Recent Security News
-
Could Intel Have Fixed Spectre & Meltdown Bugs Earlier?
July 26, 2024 at 10:16AM Academic researcher Daniel Gruss emphasizes that chip vulnerabilities like Spectre and Meltdown could have been resolved earlier if chip makers took reports more seriously. He and Intel’s Anders Fogh are addressing past and future vulnerabilities at Black Hat USA 2024, highlighting the collaboration between researchers and chip makers to counter…
-
Distributing Security Responsibilities (Responsibly)
July 26, 2024 at 10:01AM Cybersecurity compliance remains a priority for private organizations and government bodies, with new regulations being proposed. While regulations offer leverage for improving security processes, they also increase the burden on chief information security officers (CISOs) to navigate cost containment, trust-building, and compliance. It’s crucial to clarify security responsibilities beyond the…
-
Progress discloses second critical flaw in Telerik Report Server in as many months
July 26, 2024 at 09:37AM Progress Software’s latest security advisory warns about a critical CVE-2024-6327 vulnerability in Telerik Report Server, with potential for remote code execution on versions prior to 10.1.24.709. There’s special concern due to previous successful attacks via a similar vulnerability. Another CVE-2024-6096 vulnerability in Telerik Reporting also poses a serious risk, requiring…
-
This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps
July 26, 2024 at 09:36AM The GXC Team, a Spanish-speaking cybercrime group, has bundled phishing kits with malicious Android apps, creating a sophisticated phishing-as-a-service platform. They target users of Spanish banks and institutions worldwide, using smishing and social engineering techniques. The threat also involves AI-infused voice calling tools, AI-powered voice cloning, and adversaries-in-the-middle capabilities in…
-
Threat Actors Exploit Fresh ServiceNow Vulnerabilities in Attacks
July 26, 2024 at 08:27AM Threat actors exploiting critical vulnerabilities in ServiceNow, including input validation flaws and a file read security defect, targeting vulnerable instances for reconnaissance. Approximately 300,000 instances susceptible to probing, with threat actors attempting to extract data from private sector and government agencies worldwide. ServiceNow urged customers to apply patches and hotfixes…