Security News > 2024

As large language models become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive. Successful prompt injection attacks can lead to cross-plugin request forgery, cross-site scripting and training data extraction, each of which put company secrets, personal user data and essential training data at risk.

Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important...

Fly Catcher is an open-source device that can detect aircraft spoofing by monitoring for malicious ADS-B signals in the 1090MHz frequency. "Throughout this project, I realized that finding which AI model to detect for a spoofed aircraft depended greatly on the situation. For instance, I learned that a Neura Network was the optimal model for detecting for obvious"script kiddie" aircraft.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This...

In this Help Net Security video, Nick Carroll, Cyber Incident Response Manager at Raytheon, discusses how while organizations will be challenged to strengthen their defenses faster than cyber...

A team of computer scientists led by the University of Massachusetts Amherst recently announced a new method for automatically generating whole proofs that can be used to prevent software bugs and verify that the underlying code is correct. "Reducing bugs in software, or even producing bug-free software, has been a holy grail of systems building for decades unfortunately, the state-of-the-practice in our society is that we expect all software to have bugs. Building bug-free software is just an incredibly difficult challenge."

Nigerian man Olugbenga Lawal was sentenced on Monday to 10 years and one month in prison for conspiring to launder millions stolen from elderly victims in internet fraud schemes. Lawal worked directly with the Nigeria-based leader of the Nigerian Black Axe organized crime group, one of the world's most dangerous crime syndicates, which he was also a member of.

The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. "Today the SEC grants approval to Bitcoin ETFs for listing on registered national security exchanges," read the fake X post.

Patch Tuesday Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge. "And while it's listed as exploitation less likely, because Hyper-V runs as the highest privileges in a computer, it is worth thinking about patching," Ben McCarthy, lead cyber security engineer at Immersive Labs told The Register.

Breaking The SEC today said its Twitter/X account was hijacked to wrongly claim it had approved hotly anticipated Bitcoin ETFs, causing cryptocurrency to spike and then slip in price. In a now-deleted tweet shared in the past hour, the American financial regulator appeared to say: "Today the SEC grants approval for #Bitcoin ETFs for listing on all registered national securities exchanges. The approved Bitcoin ETFs will be subject to ongoing surveillance and compliance measures to ensure continued investor protection."