The Hacker News
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.
SecurityWeek
In Other News: European Parliament Breach, DocGo Hack, VMware Advisories Moved
European Parliament application breached, DocGo hacked, VMware advisories moved to Broadcom support portal.
SecurityWeek
RSA Conference 2024 – Announcements Summary (Day 4)
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
Bleeping Computer
Get a grade-A refurbished Dell Precision desktop for $414 off
A desktop can be a powerful and effective upgrade for remote work, personal projects, and much more. This near-mint refurbished Dell Precision tower has all the power you need for $269.99, $414 off the $684 MSRP.
SecurityWeek
RSA Conference 2024 – Announcements Summary (Day 2)
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
SC Magazine
RSAC 2024: CISA, DHS grapple with cyber risks in the age of AI
AI and “secure by design” will be crucial to defend against ransomware, CI attacks and AI threats in the coming years.
Ars Technica
Microsoft developing MAI-1 language model that may compete with OpenAI—report
In project headed by former Inflection chief, MAI-1 may have 500B parameters.
Cyber Security News
NVIDIA ChatRTX for Windows Vulnerability Lets Attackers Escalate Privileges
NVIDIA, a leading technology company, has recently released a security update regarding its Windows ChatRTX application.
SC Magazine
NVIDIA patches three ChatRTX security bugs
Security pros advise teams to use demo apps such as ChatRTX mainly in a test environment.
SecurityWeek
In Other News: Locked Shields 2024, Data Exposure Bugs, NVIDIA Patches
4,000 take part in Locked Shields 2024 exercise, Qantas and JP Morgan hit by data exposure bugs, NVIDIA patches critical flaw.
The Record
Organizations patch CISA KEV list bugs 3.5 times faster than others, researchers find
Researchers at Bitsight asked whether organizations remediate software and hardware vulnerabilities faster if they're on the federal government's list. The resulting data added up to a resounding "yes."
SecurityWeek
Tech CEOs Altman, Nadella, Pichai and Others Join Government AI Safety Board Led by DHS’ Mayorkas
Technology and critical Infrastructure executives join new DHS Artificial Intelligence Safety and Security Board
Ars Technica
Critics question tech-heavy lineup of new Homeland Security AI safety board
CEO-heavy board to tackle elusive AI safety concept and apply it to US infrastructure.
The Record
DHS announces AI safety board with OpenAI founder, CEOs of Microsoft, Nvidia, IBM
The Artificial Intelligence Safety and Security Board will include representatives of tech companies, critical infrastructure entities, academia, government agencies and “leaders in the civil rights, civil liberties, and privacy communities,” said Homeland Security Secretary Alejandro Mayorkas.
The Record
Kaiser’s website tracking tools may have compromised data on 13 million customers
Kaiser Permanente said the affected information could "indicate a member or patient was signed into a Kaiser Permanente account or service," show how "a member or patient interacted with and navigated through the website and mobile applications" or reveal "search terms used in the health encyclopedia.”
SecurityWeek
New Password Cracking Analysis Targets Bcrypt
Hive Systems conducts another study on cracking passwords via brute-force attacks, but it’s no longer targeting MD5.
Cyber Security News
Russian Hackers Exploiting Windows Print Spooler Using GooseEgg Tool
Hackers abuse Windows Print Spooler vulnerabilities because it runs with elevated SYSTEM privileges which allows privilege escalation.
Ars Technica
Kremlin-backed hackers exploit critical Windows vulnerability reported by the NSA
Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now.
CyberNews
Meta introduces open Llama 3 AI, a serious competitor to similar-sized platforms
“We believe these are the best open source models of their class, period,” Meta said.
SecurityWeek
Cisco Unveils AI-Native Enterprise Security Solution Hypershield
Cisco announces Hypershield, an AI-native and cloud-native enterprise security solution with a wide range of capabilities.
Cyber Security News
Cisco Unveils Hypershield: AI-Powered Automated Vulnerability Shield
Cisco introduced its latest innovation, Cisco Hypershield, marking a significant milestone in the evolution of cybersecurity.
CSO
Cisco announces AI-powered Hypershield for autonomous exploit patching in the cloud
AI-based capability is part of Cisco’s Security Cloud platform for hyperscalers.
Ars Technica
Intel’s “Gaudi 3” AI accelerator chip may give Nvidia’s H100 a run for its money
Intel claims 50% more speed when running AI language models vs. the market leader.
SecurityWeek
Google Cloud Unveils New AI-Powered Security Capabilities
Google adds AI to cloud security features and announces several other security capabilities for cloud customers.
