https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-06-28 10:06:302024-06-28 10:06:30This Viral AI Chatbot Will Lie and Say It’s Human
Approximately three-quarters of companies have made investments in cyber defense in order to qualify for cyber insurance, according to a report by Sophos and Vanson Bourne.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-06-28 10:06:302024-06-28 10:06:30Cyber Insurance Terms Drive Companies To Invest More in Security, Report Finds
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-06-28 10:06:302024-06-28 10:06:30Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity
The US cybersecurity agency CISA has issued a warning about cyber threat actors exploiting vulnerabilities in GeoServer (CVE-2022-24816), the Linux kernel (CVE-2022-2586), and Roundcube Webmail (CVE-2020-13965).
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-06-28 10:06:292024-06-28 10:06:29CISA Adds GeoServer, Linux Kernel, and Roundcube Webmail Bugs to its Known Exploited Vulnerabilities Catalog
Microsoft has discovered a new type of jailbreak attack called Skeleton Key. This technique uses a multi-turn strategy to make the model ignore its guardrails, allowing it to generate forbidden content or override its decision-making rules.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-06-28 09:07:352024-06-28 09:07:35Mitigating Skeleton Key, a New Type of Generative AI Jailbreak Technique
Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands.
The flaws impact GC370XA, GC700XA, and GC1500XA and reside in versions 4.1.5 and prior.
According to operational technology (OT) security firm Claroty, the
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-06-28 09:07:352024-06-28 09:07:35Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment
XenoRAT is being used by North Korean hackers and other actors targeting the gaming community. It is being spread through .gg domains and a GitHub repository disguised as Roblox scripting tools.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-06-28 09:07:342024-06-28 09:07:34Xeno RAT Spread via .gg Domains and GitHub
The California Privacy Protection Agency (CPPA) has signed a partnership agreement with France’s Commission Nationale de l’Informatique et des Libertés (CNIL) to conduct joint research and share investigative findings on data privacy issues.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-06-28 09:07:342024-06-28 09:07:34California Privacy Regulator to Partner With French Data Authority
The Vanna AI library has been found to have a vulnerability (CVE-2024-5565) that could allow for remote code execution (RCE) due to a prompt injection issue related to the Plotly script.
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Russian APT Reportedly Behind New TeamViewer Hack
/in General NewsTeamViewer’s corporate network was hacked and some reports say the Russian group APT29 is behind the attack.
The post Russian APT Reportedly Behind New TeamViewer Hack appeared first on SecurityWeek.
SecurityWeek – Read More
This Viral AI Chatbot Will Lie and Say It’s Human
/in General NewsBland AI’s customer services and sales bot is the latest example of “human-washing” in AI. Experts warn against the consequences of blurred reality.
Wired – Read More
Cyber Insurance Terms Drive Companies To Invest More in Security, Report Finds
/in General NewsApproximately three-quarters of companies have made investments in cyber defense in order to qualify for cyber insurance, according to a report by Sophos and Vanson Bourne.
Cyware News – Latest Cyber News – Read More
Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity
/in General NewsNamecheap shut down polyfill.io amid reports of malicious activity, but the Chinese owner claims it has good intentions.
The post Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity appeared first on SecurityWeek.
SecurityWeek – Read More
CISA Adds GeoServer, Linux Kernel, and Roundcube Webmail Bugs to its Known Exploited Vulnerabilities Catalog
/in General NewsThe US cybersecurity agency CISA has issued a warning about cyber threat actors exploiting vulnerabilities in GeoServer (CVE-2022-24816), the Linux kernel (CVE-2022-2586), and Roundcube Webmail (CVE-2020-13965).
Cyware News – Latest Cyber News – Read More
Mitigating Skeleton Key, a New Type of Generative AI Jailbreak Technique
/in General NewsMicrosoft has discovered a new type of jailbreak attack called Skeleton Key. This technique uses a multi-turn strategy to make the model ignore its guardrails, allowing it to generate forbidden content or override its decision-making rules.
Cyware News – Latest Cyber News – Read More
Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment
/in General NewsMultiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands.
The flaws impact GC370XA, GC700XA, and GC1500XA and reside in versions 4.1.5 and prior.
According to operational technology (OT) security firm Claroty, the
The Hacker News – Read More
Xeno RAT Spread via .gg Domains and GitHub
/in General NewsXenoRAT is being used by North Korean hackers and other actors targeting the gaming community. It is being spread through .gg domains and a GitHub repository disguised as Roblox scripting tools.
Cyware News – Latest Cyber News – Read More
California Privacy Regulator to Partner With French Data Authority
/in General NewsThe California Privacy Protection Agency (CPPA) has signed a partnership agreement with France’s Commission Nationale de l’Informatique et des Libertés (CNIL) to conduct joint research and share investigative findings on data privacy issues.
Cyware News – Latest Cyber News – Read More
Vanna AI Prompt Injection Vulnerability Enables RCE
/in General NewsThe Vanna AI library has been found to have a vulnerability (CVE-2024-5565) that could allow for remote code execution (RCE) due to a prompt injection issue related to the Plotly script.
Cyware News – Latest Cyber News – Read More