Security News > 2024 > March
When tech billionaires and corporations steer AI, we get AI that tends to reflect the interests of tech billionaires and corporations, instead of the public. To benefit society as a whole we need an AI public option-not to replace corporate AI but to serve as a counterbalance-as well as stronger democratic institutions to govern all of AI. Like public roads and the federal postal system, a public AI option could guarantee universal access to this transformative technology and set an implicit standard that private services must surpass to compete.
GitHub on Wednesday announced that it's making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort...
ManageEngine RMM Central: This software package provides system discovery and documentation, automated monitoring, patch management, remote control, and mobile device management for use by managed service providers. RMM software makes a huge difference in the field of system support.
Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability to deliver ransomware, cryptominers and remote access trojans, according to Trend Micro researchers. CVE-2024-27198, an authentication bypass vulnerability affecting the TeamCity server, has been disclosed and fixed in early March, along with CVE-2024-27199 - a directory traversal vulnerability in the same instance.
When you read reports about cyber-attacks affecting operational technology (OT), it’s easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all...
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging...
On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. Synacktiv won the Tesla Model 3 and $200,000 after hacking the Tesla ECU with Vehicle CAN BUS Control in under 30 seconds using an integer overflow.
Chinese upstarts are selling smartphone motherboards - and kit to run and manage them at scale - to operators of outfits that use them to commit various scams and crimes, according to an undercover investigation by state television broadcaster China Central Television revealed late last week. The report shows what appear to be chassis filled with 20 smartphone motherboards each, wired to a monitor that displays the screens of all 20 units.
Even fake data breaches can have real repercussions. Epic Games, maker of Fortnite was a victim of a fake data breach by a cybercrime group that claimed without evidence it had absconded source code and sensitive user data.
WebCopilot is an open-source automation tool that enumerates a target's subdomains and discovers bugs using various free tools. Subdomain enumeration: It leverages tools like Assetfinder, Subfinder, Amass, and httpx to comprehensively discover subdomains.