The Hacker News
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included
Microsoft releases a massive patch for April 2024, fixing a record 149 flaws. Two vulnerabilities are ALREADY under attack.
Ars Technica
Elon Musk: AI will be smarter than any human around the end of next year
While Musk says superintelligence is coming soon, one critic says prediction is "batsh*t crazy."
SecurityWeek
In Other News: 100,000 Affected by CISA Breach, Microsoft AI Copilot Ban, Nuclear Site Prosecution
CISA hack could impact 100,000 people, Microsoft AI Copilot banned by US House, UK nuclear site prosecution.
Ars Technica
TSMC “still assessing” chipmaking facilities after 7.4-magnitude quake hits Taiwan
TSMC makes most high-end chips for Apple, Nvidia, AMD, and others.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
This weekly cybersecurity news recap keeps you informed about the latest threats, exposures, mitigation techniques, and emerging malicious tactics that could compromise systems.
Cyber Security News
NVIDIA ChatRTX For Windows App Vulnerability Let Attackers Escalate Privilege
A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and CVE-2024-0083) that could allow
SecurityWeek
Code Execution Flaws Haunt NVIDIA ChatRTX for Windows
Artificial intelligence computing giant NVIDIA patches two security bugs in ChatRTX for Windows, warning of risk of code execution attacks.
SecurityWeek
Binarly Attracts $10.5M to Tackle Software Supply Chain Security
Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage venture capital funding led by Two Bear Capital.
Ars Technica
Nvidia announces “moonshot” to create embodied human-level AI in robot form
As companies race to pair AI with general-purpose humanoid robots, Nvidia's GR00T emerges.
Ars Technica
Nvidia unveils Blackwell B200, the “world’s most powerful chip” designed for AI
208B transistor chip can reportedly reduce AI cost and energy consumption by up to 25x.
CyberNews
Nvidia demos AI-generated characters, stocks are still rising
Nvidia’s lifelike avatars are being used by industries for commercial applications and dynamic game characters. The company’s stocks are skyrocketing.
CyberSecurity Dive
AI’s copyright problem will soon slow adoption, Gartner says
The analyst firm said efforts to mitigate intellectual property leaks and copyright infringement will diminish ROI.
SC Magazine
What is ‘AI washing?’ Companies pay $400K to SEC for inflated claims
“AI-driven” cybersecurity solutions must prove up their worth to buyers and analysts, experts say.
SecurityWeek
New Attack Shows Risks of Browsers Giving Websites Access to GPU
Researchers demonstrate remote GPU cache side-channel attack from within browsers against AMD and NVIDIA graphics cards.
Security Affairs
Recent DarkGate campaign exploited Microsoft Windows zero-day
Researchers recently uncovered a DarkGate campaign in mid-January 2024, which exploited Microsoft zero-day vulnerability
.jpg)
The Hacker News
RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage
RedCurl cybercrime group found exploiting Windows Program Compatibility Assistant for malicious activities. This sophisticated method allows attackers
The Hacker News
DarkGate Malware Exploits Recently Patched Microsoft Flaw in Zero-Day Attack
A new DarkGate malware campaign uses a recently patched #MicrosoftWindows flaw (CVE-2024-21412) to deploy malicious software via bogus installers.
Bleeping Computer
Hackers exploit Windows SmartScreen flaw to drop DarkGate malware
A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers.
Bleeping Computer
Hackers abuse Windows SmartScreen flaw to drop DarkGate malware
A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers.
The Hacker News
Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws
Microsoft releases Patch Tuesday updates to patch 61 new vulnerabilities, including privilege escalation flaws in Azure, Windows, & Authenticator.
Trend Micro
CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
Ars Technica
Image-scraping Midjourney bans rival AI firm for scraping images
Midjourney pins blame for 24-hour outage on "bot-net like" activity from Stability AI employee.
Ars Technica
Anthropic’s Claude 3 causes stir by seeming to realize when it was being tested
Claude: "This pizza topping 'fact' may have been inserted as a joke or to test if I was paying attention."
Bleeping Computer
Insomniac Games alerts employees hit by ransomware data breach
Sony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November.
Cyber Security News
Cisco To Lay Off 4,000+ Employees Which is 5% of Workforce
Recently, Cisco announced On February 14, 2024, that they are laying off more than 4000 (approx 4200) employees which is 5% of the workforce.
Ars Technica
Nvidia’s “Chat With RTX” is a ChatGPT-style app that runs on your own GPU
Nvidia's local private AI chatbot is a high-profile step toward cloud independence.
The Hacker News
Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
Microsoft's latest Patch Tuesday tackles 73 vulnerabilities, including actively exploited zero-days.
