North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft

/in

The Lazarus APT created a deceptive website that exploited a Chrome zero-day to install malware and steal cryptocurrency.

The post North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft appeared first on SecurityWeek.

SecurityWeek – ​Read More

Misconfigured UN Database Exposes 228GB of Gender Violence Victims’ Data

/in

A cybersecurity researcher discovered a massive data leak exposing over 115,000 sensitive documents associated with the UN Trust…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

New Fortinet Zero-Day Exploited for Months Before Patch

/in

A Fortinet zero-day tracked as CVE-2024-47575 and named FortiJump has been exploited since at least June 2024.

The post New Fortinet Zero-Day Exploited for Months Before Patch appeared first on SecurityWeek.

SecurityWeek – ​Read More

What Is PCI Compliance? A Simple Guide for Businesses

/in

Safeguard your customers’ card data using these industry-standard security protocols.

Security | TechRepublic – ​Read More

Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements

/in

The Penn State university has agreed to pay $1.25 million to settle alleged failure to meet cybersecurity requirements for DoD and NASA contracts.

The post Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements appeared first on SecurityWeek.

SecurityWeek – ​Read More

New Scoring System Helps Secure the Open Source AI Model Supply Chain

/in

AI models from Hugging Face can contain similar hidden problems to OSS downloads from repositories such as GitHub.

The post New Scoring System Helps Secure the Open Source AI Model Supply Chain appeared first on SecurityWeek.

SecurityWeek – ​Read More

Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign

/in

Cisco has released patches for multiple vulnerabilities in ASA, FMC, and FTD products, including an exploited flaw.

The post Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign appeared first on SecurityWeek.

SecurityWeek – ​Read More

Technologist Bruce Schneier on security, society and why we need ‘public AI’ models

/in

The renowned security expert says fully transparent models can help us turn AI into a tool that produces benefits for everyone.

Latest stories for ZDNET in Security – ​Read More

Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation

/in

Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild.
Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager (FGFM) protocol.
“A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may

The Hacker News – ​Read More

‘Prometei’ Botnet Spreads Its Cryptojacker Worldwide

/in

The Russian-language malware primarily enlists computers to mine Monero, but theoretically it can do worse.

darkreading – ​Read More