XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor

/in

Read about a supply chain attack that involves XZ Utils, a data compressor widely used in Linux systems, and learn how to protect from this threat.

Security | TechRepublic – ​Read More

All eyes on cyberdefense as elections enter the generative AI era

/in

Humans are easier to breach than IT systems, and errant actors will use generative AI to exploit this opportunity.

Latest stories for ZDNET in Security – ​Read More

Hijacked Facebook Pages are pushing fake AI services to steal your data

/in

And millions of Facebook users appear to be falling for it.

Latest stories for ZDNET in Security – ​Read More

The music industry must find a way to stay in tune with GenAI

/in

Artificial intelligence can continue to amplify human creativity, if everyone plays by certain key principles.

Latest stories for ZDNET in Security – ​Read More

Fake Facebook MidJourney AI Page Promoted Malware to 1.2 Million People

/in

Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI’s SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware.

Cyware News – Latest Cyber News – ​Read More

Google Chrome Adds V8 Sandbox – A New Defense Against Browser Attacks

/in

Google has announced support for what’s called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues.
The sandbox, according to V8 Security technical lead Samuel Groß, aims to prevent “memory corruption in V8 from spreading within the host process.”
The search behemoth has described V8 Sandbox as a lightweight, in-process sandbox

The Hacker News – ​Read More

Escalation of Fake E-Shop Campaign Threatens Banking Security in Multiple Regions

/in

The threat actor behind the fake e-shop campaign leverages tools such as the open-source string obfuscator “Paranoid” and the Janus WebRTC module, showcasing a deep understanding of technological intricacies to evade detection and amplify impact.

Cyware News – Latest Cyber News – ​Read More

Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability

/in

Researchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution.

The post Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability appeared first on SecurityWeek.

SecurityWeek – ​Read More

Hotel Check-In Terminal Leaks Rafts of Guests’ Room Codes

/in

Martin Schobert at Swiss security firm Pentagrid discovered that an attacker could input a series of six consecutive dashes (——) in place of a booking reference number and the terminal would return an extensive list of room details.

Cyware News – Latest Cyber News – ​Read More

Key Lawmakers Float New Rules for Personal Data Protection; Bill Would Make Privacy a Consumer Right

/in

The American Privacy Rights Act would preempt most state privacy laws — though it wouldn’t impact certain states’ laws already on the books that protect financial, health or employee data.

The post Key Lawmakers Float New Rules for Personal Data Protection; Bill Would Make Privacy a Consumer Right appeared first on SecurityWeek.

SecurityWeek – ​Read More