December 5, 2024 at 05:36PM The US Library of Congress has clarified that certain security research activities related to AI models, like prompt injection, do not violate the DMCA, benefiting researchers. However, no safe harbor exemption was granted. The ongoing legal ambiguities raise concerns about the protection of good faith AI research amid rapid technological … Read more
September 24, 2024 at 03:44PM Multiple critical security vulnerabilities have been found in automatic tank gauge (ATG) systems, posing threats to critical infrastructure by allowing attackers to potentially gain full control of the systems. Researchers warn of the potential for cyberattacks impacting fuel availability, environmental disruption, and physical damage. Mitigation efforts are ongoing, emphasizing the … Read more
September 9, 2024 at 02:15AM In 2024, a previously unknown threat actor, named TIDRONE, targeted drone manufacturers in Taiwan in a cyber attack campaign. Trend Micro suspects Chinese-speaking groups’ involvement and notes espionage-driven activity. The attack involves custom malware like CXCLNT and CLNTEND, exploiting an ERP software commonality, and using backdoors via Microsoft Word to … Read more
August 30, 2024 at 03:10PM Security researchers uncovered a vulnerability in a critical air transport security system, enabling unauthorized individuals to potentially bypass airport security and access aircraft cockpits. Based on the meeting notes, the key takeaway would be that security researchers have discovered a vulnerability in a critical air transport security system, potentially allowing … Read more
August 6, 2024 at 06:12AM Microsoft announced that it paid out $16.6 million through its bug bounty programs over the past year, an increase from the previous annual average of $13 million. They rewarded 343 researchers from 55 countries for over 1,300 eligible reports, with the largest single reward being $200,000. Microsoft plans to continue … Read more
July 1, 2024 at 05:02PM Google will reward security researchers who can perform a guest-to-host attack using a zero-day vulnerability in the KVM open source hypervisor. The meeting notes indicate that if security researchers are able to carry out a guest-to-host attack by exploiting a zero-day vulnerability in the KVM open source hypervisor, Google is … Read more
June 28, 2024 at 06:45AM Security researchers from Graz University of Technology have revealed a new side-channel attack, SnailLoad, capable of remotely inferring a user’s web activity. By exploiting network latency, the attack allows attackers to deduce websites visited or videos watched without needing to be in physical proximity to the victim’s Wi-Fi connection. Additionally, … Read more
June 13, 2024 at 06:48AM Threat actors with ties to Pakistan are behind a long-running malware campaign named Operation Celestial Force, utilizing Android and Windows-based malware administered through a tool called GravityAdmin. The cybersecurity community attributes the intrusion to an adversary known as Cosmic Leopard, with indications that it targets users in the Indian subcontinent. … Read more
April 24, 2024 at 09:45AM Cybersecurity researchers have uncovered an ongoing attack campaign, FROZEN#SHADOW, utilizing phishing emails to distribute SSLoad malware, Cobalt Strike, and ConnectWise ScreenConnect. The campaign targets organizations in Asia, Europe, and the Americas, using various methods to deliver malware and gain access to critical systems. The attackers’ persistence poses significant risks to … Read more
April 11, 2024 at 06:27PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched a new version of “Malware Next-Gen,” allowing the public to submit malware samples for analysis. This expands access beyond government agencies and aims to enhance cyber defense efforts. The platform has already identified 200 suspicious files from 1,600 submissions, encouraging … Read more