Tag Archives: cybersecurity

Search Engine Journal: Critical WordPress Form Plugin Vulnerability Affects Up To +200,000 Installs

Posted on by
Reply

Search Engine Journal: Critical WordPress Form Plugin Vulnerability Affects Up To +200,000 Installs. “Security researchers at Wordfence detailed a critical security flaw in the MW WP Form plugin, affecting versions 5.0.1 and earlier. The vulnerability allows unauthenticated threat actors to exploit the plugin by uploading arbitrary files, including potentially malicious PHP backdoors, with the ability to execute these files on the server.”

Axios: Ex-Twitter exec claims X fired him for raising security concerns

Posted on by
Reply

Axios: Ex-Twitter exec claims X fired him for raising security concerns. “Twitter’s former global head of information security accused X in a lawsuit Wednesday of wrongly firing him for raising concerns about Musk’s budget cuts following the Elon Musk-led takeover.”

New 4-Year Construction Project To Create an Open Cybersecurity Testbed: SPHERE (USC Viterbi School of Engineering)

Posted on by
Reply

USC Viterbi School of Engineering: New 4-Year Construction Project To Create an Open Cybersecurity Testbed: SPHERE. “To foster innovative cybersecurity and privacy research and experimentation that leads to new defensive systems and protections, a team of researchers from ISI’s Networking and Cybersecurity Division and Northeastern University are constructing an open testbed called SPHERE: Security and Privacy Heterogeneous Environment for Reproducible Experimentation. The National Science Foundation recently awarded the ISI-led team with an $18 million Mid-Scale Research Infrastructure-1 award to fund the construction.”

404 Media: Asking ChatGPT to Repeat Words ‘Forever’ Is Now a Terms of Service Violation

Posted on by
Reply

404 Media: Asking ChatGPT to Repeat Words ‘Forever’ Is Now a Terms of Service Violation. “Asking ChatGPT to repeat specific words ‘forever’ is now flagged as a violation of the chatbot’s terms of service and content policy. Google DeepMind researchers used the tactic to get ChatGPT to repeat portions of its training data, revealing sensitive privately identifiable information (PII) of normal people and highlighting that ChatGPT is trained on randomly scraped content from all over the internet.”

North Carolina State University: AI Networks Are More Vulnerable to Malicious Attacks Than Previously Thought

Posted on by
Reply

North Carolina State University: AI Networks Are More Vulnerable to Malicious Attacks Than Previously Thought . “Artificial intelligence tools hold promise for applications ranging from autonomous vehicles to the interpretation of medical images. However, a new study finds these AI tools are more vulnerable than previously thought to targeted attacks that effectively force AI systems to make bad decisions.”

Inside Job: How a Hacker Helped Cocaine Traffickers Infiltrate Europe’s Biggest Ports (OCCRP)

Posted on by
Reply

OCCRP: Inside Job: How a Hacker Helped Cocaine Traffickers Infiltrate Europe’s Biggest Ports. “Europe’s commercial ports are top entry points for cocaine flooding in at record rates. The work of a Dutch hacker, who was hired by drug traffickers to penetrate port IT networks, reveals how this type of smuggling has become easier than ever.”

ZDNet: You should probably update your Google Chrome browser this weekend

Posted on by
Reply

ZDNet: You should probably update your Google Chrome browser this weekend. “If you are one of the millions of worldwide Chrome users, it’s time for yet another update. That’s right, a sixth zero-day exploit has been discovered in Chrome and, fortunately, the update was released shortly after.”

New York Times: Inside U.S. Efforts to Untangle an A.I. Giant’s Ties to China

Posted on by
Reply

New York Times: Inside U.S. Efforts to Untangle an A.I. Giant’s Ties to China. “American spy agencies have warned about the Emirati firm G42 and its work with large Chinese companies that U.S. officials consider security threats.”

Europol: International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war

Posted on by
Reply

Europol: International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war. “In an unprecedented effort, law enforcement and judicial authorities from seven countries have joined forces with Europol and Eurojust to dismantle and apprehend in Ukraine key figures behind significant ransomware operations wreaking havoc across the world. The operation comes at a critical time, as the country grapples with the challenges of Russia’s military aggression against its territory.”

Associated Press: Congressmen ask DOJ to investigate water utility hack, warning it could happen anywhere

Posted on by
Reply

Associated Press: Congressmen ask DOJ to investigate water utility hack, warning it could happen anywhere. “Three members of Congress have asked the U.S. Justice Department to investigate how foreign hackers breached a water authority near Pittsburgh, prompting the nation’s top cyberdefense agency to warn other water and sewage-treatment utilities that they may be vulnerable.”

Vice: It Sure Looks Like a Hacking Campaign Messed Up People’s Spotify Wrapped

Posted on by
Reply

Vice: It Sure Looks Like a Hacking Campaign Messed Up People’s Spotify Wrapped. “Every year, Spotify Wrapped provides a rundown of everything its users listened to over the past year. It’s a fun, and sometimes embarrassing, reminder of the music that dominated your life. Excitement turned to confusion this year when some users got their Wrapped roundup only to discover their lists taken over by an artist they weren’t listening to: Lil Durk.”

Bleeping Computer: Google Chrome emergency update fixes 6th zero-day exploited in 2023

Posted on by
Reply

Bleeping Computer: Google Chrome emergency update fixes 6th zero-day exploited in 2023. “Google has fixed the sixth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks. The company acknowledged the existence of an exploit for the security flaw (tracked as CVE-2023-6345) in a new security advisory published today.”

Bloomberg: Okta Says Hackers Stole Data for All Customer Support Users

Posted on by
Reply

Bloomberg: Okta Says Hackers Stole Data for All Customer Support Users. “Okta Inc. has discovered that hackers who breached its network two months ago stole information on all users of its customer support system — a scope far greater than the 1% of customers the company had previously said were affected.”

Carnegie Mellon University: Software Engineering Institute Establishes AI Security Incident Response Team

Posted on by
Reply

Carnegie Mellon University: Software Engineering Institute Establishes AI Security Incident Response Team . “The Software Engineering Institute at Carnegie Mellon University today announced the formation of the Artificial Intelligence Security Incident Response Team (AISIRT) to help ensure the safe and effective development and use of AI. AISIRT will analyze and respond to threats and security incidents emerging from advances in AI and machine learning (ML). The team will also lead research efforts in incident analysis and response and vulnerability mitigation involving AI and ML systems.”

CBS News: 2 N.J. emergency rooms diverting patients after Hackensack Meridian Health hit with potential cyber attack

Posted on by
Reply

CBS News: 2 N.J. emergency rooms diverting patients after Hackensack Meridian Health hit with potential cyber attack. “A ransomware attack on a health system in New Jersey is forcing two hospitals in the state to divert patients coming to their emergency rooms to other facilities. One of the hospitals is Hackensack Meridian Pascack Valley Medical Center in Westwood and the other is in Montclair.”