Ars Technica
Nvidia CEO calls for “Sovereign AI” as his firm overtakes Amazon in market value
Driven by AI boom, the two companies are neck-and-neck behind Apple, Microsoft, and Google.
Ars Technica
Report: Sam Altman seeking trillions for AI chip fabrication from UAE, others
WSJ: Audacious $5-$7 trillion investment would aim to expand global AI chip supply.
SecurityWeek
Tech Giants Form Post-Quantum Cryptography Alliance
The Linux Foundation, AWS, Cisco, IBM, and other tech companies establish the Post-Quantum Cryptography Alliance.
Cyber Security News
Google's Open-source Tool Bazel Flaw Let Attackers Insert Malicious Code
Bazel, an open-source software used for automation of building and testing has been discovered with a critical supply chain vulnerability.
The Record
AnyDesk says software ‘safe to use’ after cyberattack
After a four-day outage caused by a cyberattack, the popular remote monitoring and management software company said there is "no evidence that any customer data has been exfiltrated."
PCMag
AnyDesk Hit by Cyberattack That Targeted Production Systems
The company says the incident is not a ransomware attack.
HACKRead
AnyDesk Urges Password Change Amid Security Breach
AnyDesk, a remote desktop software maker, has reportedly become a victim of a cyberattack that compromised its production systems.
Bleeping Computer
AnyDesk says hackers breached its production servers, reset passwords
AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack.
Bleeping Computer
AnyDesk says hackers breached its production servers, resets passwords
AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack.
Cyber Security News
VileRAT Attacking Windows Machines via Malicious Software
A new variant of VileRAT is being distributed through fake software pirate websites to infect Windows systems on a large scale.
SC Magazine
Google supply chain bug patched in code-testing tool Bazel
A GitHub Actions workflow could have been used for a command injection vulnerability in Bazel, which had the potential for threat actors to add malicious code into the production environment for projects using the Google open-source product.
Infosecurity News
Google’s Bazel Exposed to Command Injection Threat
Cycode stressed securing software supply chains amid complex dependencies and third-party actions
SecurityWeek
AI Testing Startup RagaAI Emerges From Stealth With $4.7M in Seed Funding
AI testing platform RagaAI raises $4.7 million in seed funding to help identify AI issues and improve security and reliability.
Cyber Security News
The Security Dimensions of Adopting LLMs
The incredible capabilities of LLM (Large Language Models) enable organizations to engage in various useful activities.
Ars Technica
Zuckerberg’s AGI remarks follow trend of downplaying AI dangers
Zuckeberg and Altman both tamp down fear and hype with casual statements about AGI.
Cyber Security News
LeftoverLocals Attack Let Attackers Steal AI Data From Apple, Qualcomm & AMD GPUs
Researchers Tyler Sorensen and Heidy Khlaaf of Trail of Bits found the vulnerability, which they named LeftoverLocals.
SC Magazine
AMD, Apple, Qualcomm, Imagination GPUs could leak AI secrets via ‘LeftoverLocals’
A simple 10-line program could allow an attacker to “listen” to private machine learning processes, according to researchers from Trail of Bits.
Bleeping Computer
AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks
A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space.
SecurityWeek
AI Data Exposed to 'LeftoverLocals' Attack via Vulnerable AMD, Apple, Qualcomm GPUs
Researchers show how a new attack named LeftoverLocals, which impacts GPUs from AMD, Apple and Qualcomm, can be used to obtain AI data.
CyberNews
Microsoft topples Apple to become global market cap leader
Microsoft has eclipsed Apple to become the world's largest company by market capitalization.
DarkReading
Syrian Threat Group Peddles Destructive SilverRAT
The Middle Eastern developers claim to be building a new version of the antivirus-bypassing remote access Trojan (RAT) attack tool.
The Cyber Express
Decoding Hackers in 2023: The Year’s Most Disruptive Cybercriminals and Cybercrime Syndicates
The year 2023 witnessed a surge in high-profile cyberattacks, leaving organizations shattered and the world in chaos. This digital turmoil
Bleeping Computer
GTA 5 source code reportedly leaked online a year after RockStar hack
The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data.
The Hacker News
British LAPSUS$ Teen Members Sentenced for High-Profile Attacks
Two British teens, part of the LAPSUS$ cybercrime gang, sentenced for orchestrating high-profile attacks against companies.
HACKRead
GTA 6 Hacker from Lapsus$ Gang Sentenced to Hospital
Arion Kurtaj, a 17-year-old from the United Kingdom, faced accusations of being part of the Lapsus$ gang, hacking industry giants, including Uber, Rockstar Games, Nvidia, BT, Samsung, and others.
