January 17, 2024 at 09:57AM PAX Technology’s PoS terminals have high-severity vulnerabilities that could allow threat actors to execute arbitrary code. The STM Cyber R&D team discovered six flaws, including privilege escalation and local code execution, impacting various PAX devices. The vulnerabilities were responsibly disclosed to PAX, and patches were released in November 2023. Key … Read more
January 17, 2024 at 09:57AM Wing Security introduces a free discovery and a paid tier for automated control over AI SaaS applications, aiming to enhance intellectual property and data protection. 83.2% of companies use GenAI applications, with 99.7% employing AI-powered SaaS. Their solution offers steps to Know, Assess, and Control AI risks while automating workflows … Read more
January 17, 2024 at 08:30AM Researchers discovered a new attack method, LeftoverLocals (CVE-2023-4969), exploiting a GPU vulnerability to access sensitive data from AI and other applications. LeftoverLocals can affect Apple, AMD, Qualcomm, and Imagination Technologies GPUs. Qualcomm and Apple are releasing patches, while AMD plans mitigations in March 2024. The vulnerability allows local attackers to … Read more
January 17, 2024 at 08:30AM The term “frictionless” in cybersecurity acknowledges the lack of a perfect security solution. With a growing cybersecurity workforce shortage and increasingly dispersed networks, the emphasis is on quickly and easily gaining visibility into network activities. Integrations are vital in achieving a “frictionless defense,” particularly in modern distributed infrastructures and cloud … Read more
January 17, 2024 at 08:30AM GitHub rotated credentials and addressed a vulnerability impacting GitHub.com and GitHub Enterprise Server after receiving a vulnerability report. The security defect allowed access to credentials within a production container but had minimal impact. GitHub resolved the flaw and released patches for GitHub Enterprise Server, also rotating the private GitHub GPG … Read more
January 17, 2024 at 07:36AM Savvy, a SaaS security platform provider, has introduced Identity-First Security to address risks stemming from identity access management permissions, user behavior, and business context. The offering aims to combat SaaS application-related security risks by providing comprehensive visibility and automated security guardrails to guide users in real time. For more details, … Read more
January 17, 2024 at 07:36AM Snyk, a developer-focused security company, has acquired Helios, a startup specializing in runtime application troubleshooting. This acquisition will enhance Snyk’s “cloud-to-code risk visibility” by combining Helios’ runtime data collection with the Snyk Developer Security Platform. The integration will provide Snyk customers with improved asset discovery, issue identification, and risk prioritization. … Read more
January 17, 2024 at 06:56AM The latest Windows Server 2022 patch, KB5034129, has caused issues with the Chrome browser and other Chromium-based browsers, as well as the Snipping Tool and Firefox. Users are experiencing problems with graphical subsystems, resulting in failures to open or blank white boxes. Some have resorted to uninstalling the update or … Read more
January 17, 2024 at 06:39AM CISA and FBI warn of AndroxGh0st malware creating a botnet for victim identification and exploitation. Capable of infiltrating servers with known security flaws, it targets credentials for platforms like AWS and Microsoft Office 365. Features enable SMTP abuse and persistent access to compromised systems. Related tools include FBot and spike … Read more
January 17, 2024 at 06:39AM The upcoming webinar, “The Art of Privilege Escalation – How Hackers Become Admins,” presented by Joseph Carson, aims to equip IT security experts with the knowledge, tools, and strategies to counter cyber threats. Attendees will delve into the mind of cyber attackers, learn to detect privilege escalation attempts, and develop … Read more