Self-Propagating Worm Created to Target Generative AI Systems

/in

Researchers from Israel Institute of Technology, Intuit and Cornell Tech have developed a computer worm called “Morris II” that targets generative AI (GenAI) applications to spread malware and steal personal data.

Cyware News – Latest Cyber News – ​Read More

Securing Software Repositories Leads to Better OSS Security

/in

The OpenSSF has implemented various initiatives to improve open-source software security, including the creation of a Malicious Packages repository and partnering with CISA to develop a security maturity framework for package repositories.

Cyware News – Latest Cyber News – ​Read More

GitHub Push Protection Now on by Default for Public Repositories

/in

GitHub has implemented push protection as a default security feature for all public repositories to prevent accidental leaks of sensitive information such as API keys and tokens.

Cyware News – Latest Cyber News – ​Read More

Exploit Available for New Critical JetBrains TeamCity Authentication Bypass Bug, Patch Now

/in

The JetBrains TeamCity On-Premises CI/CD solution has been found to have two critical vulnerabilities (CVE-2024-27198 and CVE-2024-27199) that can allow remote attackers to take control of the server and modify system settings without authentication.

Cyware News – Latest Cyber News – ​Read More

Epic Games ‘hackers’ admit threat of leak was phony

/in

The “hacker” group that claimed to have breached Epic Games now says it was an elaborate con, and Epic says there was no legitimate threat.Read More

Security News | VentureBeat – ​Read More

Critical TeamCity Bugs Endanger Software Supply Chain

/in

Customers should immediately patch critical vulnerabilities in on-prem deployments of the CI/CD pipeline tool JetBrains TeamCity that could allow threat actors to gain admin control over servers.

darkreading – ​Read More

Zero-Click GenAI Worm Spreads Malware, Poisoning Models

/in

35 years after the Morris worm, we’re still dealing with a version of the same issue: data overlapping with control.

darkreading – ​Read More

Amex Customer Data Exposed in Third-Party Breach

/in

The breach occurred through a third-party service provider frequently used by the company’s travel services division.

darkreading – ​Read More

Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers

/in

A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems.
The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3.
“The

The Hacker News – ​Read More

Seoul Spies Say North Korea Hackers Stole Semiconductor Secrets

/in

The DPRK is using cyberattacks to steal designs and other data from South Korean microchip manufacturers, according to Seoul’s National Intelligence Service.

darkreading – ​Read More