December 6, 2023 at 10:48AM LogoFAIL is an attack exploiting UEFI image parsing to breach devices through harmful logo images, threatening both consumer and enterprise equipment. Meeting Takeaways: 1. **Issue Identified**: The meeting discussed a significant security vulnerability known as LogoFAIL. 2. **Attack Vector**: LogoFAIL exploits a UEFI (Unified Extensible Firmware Interface) image parser. 3. … Read more
December 5, 2023 at 06:34PM Klarytee, a data security platform, has raised $900,000 in pre-Seed funding led by Concept Ventures and high-profile angels. Founded by Dr. Nithin Thomas, the software safeguards sensitive information by integrating encryption directly into the data. Klarytee features capabilities like real-time encryption across applications and an add-in for Microsoft Word, primarily … Read more
November 29, 2023 at 02:38PM Hackers exploit a critical vulnerability in ownCloud, tracked as CVE-2023-49103, compromising admin passwords and sensitive data. With a CVSS score of 10/10, it affects versions 0.2.0 to 0.3.0. Over 11,000 instances are exposed, mostly in Germany, the US, France, and Russia. Patching is vital; disabling the app isn’t enough. Two … Read more
November 22, 2023 at 11:56AM A group known as Scattered Spider, responsible for the MGM cyberattack in September, has conducted another sophisticated ransomware attack. The group exploited a third-party service to gain access to the target organization’s on-premise network. The attack used tactics similar to the MGM attack, including social engineering and manipulation of multi-factor … Read more
November 20, 2023 at 05:19PM Lasso Security, a cybersecurity company specializing in Large Language Models (LLMs), has raised $6 million in a seed funding round led by Entrée Capital and Samsung Next. Lasso aims to address the cybersecurity challenges posed by LLMs and provide comprehensive protection for businesses leveraging Generative AI. The funds will be … Read more
November 20, 2023 at 01:32PM OpenAI and Microsoft have introduced no-code tools for creating custom GPT models. These models can act on behalf of users and integrate with various enterprise systems. Microsoft’s Copilot Studio, in particular, allows user impersonation, making it difficult to block AI-generated operations. Low-code/no-code platforms have simplified app development, and organizations need … Read more
November 17, 2023 at 03:56PM The cybercrime group known as Scattered Spider has been able to successfully attack US organizations without being disrupted or arrested, despite federal law enforcement being aware of their identities for over six months. The FBI and CISA have released an advisory to help organizations defend against Scattered Spider, but it … Read more
October 18, 2023 at 09:15AM Citrix has issued a warning about a critical security flaw in its NetScaler ADC and Gateway appliances, known as CVE-2023-4966. The vulnerability could expose sensitive information and requires devices to be configured as a Gateway or AAA virtual server for exploitation to occur. Patches were released on October 10, 2023, … Read more