Security News
Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327, impacts Report Server version 2024 Q2 and earlier.
Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices. As a server-based reporting platform, Telerik Report Server provides centralized storage for reports and the tools needed to create, deploy, deliver, and manage them across an organization.
Distributed Denial of Service attacks continue to be cybercriminals' weapon of choice, making up over 37% of all mitigated traffic. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks.
After publication of my "Kryptonite" article about a prompt that crashes many AI chatbots, I began to get a steady stream of emails from readers - many times the total of all reader emails I'd received in the previous decade. Disappointingly, too many of them consisted of little more than a request to reveal the prompt so that they could lay waste to large language models.
Security in brief It's been a week of bad cyber security revelations for OpenAI, after news emerged that the startup failed to report a 2023 breach of its systems to anybody outside the organization, and that its ChatGPT app for macOS was coded without any regard for user privacy. According to an exclusive report from the New York Times, citing a pair of anonymous OpenAI insiders, someone managed to breach a private forum used by OpenAI employees to discuss projects early last year.
Improved cyber hygiene among businesses has led to a reduction in cyber insurance premiums by 15% worldwide over the last two years, a new report from Howden Insurance Brokers has found. "Sarah Neild, head of cyber retail U.K. at Howden, explained why the cost of cyber insurance has declined. She told TechRepublic in an email,"Increased risk awareness off the back of persistent and high-profile attacks is one reason.
More than half of open-source projects contain code written in a memory-unsafe language, a report from the U.S.'s Cybersecurity and Infrastructure Security Agency has found. "Hence, we determine that most critical open source projects analysed, even those written in memory-safe languages, potentially contain memory safety vulnerabilities," wrote the authors.
A scathing report by Australia's Information Commissioner details how misconfigurations and missed alerts allowed a hacker to breach Medibank and steal data from over 9 million people. In October 2022, Australian health insurance provider Medibank disclosed that it had suffered a cyberattack that disrupted the company's operations.
Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of...
A new report from Mandiant, part of Google Cloud, reveals that a financially motivated threat actor named UNC5537 collected and exfiltrated data from about 165 organizations' Snowflake customer instances. Snowflake is a cloud data platform used for storing and analyzing large volumes of data.