January 17, 2024 at 06:30AM OpenAI has outlined safeguards against election misinformation for its generative AI tools that can create compelling fake images and texts. This includes banning technology use for misleading purposes, digital watermarking of AI images, and ensuring users receive accurate voting information. OpenAI’s CEO expresses vigilance and anxiety about preventing misuse during … Read more
January 17, 2024 at 06:30AM Oracle issued 389 new security patches in its January 2024 Critical Patch Update, addressing numerous critical-severity vulnerabilities. The update covers over 200 unique CVEs, with emphasis on Financial Services Applications, Communications, and MySQL. Oracle urges prompt patch application, warning of potential in-the-wild exploitation. The company plans three more Critical Patch … Read more
January 17, 2024 at 06:03AM Cybersecurity researchers have developed a “lightweight method” called iShutdown to detect spyware on Apple iOS devices, including threats like NSO Group’s Pegasus and QuaDream’s Reign. The method involves analyzing the “Shutdown.log” file, which records reboot events and environment characteristics, and has been found to be a reliable forensic artifact for … Read more
January 17, 2024 at 05:06AM Citrix published a security bulletin revealing that two zero-day vulnerabilities in NetScaler ADC and Gateway products are being exploited. CVE-2023-6548 allows remote execution of code, and CVE-2023-6549 enables DoS attacks. Citrix advises immediate patch installation. The vulnerabilities may be exploited in targeted attacks but are not expected to have significant … Read more
January 17, 2024 at 04:39AM Two UK cold-calling companies, Poxell Ltd and Skean Homes Ltd, face £150,000 and £100,000 fines, respectively, for making millions of unsolicited marketing calls to individuals on the Telephone Preference Service (TPS). The ICO found both companies in violation of regulations, emphasizing the need to prevent unwanted marketing and protect individual … Read more
January 17, 2024 at 03:15AM GitHub has responded to a security vulnerability by rotating some keys, including the GitHub commit signing key, GitHub Actions, GitHub Codespaces, and Dependabot customer encryption keys. The vulnerability, CVE-2024-0200, has not been exploited in the wild, but GitHub has addressed it with patches. Another bug, CVE-2024-0507, has also been resolved … Read more
January 17, 2024 at 01:34AM Netcraft discovered that scammers are exploiting cheap domain names to promote fake health products through deceptive news campaigns, mimicking popular news outlets and falsely claiming endorsements from TV shows like Shark Tank and Dragons’ Den. The proliferation of new global top-level domain names, such as .sbs and .cloud, at low … Read more
January 16, 2024 at 10:01PM Nokia has launched a dedicated business unit for government sales in the USA, reflecting Washington’s concerns about national infrastructure security. The move comes amid US efforts to remove Chinese-made equipment from its networks due to security worries. Nokia is tailoring its portfolio and sales team to meet federal government needs, … Read more
January 16, 2024 at 08:36PM The FBI and CISA warn that cybercriminals are leveraging old vulnerabilities to deploy Androxgh0st malware, targeting .env files containing user credentials for AWS, Microsoft Office 365, SendGrid, and Twilio. The malware can be used to steal data, execute code remotely, and create new AWS users and instances. Mitigations include updating … Read more
January 16, 2024 at 07:10PM Security teams increasingly collaborate with internal and external partners for incident response, recognizing the importance of coordination. 63% coordinate with internal communications, 44% know whom to contact in HR, and 39% have dedicated resources for external communications. Cross-functional collaboration is crucial due to the wide-reaching impact of security breaches. Also, … Read more