Tag: technews

Critical Vulnerability Alert: VMware Aria Operations Networks at Risk from Remote Attacks Aria Operations for Networks updates fix two security vulnerabilities that could be used to bypass authentication and gain remote code execution. The most severe of the flaws, CVE-2023-34039, relates to a case of authentication bypass arising as a result of a lack of…

Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits Several reports have come up describing exploits for vulnerabilities in Juniper’s firewalls, Openfire, and Apache RocketMQ servers. Among them is a vulnerability in Openfire that allows attackers to gain remote code execution. Cisco has acknowledged the attacks, noting that the threat actors may…

PoC Exploit Released for Critical VMware Aria’s SSH Auth Bypass Vulnerability This week, VMware releases a proof-of-concept exploit that lets attackers gain access to its network control tools by exploiting a previously patched flaw. The company patches a flaw that allows an attacker to perform man-in-the-middle virtual machine operations without requiring a root password. It…

Chinese-Speaking Cybercriminals Launch Large-Scale iMessage Smishing Campaign in U.S. A new large-scale smishing campaign is targeting the U.S. by sending iMessages from compromised Apple iCloud accounts with the aim to conduct identity theft and financial fraud. The cybercrime group, dubbed Smishing Triad, is also said to be in the business of fraud-as-a-service. According to Resecurity,…

Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus This new antivirus evasion technique involves embedding a malicious Microsoft Word file into a PDF file. The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023. However, instead of…

Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising The threat of hijacking business accounts on Facebook is here to stay, says ThreatLabz. Cyber attacks against business and Facebook accounts have gained popularity over the past year, courtesy of activity clusters such as Ducktail and NodeStealer. With businesses now using social media for advertising, attackers have…

Everything You Wanted to Know About AI Security but Were Afraid to Ask In this session, we’ll go beyond the hype and find out if and how AI impacts your cybersecurity strategy. We cover topics such as generative AI, neural networks, supervised ML, and unsupervised ML. Generative AI applications include ChatGPT, Bing, Bard, Dall-E, and…

X (Twitter) to Collect Biometric Data from Premium Users to Combat Impersonation In an effort to combat fraud and impersonation, Twitter.X, the social media site formerly known as Twitter, has updated its privacy policy to collect users’ biometric data to prevent fraud and imposters. The company claims that this new feature will help it fight…

Hackers Exploit MinIO Storage System Vulnerabilities to Compromise Servers The intrusion leveraged a publicly available exploit chain to backdoor the MinIO instance. The threat actor then executed a deceptive update which replaces the authentic MinIO binary with its evil counterpart, the attacker seals the compromise of the system. This dynamic approach underscores the threat actor’s…

The Battle Over Books3 Could Change AI Forever That summer, Presser and his colleagues spend hours poring over papers about GPT-3 and strategizing about how to best approximate its training data sets. He sees it as aligned with the open source movement, a way to democratize access to the kind of data sets OpenAI was…