New PIXHELL acoustic attack leaks secrets from LCD screen noise

September 10, 2024 at 03:29PM A new acoustic attack, ‘PIXHELL,’ has been discovered that can extract information from air-gapped and audio-gapped systems using LCD monitors, without the need for speakers. Based on the meeting notes, the key takeaway is that a novel acoustic attack called “PIXHELL” has the capability to leak secrets from air-gapped and … Read more

Webinar: How to Protect Your Company from GenAI Data Leakage Without Losing It’s Productivity Benefits

September 9, 2024 at 08:24AM GenAI has become essential for productivity, but also poses security risks due to employees sharing sensitive information. To address this, organizations can identify and protect sensitive data, set restrictions, and utilize GenAI DLP tools to monitor and control data input. A webinar by LayerX offers insights and best practices for … Read more

Creating Insecure AI Assistants With Microsoft Copilot Studio Is Easy

August 7, 2024 at 02:27PM Enterprise usage of Microsoft’s Copilot Studio, a no-code chatbot creation tool, has surged within nine months of its release. However, security researcher Michael Bargury highlighted serious security vulnerabilities that could lead to data exfiltration and bypassing controls. Despite Microsoft addressing some issues, careful implementation and admin controls are essential to … Read more

Startup Spotlight: LeakSignal Helps Plug Leaky Data in Organizations

August 5, 2024 at 01:15PM LeakSignal is an openly distributed data governance solution, aiming to tackle data leakage within organizations. It offers real-time data flow governance, using natural language processing techniques and Rust technology. The company is a finalist in the Black Hat Startup Spotlight competition, emphasizing proactive monitoring and alerting. Its mascot idea is … Read more

Flawed AI Tools Create Worries for Private LLMs, Chatbots

May 30, 2024 at 04:04PM Private instances of large language models (LLMs) used by businesses face risks from data poisoning and leakage if not properly secured, leading to potential attacks and compromise of AI systems. Recent exploits highlight the importance of secure implementation and testing, especially as AI adoption increases in the information and professional … Read more

Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms

May 20, 2024 at 04:04PM A severe memory corruption vulnerability named “Linguistic Lumberjack” is found in the popular cloud logging tool Fluent Bit, impacting numerous major cloud service providers and organizations. The bug, tracked under CVE-2024-4323, enables denial of service, data leakage, and remote code execution. Maintainers have released a fix, urging prompt updates or … Read more

Google fixes fifth Chrome zero-day exploited in attacks this year

May 10, 2024 at 04:09AM Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability of 2024, which is a high-severity “user after free” issue in the Visuals component. The update addresses potential data leakage, code execution, and crashes. Users are advised to confirm they have the latest version … Read more

GoFetch security exploit can’t be disabled on M1 and M2 Apple chips

March 25, 2024 at 10:36AM Researchers have delved further into the GoFetch vulnerability affecting Apple M-series and Intel Raptor Lake CPUs. Exploiting data memory-dependent prefetchers, the exploit leaks core-cached data, posing a threat for hackers. While patches are possible for M3 and Raptor Lake CPUs, the M1 and M2 chips face challenges due to the … Read more

AutoSpill attack steals credentials from Android password managers

December 9, 2023 at 11:20AM Researchers presented the AutoSpill attack, targeting Android password managers during the autofill process. It exploits weaknesses in WebView controls, potentially leaking account credentials to the invoking app. Multiple password managers were found susceptible, with vendors taking steps to address the issue. The attack highlights the need for improved security measures … Read more

AI Solutions Are the New Shadow IT

November 22, 2023 at 06:54AM Summary: Employees’ strong demand for AI tools is putting pressure on CISOs and cybersecurity teams to adopt AI quickly, even if it means overlooking security risks. Indie AI startups, in particular, lack security rigor compared to enterprise AI and pose risks such as data leakage, content quality issues, product vulnerabilities, … Read more