
November 28, 2023 at 05:50PM CISA has highlighted a national security risk following the expiration of the CFATS program, which regulated security at chemical facilities to prevent terrorism. With CFATS lapsed since July, CISA notes increased danger as facilities may acquire dangerous chemicals without adequate security measures, and potential terrorist ties may go unchecked. Meeting…
-
Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads
November 28, 2023 at 05:08PM Researchers have discovered three unpatched vulnerabilities in Ray, an open source framework used for scaling AI and machine learning workloads. These vulnerabilities could allow attackers to gain operating system access, execute remote code, and escalate privileges. Anyscale, the company that sells a managed version of Ray, has not yet addressed…
-
New BLUFFS attack lets attackers hijack Bluetooth connections
November 28, 2023 at 04:59PM Researchers at Eurecom have discovered six new Bluetooth attacks called ‘BLUFFS’ that can compromise the secrecy of Bluetooth sessions, leading to device impersonation and man-in-the-middle attacks. These attacks exploit flaws in the Bluetooth standard and can impact billions of devices. The researchers have provided a toolkit on GitHub to demonstrate…