Security News

The agency says cybercriminals already use AI for various purposes, and the phenomenon is expected to worsen over the next two years, helping increase the volume and severity of cyberattacks. The NCSC believes that AI will enable inexperienced threat actors, hackers-for-hire, and low-skilled hacktivists to conduct more effective, tailored attacks that would otherwise require significant time, technical knowledge, and operational effort.

New York-based global financial technology firm EquiLend says its operations have been disrupted after some systems were taken offline in a Monday cyberattack."On January 22, 2024, EquiLend identified a technical issue that placed portions of our systems offline," an EquiLend spokesperson told BleepingComputer today.

Google Pixel smartphone owners report problems after installing the January 2024 Google Play system update, being unable to access their devices internal storage, open the camera, take screenshots, or even open apps. The root cause is unknown but is likely a software issue with the January 2024 Play system update that Google hasn't pinpointed or fixed yet.

Horizon3's exploit takes advantage of age-old path traversal weaknesses in Tomcat-based applications where requests to vulnerable endpoints that contain /.;/ allow attackers to access forbidden pages, such as the admin account creation page in GoAnywhere MFT. If remote attackers exploit the same path traversal technique when submitting the form to create a new admin user, the account will be created, giving the bad guys admin privileges. Zach Hanley, chief attack engineer at Horizon3, said the clearest indicator of compromise would be noticing any new additions to the Admin Users group in the GoAnywhere MFT admin portal.

There are a few reasons why users resort to poor password practices, the main one being that the standard best practice advice does not align with with how people generate and remember passwords. Arbitrary password changes, such as requiring users to change their passwords every 90 days, are also still a common practice in some organizations as a security measure to mitigate the risk of unauthorized access to user accounts.

Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a...

Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits. Synacktiv Team took home $100,000 after successfully chaining three zero-day bugs to get root permissions on a Tesla Modem.

Proof-of-concept exploit code for a critical vulnerability in Fortra's GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. CVE-2024-0204 was privately reported by Mohammed Eldeeb and Islam Elrfai of Spark Engineering Consultants in early December 2023, and Fortra's GoAnywhere MFT customers got an advance warning with instructions on how to remediate the vulnerability.

Microsoft released the January 2024 preview update for Windows 11 versions 22H2 and 23H2, which comes with Bluetooth audio bug fixes and addresses 24 known issues. Tracked as KB5034204, this monthly non-security optional cumulative update will enable Windows admins to test improvements and fixes that will be pushed to all customers with the forthcoming February 2024 Patch Tuesday release.

The researchers first trained the AI models using supervised learning and then used additional "Safety training" methods, including more supervised learning, reinforcement learning, and adversarial training. If an AI system learned such a deceptive strategy, could we detect it and remove it using current state-of-the-art safety training techniques? To study this question, we construct proof-of-concept examples of deceptive behavior in large language models.