Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

US Offers $10M Reward for Information on North Korean Hacker

The individual is part of a DPRK-backed group known as Andariel, which is known for using the 'Maui' ransomware strain to target and extort healthcare entities.

DARKReading
Open in Source
#intel#auth
Nvidia Embraces LLMs & Commonsense Cybersecurity Strategy

Nvidia doesn't just make the chips that accelerate a lot of AI applications — the company regularly creates and uses its own large language models, too.

Distributing Security Responsibilities (Responsibly)

Outlining the wider organization's proactive role in fortifying the security program allows the security team to focus on the most pressing issues that only they can solve.

Could Intel Have Fixed Spectre & Meltdown Bugs Earlier?

Intel works closely with academic researchers on hardware flaws and coordinates efforts with other vendors to roll out fixes for emerging vulnerabilities. That wasn't always the case.

This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level. Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, described the crimeware solution as a "sophisticated AI-powered phishing-as-a-service platform"

A North Korean Hacker Tricked a US Security Vendor Into Hiring Him—and Immediately Tried to Hack Them

KnowBe4 detailed the incident in a recent blog post as a warning for other potential targets.

Offensive AI: The Sine Qua Non of Cybersecurity

"Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo. In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Internet. The message, which read "I'm the Creeper: catch me if you can." was the output of a program named

Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining

Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of Selenium (3.141.59 and prior), is believed to be underway since at least April 2023. "Unbeknownst to most

CrowdStrike Warns of New Phishing Scam Targeting German Customers

CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers as part of a highly targeted campaign. The cybersecurity company said it identified what it described as an unattributed spear-phishing attempt on July 24, 2024, distributing an inauthentic CrowdStrike Crash Reporter

Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk

Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier. "In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code