Researchers from Israel Institute of Technology, Intuit and Cornell Tech have developed a computer worm called “Morris II” that targets generative AI (GenAI) applications to spread malware and steal personal data.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-05 11:06:452024-03-05 11:06:45Self-Propagating Worm Created to Target Generative AI Systems
The OpenSSF has implemented various initiatives to improve open-source software security, including the creation of a Malicious Packages repository and partnering with CISA to develop a security maturity framework for package repositories.
GitHub has implemented push protection as a default security feature for all public repositories to prevent accidental leaks of sensitive information such as API keys and tokens.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-05 09:07:012024-03-05 09:07:01GitHub Push Protection Now on by Default for Public Repositories
The JetBrains TeamCity On-Premises CI/CD solution has been found to have two critical vulnerabilities (CVE-2024-27198 and CVE-2024-27199) that can allow remote attackers to take control of the server and modify system settings without authentication.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-05 08:08:412024-03-05 08:08:41Exploit Available for New Critical JetBrains TeamCity Authentication Bypass Bug, Patch Now
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-05 07:09:532024-03-05 07:09:53Epic Games ‘hackers’ admit threat of leak was phony
Customers should immediately patch critical vulnerabilities in on-prem deployments of the CI/CD pipeline tool JetBrains TeamCity that could allow threat actors to gain admin control over servers.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-05 07:09:522024-03-05 07:09:52Amex Customer Data Exposed in Third-Party Breach
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
American Express Discloses Data Breach
/in General NewsAmerican Express says names, card account numbers, and card expiration dates were compromised in a data breach.
The post American Express Discloses Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Vulnerability Exposes TeamCity Servers to Takeover
/in General NewsA critical authentication bypass in TeamCity allows remote attackers to take full control of vulnerable servers.
The post Critical Vulnerability Exposes TeamCity Servers to Takeover appeared first on SecurityWeek.
SecurityWeek – Read More
Self-Propagating Worm Created to Target Generative AI Systems
/in General NewsResearchers from Israel Institute of Technology, Intuit and Cornell Tech have developed a computer worm called “Morris II” that targets generative AI (GenAI) applications to spread malware and steal personal data.
Cyware News – Latest Cyber News – Read More
Securing Software Repositories Leads to Better OSS Security
/in General NewsThe OpenSSF has implemented various initiatives to improve open-source software security, including the creation of a Malicious Packages repository and partnering with CISA to develop a security maturity framework for package repositories.
Cyware News – Latest Cyber News – Read More
GitHub Push Protection Now on by Default for Public Repositories
/in General NewsGitHub has implemented push protection as a default security feature for all public repositories to prevent accidental leaks of sensitive information such as API keys and tokens.
Cyware News – Latest Cyber News – Read More
Exploit Available for New Critical JetBrains TeamCity Authentication Bypass Bug, Patch Now
/in General NewsThe JetBrains TeamCity On-Premises CI/CD solution has been found to have two critical vulnerabilities (CVE-2024-27198 and CVE-2024-27199) that can allow remote attackers to take control of the server and modify system settings without authentication.
Cyware News – Latest Cyber News – Read More
Epic Games ‘hackers’ admit threat of leak was phony
/in General NewsThe “hacker” group that claimed to have breached Epic Games now says it was an elaborate con, and Epic says there was no legitimate threat.Read More
Security News | VentureBeat – Read More
Critical TeamCity Bugs Endanger Software Supply Chain
/in General NewsCustomers should immediately patch critical vulnerabilities in on-prem deployments of the CI/CD pipeline tool JetBrains TeamCity that could allow threat actors to gain admin control over servers.
darkreading – Read More
Zero-Click GenAI Worm Spreads Malware, Poisoning Models
/in General News35 years after the Morris worm, we’re still dealing with a version of the same issue: data overlapping with control.
darkreading – Read More
Amex Customer Data Exposed in Third-Party Breach
/in General NewsThe breach occurred through a third-party service provider frequently used by the company’s travel services division.
darkreading – Read More