August 10, 2024 at 01:45AM Microsoft has disclosed an unpatched zero-day in Office (CVE-2024-38200) that could lead to unauthorized disclosure of sensitive information to malicious actors. A patch is expected on August 13, with an alternative fix already enabled. Three mitigation strategies have been outlined. Microsoft is also working on addressing other zero-day flaws in … Read more
July 19, 2024 at 08:43AM The Cybersecurity and Infrastructure Security Agency released a supplemental manual for infrastructure resilience planning, offering guidance on enhancing security and resiliency for critical infrastructure. It includes processes, table top exercises, and key actions for resilience planning, outlined by CISA’s executive assistant director for infrastructure security, David Mussington. The manual is … Read more
December 18, 2023 at 10:09AM CISA conducted a cybersecurity assessment for a healthcare and public health organization, finding no significant exploitable conditions but identifying weak passwords and other security issues. CISA is sharing the results with the sector to improve cybersecurity posture. The report includes mitigation recommendations and urges organizations to review and apply them. … Read more
November 10, 2023 at 01:26PM Popular AI application ChatGPT experienced recurring outages due to a distributed denial of service (DDoS) attack. The disruptions affected the ChatGPT interface, API, OpenAI API services, Labs, and Playground. While the issue has been resolved, experts believe AI companies like ChatGPT will face more attacks. Hacker group Anonymous Sudan claimed … Read more
October 26, 2023 at 07:32AM Researchers have developed a new side-channel attack called iLeakage that can extract sensitive information from Safari on Apple devices. It bypasses standard side-channel protections and can retrieve data from Safari, Firefox, Tor, and Edge on iOS with near-perfect accuracy. The attack exploits speculative execution in Apple Silicon CPUs and requires … Read more