Cyber Security News
Apache HTTP Server Flaw Let Attackers Inject Malicious Headers Amd HTTP/2 DoS
Apache released updates to address several vulnerabilities impacting the Apache HTTP server that let attackers launch HTTP/2 DoS attacks and
Cyber Security News
Apache released updates to address several vulnerabilities impacting the Apache HTTP server that let attackers launch HTTP/2 DoS attacks and
Latest Hacking News
A serious security vulnerability existed in HAProxy that could allow HTTP request smuggling attacks. The vulnerability affected almost all HAProxy versions, which the maintainer patched accordingly. HAProxy Vulnerability Could Trigger HTTP Content Smuggling The HAProxy maintainer, Willy
Security Affairs
HTTP/2 CONTINUATION Flood: a new HTTP/2 vulnerability can be exploited to conduct powerful denial-of-service (DoS) attacks
Security Affairs
Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943, addressed in the Apache HTTP server in March. “While CVE-2022-22719 and CVE-2022-22720 do […]
Latest Hacking News
A major security vulnerability appeared in the mitmproxy service that allowed an adversary to conduct HTTP request smuggling attacks. Thankfully, the vulnerability received a fix before facing exploit in the wild. mitmproxy HTTP Request Smuggling Bug According
DarkReading
Threat actors can abuse weaknesses in HTTP request handling to launch damaging browser-based attacks on website users, researcher says.
Cyber Security News
The malware generates malicious network behavior, often hiding it in HTTP traffic to avoid detection. So, cyber security detecting malicious traffic.
Latest Hacking News
T-Reqs tool employs grammar-based differential fuzzing to spot novel bugs triggering HTTP Request Smuggling attacks.
Ars Technica
eScan AV updates were delivered over HTTP for five years.
The Hacker News
New research exposes vulnerability in HTTP/2 protocol! The CONTINUATION frame can be exploited for DoS attacks, warns security expert Bartek Nowotarsk
ZDNet
There's a fix for a critical flaw in Apache HTTP Server, the world's second most widely used web server.
SecurityWeek
Organizations respond to HTTP/2 Rapid Reset zero-day vulnerability exploited to launch the largest DDoS attacks seen to date.
Ars Technica
More than 8 years after the adoption of HTTP/2, DDoSers devise rapid reset attack.
Bleeping Computer
QNAP has asked customers to apply mitigation measures to block attempts to exploit Apache HTTP Server security vulnerabilities impacting their network-attached storage (NAS) devices.
Bleeping Computer
The number of hyper-volumetric HTTP DDoS (distributed denial of service) attacks recorded in the third quarter of 2023 surpasses every precedent, indicating that the field has entered a new chapter.
Cyber Security News
Cloudflare was unexpectedly hit by an enormous HTTP attack that peaked at over 201 million requests per second.
The Hacker News
QNAP has issued a notice recommending users update firmware for network-attached storage (NAS) appliances to fix flaws affecting Apache HTTP software.
The Hacker News
Cloudflare reported an industry-wide campaign that targeted AWS, Cloudflare, and Google Cloud, launching DDoS attacks exploiting HTTP/2 Rapid Reset.
Bleeping Computer
A new DDoS (distributed denial of service) technique named 'HTTP/2 Rapid Reset' has been actively exploited as a zero-day since August, breaking all previous records in magnitude.
SecurityWeek
New HTTP/2 DoS method named Continuation Flood can pose a greater risk than Rapid Reset, which has been used for record-breaking attacks.
SecurityWeek
A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.
The Hacker News
⚡ Beware of the HTTP/2 Rapid Reset attack! A novel zero-day flaw is being exploited to launch record-breaking distributed denial-of-service (DDoS).
Cyber Security News
The HTTP/2 CONTINUATION Flood allows a single machine, and in some cases, just a single TCP connection or a few frames, to cause significant disruptions to server operations, leading to crashes or severe performance degradation.
Bleeping Computer
Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.
PCMag
Research suggests new AI security threats are on the horizon. Cloudflare is developing an AI Firewall and is using its own AI tools to defend against AI-powered cyberattacks.
Infosecurity News
The UK Frontier AI Taskforce is evolving to become the UK AI Safety Institute
The Hacker News
Leveraging the power of AI in cybersecurity to outsmart ever-evolving threats. Discover how it can be your ultimate ally!
