Security News

According to a recent Gartner survey, widespread GenAI adoption has resulted in a scramble to provide audit coverage for potential risks arising from the technology's use. In this Help Net Security video, Thomas Teravainen, a Research Specialist at Gartner, discusses how AI-related risks have seen the biggest increases in audit plan coverage in 2024.

As an Application Security Engineer, you will work on the security engineering team and collaborate with other IT professionals to ensure that user data is protected. You will be responsible for cybersecurity monitoring and analysis of the customer infrastructures, as well as investigating any security issues or breaches.

A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score...

GSM Association's Fraud and Security Group has published the first version of a framework for describing, in a structured way, how adversaries attack and use mobile networks, based on the tactics, techniques and procedures that they use.The Mobile Threat Intelligence Framework is focused on mobile network-related attacks that are not already covered by existing public frameworks like MITRE ATT&CK and MITRE FiGHT. In scope are 2G, 3G, 4G, 5G, including all kind of telecommunication service enablers and future mobile technology evolutions.

Patch Tuesday Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we've been told another hole is under attack, too. Trend Micro's Zero Day Initiative says a separate vulnerability, spotted and reported by bug hunter Peter Girrus, was under attack in the wild before Microsoft issued a patch this week.

Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially tag them as such. "Just as we did in 2022, we immediately reported our findings to the Microsoft Security Response Center. After validating our discovery, the team at Microsoft has added the relevant files to its revocation list," Budd said.

Threat actors can exploit a security vulnerability in the Rust standard library to target Windows systems in command injection attacks. Tracked as CVE-2024-24576, this flaw is due to OS command and argument injection weaknesses that can let attackers execute unexpected and potentially malicious commands on the operating system.

On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn't marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro's Zero Day Initiative, has found being leveraged by attackers in the wild. Microsoft has fixed 24 vulnerabilities that may allow attackers to bypass Windows Secure Boot, a security feature that aims to prevent malware from loading when PCs boot up.

Microsoft has released the KB5036892 cumulative update for Windows 10 21H2 and Windows 10 22H2 with twenty-three changes and two new features. KB5036892 is a mandatory Windows 10 cumulative update containing Microsoft's April 2024 Patch Tuesday security updates.

Non-profit healthcare service provider Group Health Cooperative of South Central Wisconsin has disclosed that a ransomware gang breached its network in January and stole documents containing the personal and medical information of over 500,000 individuals. "On February 9, 2024, during our investigation, we discovered indications that the attacker had copied some of GHC-SCW's data, which included protected health information. Our discovery was confirmed when the attacker, a foreign ransomware gang, contacted GHC-SCW claiming responsibility for the attack and stealing our data."