Security News

The failure of LLMs to live up to their hype will be the story of 2024, as generic models become relegated to consumer-centric applications and enterprise users turn to smaller, more targeted AI models, purpose-built to meet their business needs. Recognizing the value of the data they hold, companies will seek to secure it by taking a "Hybrid cloud by design" approach, rather than "Hybrid cloud by default." Ultimately, data protection will emerge as a key pillar in a successful AI strategy, and companies will move towards prioritizing AI solutions that are trustworthy and responsible.

A major T-Mobile outage is preventing customers from logging into their accounts and using the company's mobile app. T-Mobile users trying to access their accounts receive an error warning that the mobile carrier's website has been "Unplugged."

Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a...

Under the agreement [PDF], eBay admits responsibility for the actions of six of its former employees, and a contractor, all of whom previously pleaded guilty to physically and electronically harassing Ina and David Steiner. Ina and David Steiner in 1999 co-founded EcommerceBytes, a website and newsletter that reports on and scrutinizes ecommerce companies, including eBay.

Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication. Based on statitics from wordpress.org, there are roughly 150,000 sites that run a vulnerable version of the plugin that is lower than 2.8.

Popular athleisure clothing brand Halara is investigating a data breach after the alleged data of almost 950,000 customers was leaked on a hacking forum. Halara told BleepingComputer that it is aware that customer data was allegedly stolen and leaked online and is investigating a potential breach.

Microsoft is now testing support for the USB4 Version 2.0 specification in Windows 11, enabling transfer speeds of up to 80 Gbps over USB Type-C cables. USB 80Gbps is now being tested in the Windows 11 Insider Preview Build 23615, which was released today in the Dev Channel.

The open-source Bitwarden password manager has announced that all users can now log into their web vaults using a passkey instead of the standard username and password pairs. "This technology sources an encryption key from a passkey in relation to a particular site, which can then be used to reliably encrypt and decrypt data" - Bitwarden.

Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass. As Microsoft explains, this happens because instead of displaying a CBS E INSUFFICIENT DISK SPACE error when the WinRE partition is not large enough, Windows Update incorrectly says the generic "0x80070643 - ERROR INSTALL FAILURE" error message instead. ?This happens because the WinRE image file deployed when installing the KB5034441 security update is too large for the recovery partition.

A little over 6,700 WordPress websites using a vulnerable version of the Popup Builder plugin have been infected with the Balada Injector malware in a campaign that launched in mid-December. Initially documented by researchers at Dr. Web who observed coordinated attack waves leveraging known flaws in WordPress themes and addons, it was later discovered that Balada Injector was a massivee operation running since 2017 that had compromised more than 17,000 WordPress sites.