Security News
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws
Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices.
This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin
A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites. […]
Read MoreLazarus hackers drop new RAT malware using 2-year-old Log4j bug
The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka “Log4Shell,” this time to deploy three previously unseen malware families written in DLang. […]
Read MoreMicrosoft: Mystery Group Targeting Telcos Linked to Chinese APTs
Analysis shows evidence the previously unknown Sandman group shares backdoor malware with various Chinese APT groups.
Read MoreResponsibly Implementing AI, the Unstoppable Force
Balancing the good and bad of AI/ML means being able to control what data you’re feeding into AI systems and solving the privacy issues to securely enable generative AI.
Read MoreNew PoolParty Process Injection Techniques Outsmart Top EDR Solutions
A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems.
SafeBreach researcher Alon Leviev said the methods are “capable of working across all processes without any limitations, making them more flexible than existing process
ALPHV/BlackCat Takedown Appears to Be Law Enforcement Related
Threat intel sources confirm the ransomware group’s site has been shuttered by law enforcement.
Read MoreGetting gooey with GULOADER: deobfuscating the downloader
Elastic Security Labs walks through the updated GULOADER analysis countermeasures.
Read MoreGenerative AI Security: Preventing Microsoft Copilot Data Exposure
Microsoft Copilot has been called one of the most powerful productivity tools on the planet.
Copilot is an AI assistant that lives inside each of your Microsoft 365 apps — Word, Excel, PowerPoint, Teams, Outlook, and so on. Microsoft’s dream is to take the drudgery out of daily work and let humans focus on being creative problem-solvers.
What makes Copilot a different beast than ChatGPT and
15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack
New research has found that over 15,000 Go module repositories on GitHub are vulnerable to an attack called repojacking.
“More than 9,000 repositories are vulnerable to repojacking due to GitHub username changes,” Jacob Baines, chief technology officer at VulnCheck, said in a report shared with The Hacker News. “More than 6,000 repositories were vulnerable to repojacking due to account