Infosecurity News
The signatories of these new commitments in safe AI developments include Chinese and Emirati organizations
Infosecurity News
The UK's open source AI safety evaluation platform, Inspect, is set to empower global collaboration for safer AI development
DataBreaches
Waqas reports: Cloudflare stated that it had managed to mitigate multiple “hyper-volumetric” DDoS attacks that originated from more than 30,000 IP...
Bleeping Computer
Proof-of-concept exploit code has been released over the weekend for a critical wormable vulnerability in the latest Windows 10 and Windows Server versions.
CSO
The suite is powered by Palo Alto’s proprietary solution, Precision AI, which integrates machine learning, deep learning, and generative AI technologies.
Cyber Security News
Azure AI continues to provide our customers with innovative technologies to safeguard their applications across the generative AI lifecycle.
The Hacker News
Discover how predictive AI is shaping the future of cybersecurity. Learn how BlackBerry's Cylance AI is outperforming the competition in malware.
DarkReading
AI safety platform startup WitnessAI claims to help enterprises use AI safely and effectively with its platform addressing AI privacy, governance, and security.
Bleeping Computer
Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022.
Infosecurity News
ReversingLabs cybersecurity researchers spotted 41 malicious PyPI packages
Cyber Security News
Recently, Cluster25, a threat intelligence firm, uncovered a spear-phishing campaign dubbed "The Bear and the Shell".
CSO
Three defining concerns associated with the security of AI include trust in AI, ethical application of AI, and cybersecurity of AI, according to the SIA research for cybersecurity megatrends in 2024.
SecurityWeek
Interview with Craig Martell, Chief Digital and AI Officer (CDAO) for the U.S. Department of Defense, about AI use in the military.
DarkReading
The security startup’s platform will allow organizations to define appropriate AI usage and enforce security policies.
Ars Technica
AI-wielding artist must assert ownership and label each piece as "Generative AI."
Bleeping Computer
A wormable remote code execution (RCE) vulnerability in the Windows IIS server can also be used to attack unpatched Windows 10 and Server systems publicly exposing the WinRM (Windows Remote Management) service.
SecurityWeek
CISA details its efforts to promote the use of AI in cybersecurity and guide critical infrastructure in adopting AI.
Ars Technica
Can AI writing detectors be trusted? We dig into the theory behind them.
Infosecurity News
The framework aims to mitigate ethical issues surrounding use of AI in security
CSO
The company's new AI-security posture management (AI-SPM) offering is designed to secure an organization’s AI projects from sensitive access risks.
SecurityWeek
US officials raised concerns on China’s “misuse of AI” while Beijing’s representatives rebuked the US over “restrictions and pressure” on AI.
Ars Technica
List of guiding AI values draws on UN Declaration of Rights—and Apple's terms of service
CSO
Protect AI has integrated open source LLM Guard into proprietary AI security capabilities after acquiring Laiyer AI.
Ars Technica
Broken guardrails for AI systems lead to push for new safety measures .
ZDNet
To keep your browser navigation as safe as possible, you should force connections to use HTTPS. Find out how to enable this feature in the Opera browser.
The Hacker News
AI Solutions Are the New Shadow IT - Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks
Infosecurity News
The Secure AI Framework (SAIF) is a first step to help collaboratively secure AI technology, said Alphabet’s subsidiary
Infosecurity News
The OWASP Foundation has released a call to action ahead of the UK’s AI Safety Summit
Ars Technica
Nonbinding EU draft AI law gets tougher, but it's still open to negotiation.
Naked Security
Twice more unto the breach… third patch tested and released, shut down web access until you’ve applied it
Infosecurity News
Led by NIST, USAISI will be tasked to facilitate the development of standards for the safety, security, and testing of AI models
CyberNews
AI and Bitcoin are a potentially perfect match as both technologies continue to scale
Ars Technica
Meanwhile, readers say that some AI-penned articles switch languages halfway through.
SecurityWeek
Cyber AI Summit will explore cybersecurity use-cases for artificial intelligence (AI) technology and the race to protect LLM algorithms from adversarial use.
Infosecurity News
The UK AI Safety Institute tested four mainstream AI chatbots with basic jailbreak attacks
Infosecurity News
Google has called for safeguards in AI development as it launches its AI Cyber Defense Initiative which aims to transform online security
SecurityWeek
Horizon3.ai's AISaaS-based, AI-assisted penetration service allows proactive defensive action against exploitation of new vulnerabilities.
CyberNews
Scientists trained an AI system to think before speaking, which improved the algorithm's common sense tremendously.
