Security News
In a report published on Tuesday, Google TAG named eleven commercial spyware vendors and their products - some of them more and some less known. Apart from commercial surveillance vendors and private sector offensive actors, other actors on the spyware market include vulnerability researchers and exploit developers, government customers, and brokers that act as intermediaries between these groups.
JetBrains is encouraging all users of TeamCity to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool. The vulnerability only requires attention for admins of on-prem servers since TeamCity Cloud has already been patched.
Abstract: Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alternative objectives when given the opportunity. If an AI system learned such a deceptive strategy, could we detect it and remove it using current state-of-the-art safety training techniques? To study this question, we construct proof-of-concept examples of deceptive behavior in large language models.
2024 will be the year of the vCISO. An incredible 45% of MSPs and MSSPs are planning to start offering vCISO services in 2024. As an MSP/MSSP providing vCISO services, you own the organization’s...
JetBrains has patched a critical authentication bypass vulnerability affecting TeamCity On-Premises continuous integration and deployment servers. CVE-2024-23917 could allow an unauthenticated threat actor with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative privileges on the server.
CVE-2024-21893, a server-side request forgery vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure, is being exploited by attackers.Its existence, along with that of CVE-2024-21888, a privilege escalation vulnerability affecting the same Ivanti Connect Secure and Policy Secure versions, was revealed by Ivanti in late January.
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse...
The commercial spyware economy - despite government and big tech's efforts to crack down - appears to be booming. The US government added commercial spyware makers Intellexa and Cytrox to its Entity List, after placing similar export restrictions on NSO Group in 2021.
Chinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "This [computer network] was used for unclassified...
According to recent surveys, 98% of organizations keep their financial, business, customer and/or employee information in the cloud but, at the same time, 95% of cloud security professionals are not sure their security protections and their team would manage to detect and respond to security threats or incidents affecting their cloud infrastructure. Cloud misconfiguration errors may grant attackers unauthorized access to system functions and sensitive data, and have the potential to harm the integrity and security of the organization's cloud.