Dane Stuckey Joins OpenAI as CISO
Former Palantir CISO joins ChatGPT maker OpenAI to lead cybersecurity efforts.
The post Dane Stuckey Joins OpenAI as CISO appeared first on SecurityWeek.
SecurityWeek – Read More
From Misuse to Abuse: AI Risks and Attacks
AI from the attacker’s perspective: See how cybercriminals are leveraging AI and exploiting its vulnerabilities to compromise systems, users, and even other AI applications
Cybercriminals and AI: The Reality vs. Hype
“AI will not replace humans in the near future. But humans who know how to use AI are going to replace those humans who don’t know how to use AI,” says Etay Maor, Chief Security
The Hacker News – Read More
AI Models in Cybersecurity: From Misuse to Abuse
Exploring differences in AI models on security measures and unveiling threat actor tactics.
The post AI Models in Cybersecurity: From Misuse to Abuse appeared first on SecurityWeek.
SecurityWeek – Read More
CISA Flags Critical SolarWinds Web Help Desk Bug for In-the-Wild Exploitation
CISA warns that a critical-severity hardcoded credentials vulnerability in SolarWinds Web Help Desk is exploited in attacks.
The post CISA Flags Critical SolarWinds Web Help Desk Bug for In-the-Wild Exploitation appeared first on SecurityWeek.
SecurityWeek – Read More
Oracle Patches Over 200 Vulnerabilities With October 2024 CPU
Oracle has released 334 new security patches to address roughly 220 unique CVEs as part of its October 2024 Critical Patch Update.
The post Oracle Patches Over 200 Vulnerabilities With October 2024 CPU appeared first on SecurityWeek.
SecurityWeek – Read More
Passkey News: FIDO Unveils New Specifications, Amazon Announces 175 Million Users
FIDO Alliance has published new specifications for securely moving passkeys across providers, as Amazon announced 175 million passkey users.
The post Passkey News: FIDO Unveils New Specifications, Amazon Announces 175 Million Users appeared first on SecurityWeek.
SecurityWeek – Read More
Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack
A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails.
“The spear-phishing campaign’s impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected,” Trend Micro said in a new analysis.
”
The Hacker News – Read More
CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gain
The Hacker News – Read More
GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access
GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance.
The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0
“An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing
The Hacker News – Read More
North Korea Hackers Get Cash Fast in Linux Cyber Heists
The thieves modify transaction messages to initiate unauthorized withdrawals, even when there are insufficient funds.
darkreading – Read More