July 17, 2024 at 07:06AM A CVE-2024-27348-affected Apache HugeGraph-Server vulnerability is being exploited in attacks, as reported by SecurityWeek. Based on the meeting notes, it appears that a recently patched Apache HugeGraph-Server vulnerability, identified as CVE-2024-27348, is being targeted in attacks. Additionally, there are reports of the vulnerability being exploited in the wild as indicated … Read more
July 9, 2024 at 01:04PM Adobe has released critical patches for code execution bugs in Adobe Premiere Pro, Adobe InDesign, and Adobe Bridge on Windows and macOS. The vulnerabilities pose significant security risks. This information was reported by SecurityWeek. Based on the meeting notes, it seems that Adobe has identified at least seven code execution … Read more
July 1, 2024 at 12:24PM Chris Evans, CISO of HackerOne, challenges common perceptions of hackers. He defines a hacker as someone who creatively overcomes limitations and believes computer hacking is about improving life. He argues that most hackers naturally use their skills for good and emphasizes the positive impact of hacking on society. Evans also … Read more
June 27, 2024 at 06:46AM LockBit ransomware threatened to release 33 Tb of data from the US Federal Reserve, but leaked data appears to be from Evolve Bank & Trust, not the central bank. The cybersecurity community expressed skepticism over the claims. Evolve Bank is investigating a cyber incident involving potential personal information compromise, but … Read more
June 26, 2024 at 07:07AM Over 100,000 websites have been targeted by a supply chain attack injecting malware through a Polyfill domain, as reported by SecurityWeek. Based on the meeting notes, it appears that a supply chain attack involving the injection of malware through a Polyfill domain has impacted over 100,000 websites. This information was … Read more
June 24, 2024 at 03:18PM SecurityWeek will host the AI Risk Summit + CISO Forum Summer Summit on June 25-26, 2024, in Half Moon Bay, California. The event aims to bring together industry experts, researchers, and policymakers for meaningful discussions on risk management and cybersecurity in the age of artificial intelligence. For more information and … Read more
June 24, 2024 at 09:57AM The Los Angeles County Department of Health Services (DHS) revealed a data breach resulting from a push notification spamming attack on an employee’s Microsoft 365 account. Personal information may have been compromised, including names, addresses, Social Security numbers, and medical data. The DHS took immediate action to mitigate the breach … Read more
June 20, 2024 at 08:32AM AI model weights control system outputs, but if altered or “poisoned,” they can produce erroneous and potentially dangerous results. Securing these weights is crucial for maintaining the reliability and safety of artificial intelligence systems. This was highlighted in a post on SecurityWeek. Based on the meeting notes, the key takeaway … Read more
June 20, 2024 at 08:32AM Chinese-speaking victims have been targeted by a threat actor using the SquidLoader malware loader in recent attacks. The highly evasive SquidLoader malware is aimed at China. [SecurityWeek] Based on the meeting notes: – A threat actor has been using the SquidLoader malware loader in recent attacks targeting Chinese-speaking victims. – … Read more
June 17, 2024 at 10:14AM SecurityWeek is hosting the AI Risk Summit + CISO Forum Summer Summit on June 25-26, 2024, at the Ritz-Carlton, Half Moon Bay. The event will gather security and risk management executives, AI researchers, and business stakeholders to discuss practical guidance on cybersecurity in the age of artificial intelligence. More information … Read more