Security News

Malicious actors can leverage prompt injection techniques to generate unintended and potentially harmful outcomes by distorting the reality in which the LLM operates. The road to implementing LLM agents, particularly those interfacing with external tools and systems, is not without challenges.

The EMBA open-source security analyzer is tailored as the central firmware analysis tool for penetration testers and product security groups. It assists throughout the security evaluation procedure, extracting firmware, conducting static and dynamic analysis through emulation, and creating a web-based report.

Ransomware attacks continue at a record-breaking pace, with Q3 2023 global ransomware attack frequency up 11% over Q2 and 95% year-over-year, according to Corvus Insurance. Companies scramble to integrate immediate recovery into ransomware plans.

Cloud transformation is increasingly funded by non-IT stakeholders, emphasizing its place as a broader enterprise transformation rather than solely an IT endeavor. Only 32% of cloud initiatives are funded by IT stakeholders, challenging the perception of cloud transformation solely as an IT-centric journey.

Following an investigation into the impact of the security breach, Xfinity discovered on November 16 that the attackers also exfiltrated data belonging to 35,879,455 people from its systems."To protect your account, we have proactively asked you to reset your password. The next time you login to your Xfinity account, you will be prompted to change your password, if you haven't been asked to do so already," the company says in a data breach notice published on its website.

Following an investigation into the impact of the security breach, Xfinity discovered on November 16 that the attackers also exfiltrated data belonging to an undisclosed number of customers from its systems. "After additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords; for some customers, other information may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, the data analysis is continuing," the company said.

Hacktivists reportedly disrupted services at about 70 percent of Iran's gas stations in a politically motivated cyberattack. Iran's oil minister Javad Owji confirmed on Monday the IT systems of the nation's petrol stations had been attacked as Iranian media told of long queues at the pumps and traffic jams - particularly in Tehran - as folks tried and failed to fill up.

The KB5033375 cumulative update released during the December 2023 Patch Tuesday causes Wi-Fi connectivity issues on some Windows 11 devices. As a temporary solution, users affected by this issue are advised to uninstall the KB5033375 Windows 11 December cumulative update and the related KB50532288 optional preview update.

Mortgage lender Mr Cooper has now admitted almost 14.7 million people's private information, including addresses and bank account numbers, were stolen in an earlier IT security breach, which is expected to cost the business at least $25 million to clean up. In notifications filed with the US states of California and Maine on Friday, the mortgage giant revealed that scope of the cyberattack was much worse than it believed: highly personal records belonging to millions were snatched by one or more miscreants.

Four vulnerabilities, one of which is rated critical, have been discovered in the Perforce Helix Core Server, a source code management platform widely used by the gaming, government, military, and technology sectors. The four flaws discovered by Microsoft mainly involve denial of service issues, with the most severe allowing arbitrary remote code execution as LocalSystem by unauthenticated attackers.