PCMag
So far, the North Korean hackers are not using generative AI to conduct actual cyberattacks. Instead, it looks like they are tapping today’s AI models for planning purposes.
SecurityWeek
Machine Learning and Artificial Intelligence security firm Protect AI raised $35 million in Series A funding led by Evolution Equity Partners
Infosecurity News
AI scientist Inma Martinez predicts governments will start requiring ‘frontier’ AI labs full disclosure on the purpose of the tools they are developing
Latest Hacking News
The privacy-focused browser Brave has now developed an exciting AI experience for Android users. As announced, Brave has launched ‘Leo’ as its very own AI assistant for Android browsers, hoping to enhance users’ experience. Brave AI
DarkReading
While attackers have targeted AI systems, failures in AI design and implementation are far more likely to cause headaches, so companies need to prepare.
Ars Technica
WGA writers don't want to train AI or clean up AI-generated "sloppy first drafts."
Cyber Security News
Researchers investigated potential malicious uses of AI by threat actors and experimented with various AI models, including large language
CSO
The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said.
Bleeping Computer
A distributed denial-of-service (DDoS) attack earlier this year takes the top spot for the largest such incident, peaking at 17.2 million requests per second (rps).
Ars Technica
Media orgs want AI firms to license content for training, and Congress is sympathetic.
SC Magazine
The regulations will likely have a global impact and influence as AI tech rapidly evolves, experts say.
SecurityWeek
Microsoft has shared guidance and resources from its AI Red Team program to help organizations and individuals with AI security.
Infosecurity News
Website takedowns driven by Russian hacktivists
Infosecurity News
PromptGuard is a new cloud access security broker (CASB) that supports employee AI use while ensuring that sensitive data is not released to AI systems
HACKRead
Cybersecurity firm Wiz.io found that AI-as-a-service (aka AI Cloud) platforms like Hugging Face are vulnerable to critical risks.
CSO
Defensive AI emerged as a critical AI use, with 58% of respondents to a survey saying their organization is investing in AI to stop AI-based attacks.
DarkReading
The nation's new AI council will be responsible for developing policies and strategies related to research, infrastructure, and investments in AI.
CyberSecurity Dive
Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention.
Ars Technica
Registration of AI-assisted comic comes amid fierce online debate about AI art ethics.
DarkReading
The finding underscores the challenges of protecting data from multiple customers across AI-as-a-service solutions, especially in environments that run AI models from untrusted sources.
Bleeping Computer
Microsoft announced a new AI bounty program focused on the AI-driven Bing experience, with rewards reaching $15,000.
Latest Hacking News
Researchers have devised a novel attack strategy against AI assistants. Dubbed “TrojanPuzzle,” the data poisoning attack maliciously trains AI assistants to suggest wrong codes, troubling software engineers. TROJANPUZZLE Attack Exploits AI Assistants Researchers from the University of
Trend Micro
How generative AI influenced threat trends in 1H 2023
CyberNews
Google proudly calls its brand new AI search feature, AI Overview, the future of browsing. But so far, the quick answers it provides can be simply nonsensical.
SecurityWeek
Security researchers flag multiple severe vulnerabilities in open source AI/ML solutions MLflow, ClearML, Hugging Face.
SecurityWeek
Five ways in which artificial intelligence (AI) can be leveraged to improve API security to help enterprises improve their security posture.
ZDNet
AI Verify Foundation will develop test toolkits that mitigate the risks of AI.
CyberNews
Artists are demanding that AI developers, tech companies, platforms, and digital music services pledge not to develop AI music technology, as it undermines the rights of human creativity.
The Hacker News
See how you can find out in minutes with Nudge Security. Automate discovery of new AI tools as they are introduced, collect context on how AI tools ar
Ars Technica
Actor pokes fun at 2023 AI video by eating spaghetti messily and claiming it's AI-generated.
The Cyber Express
The European Parliament has approved the groundbreaking Artificial Intelligence (AI) Act, signaling a pivotal step towards regulating AI technologies while
CSO
New AI-powered identity visibility, along with a few other AI advancements, is expected to improve Cisco’s existing security offerings.
Ars Technica
Inventors must be human, but there's still a condition where AI can officially help.
Ars Technica
No detectors "reliably distinguish between AI-generated and human-generated content."
CSO
AI is simplifying all sorts of tasks — and not always for the better: cybercriminals, too, are adopting it.
Loading more articles....