Microsoft MFA Bypassed via AuthQuake Attack 

December 12, 2024 at 08:28AM Oasis Security revealed a critical vulnerability, AuthQuake, allowing bypass of Microsoft’s multi-factor authentication (MFA). Reported in June, a temporary fix was issued before a permanent one in October. The exploit required no user interaction and could quickly grant access to sensitive accounts, affecting over 400 million Office 365 users. ### … Read more

BadRAM Attack Uses $10 Equipment to Break AMD Processor Protections

December 11, 2024 at 11:03AM Researchers from KU Leuven, University of Lubeck, and University of Birmingham introduced the BadRAM attack, utilizing $10 equipment to compromise AMD’s SEV-SNP technology by deceiving memory processors. This attack exploits rogue memory modules to manipulate memory mappings, leading to potential data integrity loss. AMD has implemented firmware updates to mitigate … Read more

AI Chatbots Ditch Guardrails After ‘Deceptive Delight’ Cocktail

October 24, 2024 at 11:44AM Palo Alto Networks revealed a method called “Deceptive Delight” that combines benign and malicious queries, successfully bypassing AI guardrails in chatbots 65% of the time. This advanced “multiturn” jailbreak exploits the limited attention span of language models, prompting recommendations for organizations to enhance security measures against prompt injection attacks. ### … Read more

Fore-get about privacy, golf tech biz leaves 32M data records on the fairway

October 10, 2024 at 10:22AM A researcher discovered nearly 32 million records from Trackman users exposed in an unsecured database, risking data breaches and cyberattacks. Trackman, used by pro golfers and leagues, quickly secured the database but failed to notify affected users of the exposure. Sensitive information could facilitate phishing and other cybercrimes. ### Meeting … Read more

Don’t Answer the Phone: Inside a Real-Life Vishing Attack

March 20, 2024 at 12:03PM Successful attackers target human emotions for psychological manipulation, making anyone vulnerable, regardless of tech expertise. Based on the meeting notes, the key takeaway is that successful attackers focus on psychological manipulation of human emotions, making anyone, including tech-savvy individuals, susceptible to becoming a victim. Full Article