SecurityWeek
UK Teen Gets Indefinite Hospital Order For 'Grand Theft Auto' Hack
A British teenage hacker has been sentenced to an indefinite hospital stay to be treated for his inability to control himself online.
Security Affairs
Member of Lapsus$ gang sentenced to indefinite hospital order
A member of the Lapsus$ cyber extortion group, Arion Kurtaj, has been sentenced to an indefinite hospital order.
The Cyber Express
Teen GTA 6 Hacker Sentenced to Life in Hospital Prison
The 18-year-old GTA 6 hacker, Arion Kurtaj, has been sentenced to life in a hospital prison for his role in
Bleeping Computer
Lapsus$ hacker behind GTA 6 leak gets indefinite hospital sentence
Lapsus$ cybercrime and extortion group member, Arion Kurtaj has been sentenced to life in a 'secure hospital' by a UK judge. Kurtaj who is 18 years of age and autistic is among the primary Lapsus$ threat actors, and was involved in the leak of assets associated with the video game, Grand Theft Auto VI.
The Hacker News
Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical
Microsoft's final Patch Tuesday of 2023 is here, addressing 33 software flaws. This release includes 4 Critical and 29 Important fixes.
Computerworld
Meta releases open-source tools for AI safety
The Purple Llama project aims to help developers build generative AI models responsibly.
Ars Technica
How Huawei made a cutting-edge chip in China and surprised the US
China's flagship smartphone maker pulled off the feat despite sanctions.
Ars Technica
Stable Diffusion Turbo XL can generate AI images as fast as you can type
Even at home, SDXL Turbo can create detailed images with startling speed.
Ars Technica
New “Stable Video Diffusion” AI model can animate any still image
Given GPU and patience, SVD can turn any image into a 2-second video clip.
Ars Technica
Microsoft launches custom chips to accelerate its plans for AI domination
Amid GPU shortages, Microsoft reaches for custom silicon to run its AI language models.
The Hacker News
Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities
Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023.
Ars Technica
Nvidia introduces the H200, an AI-crunching monster GPU that may speed up ChatGPT
The H200 will likely power the next generation of AI chatbots and art generators.
CSO
Eclypsium launches supply chain security guide to track risks and incidents
The guide offers supply chain risk intelligence for IT infrastructure including endpoints, servers, network devices, and cloud infrastructure products.
Ars Technica
Elon Musk’s new AI model doesn’t shy from questions about cocaine and orgies
xAI positions sarcastic AI assistant to counterbalance buttoned-up ChatGPT.
Ars Technica
“Catastrophic” AI harms among warnings in declaration signed by 28 nations
"Bletchley Declaration" sums up first day of UK's international AI Safety Summit.
Ars Technica
US surprises Nvidia by speeding up new AI chip export ban
Nvidia tried to end-run restrictions with new designs, but US govt said not so fast.
Ars Technica
Eureka: With GPT-4 overseeing training, robots can learn much faster
GPU-based physics simulator speeds up reality by "1,000x" while GPT-4 calls the shots.
Ars Technica
Tired of shortages, OpenAI considers making its own AI chips
At an estimated 4 cents per ChatGPT query, OpenAI looks for cheaper AI chip solutions.
Cyber Security News
OpenAI is reportedly developing its Own AI chips
The maker of ChatGPT, OpenAI, is looking at making its own artificial intelligence chips, which are necessary for operating the highly popular chatbot.
The Record
China-based spies are hacking East Asian semiconductor companies, report says
Researchers at EclecticIQ attributed the campaign to a China-based group known as Budworm or APT27. The hacking campaign involved lures citing a major Taiwan microchip manufacturer.
Cyber Security News
New GPU Side Channel Vulnerability Impacts GPUs from Intel, AMD, Apple & Nvidia
A new research paper has been published that mentions a side-channel attack to leak sensitive visual data from modern GPU cards when visiting a malicious website.
Bleeping Computer
Modern GPUs vulnerable to new GPU.zip side-channel attack
Researchers from four American universities have developed a new GPU side-channel attack that leverages data compression to leak sensitive visual data from modern graphics cards when visiting web pages.
The Hacker News
Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data
Your GPU might be leaking data. GPU Side-Channel Vulnerability Exposes Modern GPUs to Data Leakage. Learn how this could impact your online privacy.
SecurityWeek
New GPU Side-Channel Attack Allows Malicious Websites to Steal Data
GPUs from AMD, Apple, Arm, Intel, Nvidia and Qualcomm are vulnerable to a new type of side-channel attack named GPU.zip.
Loading more articles....