Iranian APT Group Targets IP Cameras, Extends Attacks Beyond Israel

/in

The Iran-linked group Emennet Pasargad aims to undermine public confidence in Israeli and Western nations by using hack-and-leak campaigns and disrupting government services, including elections.

darkreading – ​Read More

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

/in

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to “Android/data,” “Android/obb,” and “Android/sandbox” directories and its sub-directories,

The Hacker News – ​Read More

Schneider Electric says hackers accessed internal project execution tracking platform

/in

French multinational Schneider Electric confirmed on Monday that it is investigating a cyberattack following confirmation of a breach.

The Record from Recorded Future News – ​Read More

APT36 Refines Tools in Attacks on Indian Targets

/in

The Pakistan-based advanced persistent threat actor has been carrying on a cyber-espionage campaign targeting organizations on the subcontinent for more than a decade, and it’s now using a new and improved “ElizaRAT” malware.

darkreading – ​Read More

Okta Fixes Auth Bypass Bug After 3-Month Lull

/in

The bug affected accounts with 52-character user names, and had several pre-conditions that needed to be met in order to be exploited.

darkreading – ​Read More

Cisco notifies ‘limited set’ of customers after hacker accessed non-public files

/in

The company has said it didn’t suffer a breach, but announced a threat actor downloaded data on a public-facing DevHub environment.

The Record from Recorded Future News – ​Read More

UC San Diego, Tsinghua University researchers just made AI way better at knowing when to ask for help

/in

Credit: VentureBeat made with Midjourney

UC San Diego and Tsinghua University researchers develop breakthrough AI method that teaches small language models when to use tools versus internal knowledge, achieving 28% better accuracy while using fewer resources than larger models like GPT-4.Read More

Security News | VentureBeat – ​Read More

OWASP Beefs Up GenAI Security Guidance Amid Growing Deepfakes

/in

As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, next-generation threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate.

darkreading – ​Read More

Software Makers Encouraged to Stop Using C/C++ by 2026

/in

The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation assert that C, C++, and other memory-unsafe languages contribute to potential security breaches.

Security | TechRepublic – ​Read More

Ohio’s capital says July ransomware attack leaked info of 500,000

/in

The city government of Columbus, Ohio, said a ransomware attack that stirred up a high-profile lawsuit had exposed the data of about 500,000 people.

The Record from Recorded Future News – ​Read More